Abstract

Background & Objective: Detecting and mitigating Distributed Denial of Service (DDoS) attacks is a serious problem. In addition, new features and network deployments such as Software- Defined Networking (SDN) may open the door for new threats that did not previously exist.

Recent publications and patent are reviewed to find new techniques developed for integrating different mechanisms to secure networks against DDoS.

Methods: This work presents a simple model for integrating different mechanisms to secure both SDN and legacy network in a hybrid cloud environment, it is called FocusON. It aims at mitigating DDoS attacks of a victim network. In addition, separating network monitoring from its control aims at mitigating DDoS attacks of a victim network. Traffic pattern analysis is apart from attack detection mechanism that gives a conceptual representation of a specific kind of DDoS attacks. DDoS detection is a completely automated process. Once called, for the reaction, the active response will be taken against the real IP source of the attacker.

The communication time overhead was tested in order to evaluate the remote server response time in case of deploying our proposed model mechanisms and without our proposed model.

Here we introduce a response mechanism that consists of an analysis of event logs, traffic patterns, and IP traceback. The proposed model categorizes the underlying network according to the location into a victim network and the source of attack (public cloud).

Results & Conclusion: The proposed model implemented in a hybrid cloud environment using the network of SDN and legacy network. The experimental setup was built using our network lab connected to the Amazon public cloud.

Keywords: Cloud computing, DDoS, legacy network, network security, SDN, traffic patterns.