Detection and mitigation of link flooding-based DDoS attacks on a software defined network using network function virtualisation

Software defined networks (SDNs) are emerging as the first choice for network administrators due to their agility, modularity and dynamism. Network operators can change the network topology, routes and other parameters as per their current requirement. Like traditional computer networks SDNs are also prone to various denial of service attacks (DDoS). Link flooding attacks are a class of DDoS attack that aims to choke crucial network connections and can fully detach the victim from the network. In this paper we have discussed two link flooding-based denial of service attacks, namely Coremelt and Crossfire, in the context of SDN along with the possible mitigation. These attacks are aimed at disconnecting services from the network. We demonstrate the usage of network function virtualisation along with SDN features to mitigate these attacks by recreating replicas of the services under attack and connecting them to the network.