Towards Detection and Mitigation of Traffic Anomalies in SDN

Abstract

In recent years, Software Defined Networking (SDN) has gained tremendous growth in networks. SDN removes the vertical integration of the networking elements and decouples the control plane from the data plane. Due to this separation, the decision-making is shifted to a centralized controller whereas, data plane devices become simple forwarding elements. This feature of SDN makes network management straightforward and provides high-level programming abstractions. Since the decision-making is shifted to a centralized controller thus, only programmable switches are used in this paradigm. For a new packet, forwarding elements send a Packet_IN message to the SDN controller. In response to this request, the controller generates a Packet_OUT message to install the flow rule entry for the incoming packet. It is worth mentioning here that the controller has no idea about the network traffic; therefore, it may install the flow rules against the anomaly traffic, reducing the overall network performance. In this paper, we propose a detection and mitigation of traffic anomalies in SDN (DMTA-SDN) where a signature-based Intrusion Detection System (IDS) is used with the controller. In case of anomalies in the traffic, the IDS communicates with the controller with the help of an external application, and the controller removes the flow rules against anomalies. Extensive simulation shows that overall network performance is improved in terms of Round Trip Time (RTT) and bandwidth.