Mansimran, along with my teammates Emil, Abdul, Roj, and Amna worked on a project as a part of Navita’s Professional Year Program. Since most of us were from a networking and security background, we decided to work on a project from the same field. Software-Defined Networking (SDN), being the future of networking was considered the best choice for carrying out our research. We analyzed plenty of existing research papers, literature reviews, articles, etc. to understand the background, working, and problem areas in an SDN architecture. Providing a potential solution to eliminate the vulnerabilities and securing the SDN controller seemed to be the perfect topic for this project.

Software-Defined Networking (SDN) has been successful in paving its way towards next-generation networking. It has proved itself to be a more reliable and robust discovery. It has many advantages because of the separation of its layers but at the same time, there are some security issues because of the presence of a centralized controller and this separation of layers. These security issues like DDoS (distributed denial-of-service) attacks can fully compromise a network and lead to a single point of failure. This attack leads to heavy traffic of false incoming network requests with the purpose of overutilizing the system resources, thus preventing legitimate users from accessing the network and making it unavailable. The SDN controller can also be flooded by the packet-ins and thus can place the controller in an uncertain state. To mitigate this issue of DDoS attack, our project focuses on detecting and mitigating the DDoS attack on the topologies with mainly two controllers (RYU and POX) in place. We have also presented the previous work done in this area by network enthusiasts and researchers. In addition to this, a step-by-step installation process of these controllers is presented, followed by the methodologies carried out which discuss the simulations, events, tools, and approach used to carry out the experiments. We implemented python scripts which aimed to detect the compromised hosts in our topology. This then raised an alert helping in mitigating the attack with minimum network damage. Finally, we listed the final results and our discussion on the whole experiment carried out on DDoS attack detection and mitigation. In our case, RYU and POX controllers managed to transfer some of the data even when they were under attack rather than fully turning off. So, after getting the results, we can say that there must be some security patch/script in place when having a network based on SDN architecture.