Detecting and Preventing DDoS Attacks in SDN-Based Data Center Networks

Distributed denial-of-service (DDoS) attacks are deemed a serious threat to Internet services. A common solution to mitigate the attacks is to redirect traffic to scrubbing centers (SCs) for traffic classification and DDoS filtering. However, the capacity and locations of SCs should be pre-determined, and traffic redirection to SCs also give rise to extra network footprint and long latency. In this work, we present a solution based on network function virtualization (NFV) to launch scrubbing functions on demand and software-defined networking (SDN) to redirect traffic to these functions. We propose a lightweight probing strategy to identify anomalous traffic and the victim, and allocate virtual scrubbing functions close to the victim to minimize network footprint and network latency. We simulate a proof-of-concept design in Mininet to demonstrate its operation. The evaluation shows 96.6% of DDoS packets can be mitigated with the response time of one second.