{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T14:53:40Z","timestamp":1772722420037,"version":"3.50.1"},"reference-count":36,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2018,2,27]],"date-time":"2018-02-27T00:00:00Z","timestamp":1519689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Software Defined Networking (SDN) has proved itself to be a backbone in the new network design and is quickly becoming an industry standard. The idea of separation of control plane and data plane is the key concept behind SDN. SDN not only allows us to program and monitor our networks but it also helps in mitigating some key network problems. Distributed denial of service (DDoS) attack is among them. In this paper we propose a collaborative DDoS attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We also introduced three different deployment approaches i.e., linear, central and mesh in our testbed. Based on the experimental results we demonstrate that our SDN based collaborative scheme is fast and reliable in efficiently mitigating DDoS attacks in real time with very small computational footprints.<\/jats:p>","DOI":"10.3390\/fi10030023","type":"journal-article","created":{"date-parts":[[2018,2,27]],"date-time":"2018-02-27T14:18:08Z","timestamp":1519741088000},"page":"23","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":63,"title":["SDN Based Collaborative Scheme for Mitigation of DDoS Attacks"],"prefix":"10.3390","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4683-1988","authenticated-orcid":false,"given":"Sufian","family":"Hameed","sequence":"first","affiliation":[{"name":"IT Security Labs, National University of Computer and Emerging Sciences (FAST-NUCES), Karachi 75030, Pakistan"}]},{"given":"Hassan","family":"Ahmed Khan","sequence":"additional","affiliation":[{"name":"IT Security Labs, National University of Computer and Emerging Sciences (FAST-NUCES), Karachi 75030, Pakistan"}]}],"member":"1968","published-online":{"date-parts":[[2018,2,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","article-title":"A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks","volume":"15","author":"Zargar","year":"2013","journal-title":"Commun. Surv. Tutor. IEEE"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"475","DOI":"10.1016\/j.cose.2013.10.001","article-title":"DNS amplification attack revisited","volume":"39","author":"Anagnostopoulos","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Santanna, J.J., van Rijswijk-Deij, R., Hofstede, R., Sperotto, A., Wierbosch, M., Granville, L.Z., and Pras, A. (2015, January 11\u201315). Booters \u2014 An analysis of DDoS-as-a-service attacks. Proceedings of the 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada.","DOI":"10.1109\/INM.2015.7140298"},{"key":"ref_4","unstructured":"(2017, November 25). DYN Cyberattack. Available online: www.theguardian.com\/technology\/2016\/oct\/26\/ddos-attack-dyn-mirai-botnet."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MC.2017.201","article-title":"DDoS in the IoT: Mirai and Other Botnets","volume":"50","author":"Kolias","year":"2017","journal-title":"Computer"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Pras, A., Santanna, J.J., Steinberger, J., and Sperotto, A. (2016, January 4\u20136). DDoS 3.0-How terrorists bring down the Internet. Proceedings of the International GI\/ITG Conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance, M\u00fcnster, Germany.","DOI":"10.1007\/978-3-319-31559-1_1"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MCOM.2015.7081075","article-title":"Distributed denial of service attacks in software-defined networking with cloud computing","volume":"53","author":"Yan","year":"2015","journal-title":"IEEE Commun. Mag."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1109\/MCOM.2017.1600970","article-title":"Defense Mechanisms against DDoS Attacks in SDN Environment","volume":"55","author":"Kalkan","year":"2017","journal-title":"IEEE Commun. Mag."},{"key":"ref_9","unstructured":"D\u2019Cruze, H., Wang, P., Sbeit, R.O., and Ray, A. (2018). Information Technology-New Generations, Springer."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Giotis, K., Apostolaki, M., and Maglaris, V. (2016, January 25\u201329). A reputation-based collaborative schema for the mitigation of distributed attacks in SDN domains. Proceedings of the IEEE\/IFIP Network Operations and Management Symposium, Istanbul, Turkey.","DOI":"10.1109\/NOMS.2016.7502849"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1267","DOI":"10.1109\/TNET.2007.914506","article-title":"TVA: a DoS-limiting network architecture","volume":"16","author":"Yang","year":"2008","journal-title":"IEEE Trans. Netw."},{"key":"ref_12","unstructured":"Yang, X., Wetherall, D., and Anderson, T. (2005). ACM SIGCOMM Computer Communication Review, ACM."},{"key":"ref_13","unstructured":"Ioannidis, J., and Bellovin, S.M. (2002, January 6\u20138). Implementing Pushback: Router-Based Defense Against DDoS Attacks. