Loading…

Emerging DDoS attack detection and mitigation strategies in software-defined networks: Taxonomy, challenges and future directions

Software-defined networking (SDN) is a network paradigm that decouples control and data planes from network devices and places them into separate entities. In SDN, the controller is responsible for controlling the logic of the entire network while network switches become forwarding elements that fol...

Full description

Saved in:
Bibliographic Details
Published in:Journal of network and computer applications 2021-08, Vol.187, p.103093, Article 103093
Main Authors: Valdovinos, Ismael Amezcua, Pérez-Díaz, Jesús Arturo, Choo, Kim-Kwang Raymond, Botero, Juan Felipe
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-defined networking (SDN) is a network paradigm that decouples control and data planes from network devices and places them into separate entities. In SDN, the controller is responsible for controlling the logic of the entire network while network switches become forwarding elements that follow rules to dispatch flows. There are, however, several limitations in such a paradigm, as compared to conventional networking. For example, the controller is sensitive to a broad range of attacks, including distributed denial of service (DDoS) attacks. In this paper, we provide a systematic survey of existing DDoS detection and mitigation strategies in SDN. Based on the review of articles published between 2013 and May 2020, we provide a taxonomy of DDoS detection strategies (e.g., statistical, SDN architecture, and machine learning) and emerging approaches (e.g., network function virtualization, blockchain, honeynet, network slicing, and moving target defense). We also discuss existing challenges associated with SDN security and the implementation of security solutions, prior to identifying future research opportunities. •A taxonomy of cyberattack mitigation in software-defined networks.•Machine learning, blockchain, honeynet, statistical & SDN protocol specifications.•Application plane security challenges.•Control plane security challenges.•SDN research challenges associated with blockchain, machine learning, etc.
ISSN:1084-8045
1095-8592
DOI:10.1016/j.jnca.2021.103093