Title: SDN-based DoS Attack Detection and Mitigation System for Cloud Environment
Year of Publication: 2018
Publisher: International Journal of Computer Systems (IJCS)
ISSN: 2394-1065
Series: Volume 05, Number 5, May 2018
Authors: Janitza Punto Gutierrez, Kilhung Lee


Ali Zidane El Qutaany, Ali Hamid El Bastawissy, Osman Hegazi, "SDN-based DoS Attack Detection and Mitigation System for Cloud Environment", In International Journal of Computer Systems (IJCS), pp: 33-42, Volume 5, Issue 8, August 2018. BibTeX

	author = {Janitza Punto Gutierrez, Kilhung Lee},
	title = {SDN-based DoS Attack Detection and Mitigation System for Cloud Environment},
	journal = {International Journal of Computer Systems (IJCS)},
	year = {2018},
	volume = {5},
	number = {8},
	pages = {33-42},
	month = {August}


Cloud Computing is a technology that brings advantages such as a dynamic architecture, on-demand offered services and resources, ubiquitous access and reduced costs. All of these characteristics make it popular between companies and organizations, who are adopting and implementing it in their systems. However, all this attention also attract attackers, worrying the users of the cloud. For this, Software Defined Networking appears as an innovative method which enables a more flexible and easy management of the network, permitting also the quick implementation of security policies and solutions. Following that, a SDN-based DoS attack detection and mitigation system for cloud environments was proposed. This solution uses the monitoring API called sFlow and the OpenFlow protocol, which permits to have a mapping of IP addresses, MAC addresses and ports and gather traffic statistics from the networking devices and servers. The purpose of this system also includes the detection of any additional IP or MAC spoofing attack, common characteristic of recent DoS attacks to avoid identifying the origin of the attack, so the design will help identify any internal host abused by an attacker or if the attack is coming from an external host. Additionally, the solution will include a DoS Security application, which will define security policies about the detection and mitigation of DoS attacks and will orchestrate the modules that performs those activities.


