Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments:

A Survey, Some Research Issues, and Challenges

IEEE Communications Surveys & Tutorials

Qiao Yan¹    F. Richard Yu²    Qingxiang Gong¹    Jianqiang Li¹

¹Shenzhen University    ²Carleton University

Abstract

Distributed denial of service (DDoS) attacks in cloud computing environments are growing due to the essential characteristics of cloud computing. With recent advances in softwaredefinednetworking (SDN),SDN-basedcloudbrings us new chances to defeat DDoS attacks in cloud computing environments. Nevertheless, there is a contradictory relationship between SDN and DDoS attacks. On one hand, the capabilities of SDN, including software-based traffic analysis, centralized control, global view of the network, dynamic updating of forwarding rules, make it easier to detect and react to DDoS attacks. On the other hand, the security of SDN itself remains to be addressed, and potential DDoS vulnerabilities exist across SDN platforms. In this paper, we discuss the new trends and characteristics of DDoS attacks in cloud computing, and provide a comprehensive survey of defense mechanisms against DDoS attacks using SDN. In addition, we review the studies about launching DDoS attacks on SDN, as well as the methods against DDoS attacks in SDN. To the best of our knowledge, the contradictory relationship between SDN andDDoS attacks has not been well addressed in previous works. This work can help to understand how to make full use of SDN’s advantages to defeat DDoS attacks in cloud computing environments and how to prevent SDN itself from becoming a victim of DDoS attacks, which are important for the smooth evolution of SDN-based cloud without the distraction of DDoS attacks.

Index Terms—Software-defined networking (SDN), distributed denial of service attacks (DDoS), cloud computing.

Fig. 1. The road map of this paper.

Fig. 2. High-level overview of the SDN architecture.

Fig. 5. A classification of the defense mechanisms against DDoS attacks using SDN.

Fig. 6. Source-based mechanisms using SDN.

Fig. 8. Potential DDoS attacks can be launched on the three layers of the SDN’s architecture.

Acknowledgements

The authors would like to thank the editors and reviewers for their careful examination of the manuscript and valuable comments, which have greatly helped to improve the quality of the paper.

Bibtex

@article{2016Software,
  title={Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges},
  author={ Yan, Q.  and  Yu, R.  and  Gong, Q.  and  Li, J. },
  journal={IEEE Communications Surveys & Tutorials},
  volume={18},
  number={1},
  pages={602-622},
  year={2016},
}

Downloads