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Hameed, S., and Khan, H.A. (2017, January 13\u201316). Leveraging SDN for collaborative DDoS mitigation. Proceedings of the IEEE International Conference on Networked Systems (NetSys), Goettingen, Germany.","DOI":"10.1109\/NetSys.2017.7903962"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Fran\u00e7ois, J., Dolberg, L., Festor, O., and Engel, T. (2014, January 1\u20132). Network security through software defined networking: A survey. Proceedings of the Conference on Principles, Systems and Applications of IP Telecommunications, Chicago, IL, USA.","DOI":"10.1145\/2670386.2670390"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Braga, R., Mota, E., and Passito, A. (2010, January 10\u201314). Lightweight DDoS flooding attack detection using NOX\/OpenFlow. Proceedings of the 35th IEEE Conference on Local Computer Networks (LCN), Denver, CO, USA.","DOI":"10.1109\/LCN.2010.5735752"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Lim, S., Ha, J., Kim, H., Kim, Y., and Yang, S. (2014, January 8\u201311). A SDN-oriented DDoS blocking scheme for botnet-based attacks. Proceedings of the Sixth International Conference on Ubiquitous and Future Networks (ICUFN), Shanghai, China.","DOI":"10.1109\/ICUFN.2014.6876752"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Giotis, K., Androulidakis, G., and Maglaris, V. (2014, January 1\u20133). Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks. Proceedings of the Third European Workshop on Software Defined Networks, Budapest, Hungary.","DOI":"10.1109\/EWSDN.2014.24"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Jeong, J., Seo, J., Cho, G., Kim, H., and Park, J.S. (2015, January 24\u201327). A Framework for Security Services Based on Software-Defined Networking. Proceedings of the 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Guwangiu, Korea.","DOI":"10.1109\/WAINA.2015.102"},{"key":"ref_20","unstructured":"Fayaz, S.K., Tobioka, Y., Sekar, V., and Bailey, M. (2015, January 10\u201312). Bohatei: Flexible and Elastic DDoS Defense. Proceedings of the USENIX Security Symposium, Austin, TX, USA."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Chen, C.C., Chen, Y.R., Lu, W.C., Tsai, S.C., and Yang, M.C. (2017, January 7\u201310). Detecting amplification attacks with Software Defined Networking. Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing, Taipei, Taiwan.","DOI":"10.1109\/DESEC.2017.8073807"},{"key":"ref_22","unstructured":"Aizuddin, A.A., Atan, M., Norulazmi, M., Noor, M.M., Akimi, S., and Abidin, Z. (, January 5\u20137). DNS amplification attack detection and mitigation via sFlow with security-centric SDN. Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, Beppu, Japan."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Liu, J., Lai, Y., and Zhang, S. (2017, January 17\u201319). FL-GUARD: A Detection and Defense System for DDoS Attack in SDN. Proceedings of the International Conference on Cryptography, Security and Privacy, Wuhan, China.","DOI":"10.1145\/3058060.3058074"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Belyaev, M., and Gaivoronski, S. (2014, January 27\u201329). Towards load balancing in SDN-networks during DDoS-attacks. Proceedings of the 2014 International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), Moscow, Russia.","DOI":"10.1109\/MoNeTeC.2014.6995578"},{"key":"ref_25","unstructured":"Dao, N.N., Park, J., Park, M., and Cho, S. (2015, January 12\u201314). A feasible method to combat against DDoS attack in SDN network. Proceedings of the International Conference on Information Networking (ICOIN), Siem Reap, Cambodia."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Rebecchi, F., Boite, J., Nardin, P.A., Bouet, M., and Conan, V. (2017, January 3\u20137). Traffic monitoring and DDoS detection using stateful SDN. Proceedings of the 2017 IEEE Conference on Network Softwarization (NetSoft), Bologna, Italy.","DOI":"10.1109\/NETSOFT.2017.8004256"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"1828","DOI":"10.1109\/TNET.2012.2194508","article-title":"FireCol: A collaborative protection network for the detection of flooding DDoS attacks","volume":"20","author":"Aib","year":"2012","journal-title":"IEEE\/ACM Trans. Netw. (TON)"},{"key":"ref_28","unstructured":"Rashidi, B., and Fung, C. (November, January 31). CoFence: A collaborative DDOS defence using network function virtualization. Proceedings of the 12th International Conference on Network and Service Management (CNSM), Montreal, QC, Canada."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2015.11.008","article-title":"CIPA: A collaborative intrusion prevention architecture for programmable network and SDN","volume":"58","author":"Chen","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Hameed, S., and Ali, U. (2016, January 25\u201329). Efficacy of Live DDoS Detection with Hadoop. Proceedings of the IEEE\/IFIP Network Operations and Management Symposium (NOMS), Istanbul, Turkey.","DOI":"10.1109\/NOMS.2016.7502848"},{"key":"ref_31","unstructured":"(2017, September 15). POX Controller. Available online: www.github.com\/noxrepo\/pox."},{"key":"ref_32","unstructured":"(2017, September 15). Mininet. Available online: www.mininet.org\/."},{"key":"ref_33","unstructured":"(2017, August 11). Scapy. Available online: www.secdev.org\/projects\/scapy\/."},{"key":"ref_34","unstructured":"(2017, November 25). Sender Policy Framework. Available online: http:\/\/www.openspf.org\/."},{"key":"ref_35","unstructured":"(2017, December 15). Autonomous System Path Lengths. Available online: https:\/\/labs.ripe.net\/Members\/mirjam\/update-on-as-path-lengths-over-time."},{"key":"ref_36","unstructured":"(2017, December 15). Number of ASes in Routing System. Available online: http:\/\/www.cidr-report.org\/as2.0\/."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/3\/23\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T14:56:41Z","timestamp":1760194601000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/10\/3\/23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,2,27]]},"references-count":36,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2018,3]]}},"alternative-id":["fi10030023"],"URL":"https:\/\/doi.org\/10.3390\/fi10030023","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,2,27]]}}}