[1]G. Shanmugasundaram, V. Aswini and G. Suganya, "A comprehensive review on cloud computing security," 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), Coimbatore, 2017, pp. 1- 5.
[2] A. R. Wani, Q. P. Rana and N. Pandey, "Cloud security architecture based on user authentication and symmetric key cryptographic techniques," 2017 6th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, 2017, pp. 529-534.
[3] M. A. Khan, "A survey of security issues for cloud computing," Journal of Network and Computer Applications, vol. 71, 2016, pp. 11-29.
[4] J. He, M. Dong, K. Ota, M. Fan, G. Wang, "NetSecCC: A scalable and fault-tolerant architecture for cloud computing security," Peerto-Peer Networking and Applications, vol. 9, 2016, pp. 67-81.
[5] P. Donadio, G. B. Fioccola, R. Canonico and G. Ventre, "Network security for Hybrid Cloud," 2014 Euro Med Telco Conference (EMTC), Naples, 2014, pp. 1-6.
[6] D. Sitaram, G. Manjunath, Moving to the Cloud: Developing Apps in the New World of Cloud Computing, 1st ed., Syngress, 2011.
[7] S. Basu et al., "Cloud computing security challenges & solutions-A survey," 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, 2018, pp. 347-356.
[8] T. C. Vance, N. Merati, C. Yang, M. Yuan, Cloud Computing in Ocean and Atmospheric Sciences, 1st ed., Academic Press, an imprint of Elsevier, 2016.
[9] P. Mell, T. Grance (2011). The NIST Definition of Cloud Computing. [Online]. Available:
[10] C. B. O. M. E. Moctar and K. Konaté, "A survey of security challenges in cloud computing," 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2017, pp. 843-849.
[11] P. Rengaraju, V. R. Ramanan and C. H. Lung, "Detection and prevention of DoS attacks in Software-Defined Cloud networks," 2017 IEEE Conference on Dependable and Secure Computing, Taipei, 2017, pp. 217-223.
[12] J. Qadiree, M. I. Maqbool, "Solutions of Cloud Computing Security Issues," International Journal of Computer Science Trends and Technology (IJCS T), vol. 2, 2016, pp. 38-42.
[13] L. Coppolino, S. D'Antonio, G. Mazzeo, L. Romano, "Cloud security: Emerging threats and current solutions," Computers & Electrical Engineering, vol. 59, 2017, pp. 126-140.
[14] V. Mahajan and S. K. Peddoju, "Integration of network intrusion detection systems and honeypot networks for cloud security," 2017 International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, 2017, pp. 829-834.
[15] A. Garg, V. Saini, M. Imran and M. A. Qadeer, "Performance analysis of software defined networks," 2017 9th International Conference on Computational Intelligence and Communication Networks (CICN), Girne, 2017, pp. 58-61.
[16] T. Tamanna, T. Fatema and R. Saha, "SDN, A research on SDN assets and tools to defense DDoS attack in cloud computing environment," 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2017, pp. 1670-1674.
[17] B. Yuan, D. Zou, H. Jin, S. Yu, L. T. Yang, "HostWatcher: Protecting hosts in cloud data centers through software-defined networking," Future Generation Computer Systems, 2017.
[18] R. Masoudi, A. Ghaffari, "Software defined networks: A survey," Journal of Network and Computer Applications, vol. 67, 2016, pp. 1-25.
[19] P. Patel, V. Tiwari and M. K. Abhishek, "SDN and NFV integration in openstack cloud to improve network services and security," 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), Ramanathapuram, 2016, pp. 655- 660.
[20] K. Benzekki, A. El Fergougui and A. Elbelrhiti Elalaoui, "Software-defined networking (SDN): a survey," Security Comm. Networks, vol. 9, 2016, pp. 5803-5833.
[21] Y. E. Oktian, S. Lee and H. Lee, "Mitigating Denial of Service (DoS) attacks in OpenFlow networks," 2014 International Conference on Information and Communication Technology Convergence (ICTC), Busan, 2014, pp. 325-330.
[22] T. Chin, X. Mountrouidou, X. Li and K. Xiong, "Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN)," 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops, Columbus, OH, 2015, pp. 95-99.
[23] W. Navid and M. N. M. Bhutta, "Detection and mitigation of Denial of Service (DoS) attacks using performance aware Software Defined Networking (SDN)," 2017 International Conference on Information and Communication Technologies (ICICT), Karachi, 2017, pp. 47-57.
[24] J. H. Cox et al., "Advancing Software-Defined Networks: A Survey," in IEEE Access, vol. 5, pp. 25487-25526, 2017.
[25] G. Pujolle, Software Networks: Virtualisation, SDN, 5G and security, 1st. ed., London: WileyISTE, 2015.
[26] Open Networking Foundation, OpenFlow Switch Specification ver. 1.5.1, March 26, 2015; Available at: https://3vf60mmveq1g8vzn48q2o71a-wpengine.netdnassl. com/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf
[27], sFlow version 5, July, 2004; Available at:
[28] B. H. Lee, E. K. Dewi and M. F. Wajdi, "Data security in cloud computing using AES under HEROKU cloud," 2018 27th Wireless and Optical Communication Conference (WOCC), Hualien, Taiwan, 2018, pp. 1-5.
[29] S. Ashraf, T. Kehkashan, M. Gull and S. Moin u Din, "Transparency service model for data security in cloud computing," 2018 International Conference on Computing, Mathematics and Engineering Technologies (iCoMET), Sukkur, 2018, pp. 1-6.
[30] T. Halabi, M. Bellaiche, "A broker-based framework for standardization and management of Cloud Security-SLAs," Computers & Security, vol. 75, 2018, pp. 59-71.
[31] M. Hawedi, C. Talhi, H. Boucheneb, "Security as a Service for Public Cloud Tenants (SaaS)," Procedia Computer Science, vol. 130, 2018, pp. 1025-1030.
[32] T. Jung, X. Y. Li, Z. Wan and M. Wan, "Control Cloud Data Access Privilege and Anonymity With Fully Anonymous Attribute- Based Encryption," in IEEE Transactions on Information Forensics and Security, vol. 10, no. 1, pp. 190-199, Jan. 2015.
[33] S.S. Alarifi and S.D. Wolthusen, "Mitigation of Cloud-Internal Denial of Service Attacks," 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 478-483, 2014.


Cloud Computing, Software Defined Network, Open Flow, Spoofing Attack, DoS Security.