Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking

Mattijs Jonker, Anna Sperotto

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    1 Citation (Scopus)
    125 Downloads (Pure)


    Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service‿ (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.
    Original languageUndefined
    Title of host publicationProceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015
    EditorsSteven Latré, Marinos Charalambides, Jérôme François, Corinna Schmitt, Burkhard Stiller
    Place of PublicationSwitzerland
    Number of pages5
    ISBN (Print)978-3-319-20033-0
    Publication statusPublished - Jun 2015

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer International Publishing
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    • EWI-26426
    • OpenFlow
    • Software Defined Networking
    • METIS-315011
    • Attack mitigation
    • DDoS attacks
    • IR-98390

    Cite this