Detection and mitigation of UDP flooding attack in a multicontroller software defined network using secure flow management model

Summary Software‐Defined Networking (SDN) simplifies the network management and provides a way to virtualize, configure, and manage the network infrastructure centrally. The central management has been exhibited by reinforcing an SDN controller, which separates the network data plane from the control functions and is responsible for managing the flows. Distributed Denial‐of‐Service (DDoS) attacks are the most threatening issue among many security attacks, and it makes the services unavailable in a network. The flow management done by the controller is disrupted when one or more malicious host flood User Datagram Protocol (UDP) packets in the network, focusing on exhausting the bandwidth of the controller. It results in degrading the performance of the controller, leading to control plane saturation. A Secure Flow Management model (SFM), which dynamically identifies and mitigates the UDP flooding attack in a multicontroller SDN has been proposed. The proposed model is a practically applicable defense mechanism against volumetric attack, and it tries to secure the control plane bandwidth. The SFM has been experimented as an extension of the RYU controller and has exploited the attack under different traffic scenarios. Further, an analysis has been made on response time and the CPU utilization taken by the controller to recover from the DoS attack.