Abstract

It is without a doubt that both the controller and switch of an SDN are vulnerable to Distributed Denial of Service (DDoS) attacks. Typically, this ilk of attacks targets the flow table of the deployed network switches with the aim of producing overloading, high network delays, and consume bandwidth. Motivated by this fact, in this paper, we propose a lightweight scheme which is based on a set of rules to efficiently characterize packets send to a network switch as malicious or not. Through testbed experimentation and comparison with legacy DDoS protection schemes, we demonstrate that our solution performs significantly better when it comes to SDN ecosystem of mobile users.