A Prevention Technique for DDoS Attacks in SDN using Ryu Controller Application

Abstract: Software Defined Networking (SDN) modernizes network control, offering streamlined management. However, its centralized structure makes it more vulnerable to distributed Denial of Service (DDoS) attacks, posing serious threats to network stability. This thesis explores the development of a DDoS attack prevention technique in SDN environments using the Ryu controller application. The research aims to address the vulnerabilities in SDN, particularly focusing on flooding and Internet Protocol (IP) spoofing attacks, which are a significant threat to network security. The study employs an experimental approach, utilizing tools like Mininet-VM (VirtualMachine), Oracle VM VirtualBox, and hping3 to simulate a virtual SDN environment and conduct DDoS attack scenarios. Key methodologies include packet sniffing and rule-based detection by integrating Snort IDS (Intrusion Detection System), which is critical for identifying and mitigating such attacks. The experiments demonstrate the effectiveness of the proposed prevention technique, highlighting the importance of proper configuration and integration of network security tools in SDN. This work contributes to enhancing the resilience of SDN architectures against DDoS attacks, offering insights into future developments in network security.