SF-DaM: An Efficient Lightweight Approach for Detecting and Mitigating the TCP SYN Flooding Attacks in SDN

Despite of its impressive advantages over the traditional networks, SoftwareDefined Networking (SDN) still encounters many challenges, especially when it comes to network security problems. The SYN flooding attacks is considered as the most effective and widely adopted DDoS mechanism to mount saturation on SDN control plane as well as on the targeted victim end systems. Although various studies have addressed this problem area, their solutions do not solve the issue efficiently due to the complexity and impracticality of their designs or due to the significant overhead and long time required for attack detection and mitigation. Therefore, in this paper, we propose an efficient lightweight security approach called SF-DaM for providing fast and accurate alleviation of the SYN flooding attacks in SDNs. The proposed SF-DaM employs a lightweight but effective mechanism for monitoring the incoming TCP connection requests and validating their legitimacy with low overhead which make it capable of detecting and blocking the sources of malicious requests quickly without sacrificing the benign host traffics. To demonstrate its feasibility and effectiveness, the SF-DaM is fully implemented as an extension module of the SDN POX controller and is evaluated under different conditional scenarios via the Mininet emulator. The experimental results illustrate the out-performance of SF-DaM when compared to the state-of-the-art approaches as it can provide a significant improvement on the attack detection time and benign response time specially under the spoofed attacks scenarios. The results also shows that SF-DaM can significantly reduce the overhead on the controller and its control channels.