Detection and Mitigation Distributed Denial of Service Attack in Software Defined Network

Software-Defined Networking (SDN) is an approach to network management that separates the control plane from the data plane of the network. In an SDN network, the control plane is centrally controlled by software called a "controller," while the data plane consists of physical network devices such as switches and routers. However, this separation creates many security issues. Therefore, it is imperative to protect the network from various attacks. Distributed Denial of Service (DDoS) is one such attack that poses a hurdle for SDN users. Efforts to protect the SDN network from DDoS attacks require a system that can detect and prevent these attacks. In this final project, a system is created that detects DDOS attacks using Snort IDS (Intrusion Detection System) and prevents them by implementing a firewall on the server using Iptables. The implementation of Snort in the SDN system is able to detect DDoS attacks with an accuracy of 95% for slowhttptest attacks, 90% for slowloris attacks, and 100% for LOIC attacks. The average time to detect a slowhttptest attack is 0.72 seconds, a slowloris attack is 0.36 seconds, and a LOIC attack is 0.3 seconds. The implementation of iptables in the SDN system is able to block DDoS attacks with an average blocking time of 0.91 seconds against slowhttptest attacks, 1.89 seconds against slowloris attacks, and 0.77 seconds against LOIC attacks, and the system is able to manage large connection volumes to maintain the availability of the SDN system.