Improving Resiliency Against DDoS Attacks by SDN and Multipath Orchestration of VNF Services

Alparslan O., Gunes O., Hanay Y. S., Arakawa S., Murata M.

23rd IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN), Osaka, Japan, 12 - 14 June 2017 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/lanman.2017.7972158
  • City: Osaka
  • Country: Japan
  • TED University Affiliated: Yes


We propose an architecture that increases the resiliency against DDoS attacks by leveraging virtual network functions (VNF) and software defined networking (SDN). In the first step, the proposed architecture places the virtual network functions (VNF) optimally by solving a linear program. In the second step, in order to add preemptive protection against DDoS attacks, special filter VNFs and secondary paths passing through these filter VNFs are set up by solving another linear program. Under a DDoS attack, SDN controller switches the routes affected by the attack to the secondary paths for filtering DDoS traffic in order to prevent over-utilization. The simulation results show that the proposed architecture can absorb higher amount of DDoS traffic with low impact on the average hop count.