SDNFV-Based DDoS Detection and Remediation in Multi-tenant, Virtualised Infrastructures

As ICT resources are increasingly hosted over cloud data centre infrastructures, distributed denial of service (DDoS) attacks are becoming a major concern for cloud service providers and tenants. The lack of physical resource isolation over a cloud environment exposes nontargeted tenants to indirect performance degradation while it is increasingly challenging to distinguish between safe (e.g. internal, DMZ) and external zones. Traditional DDoS detection and prevention systems employ high-performance and high-cost bespoke appliances (middleboxes) in fixed locations of the physical infrastructure. However, this limits their provisioning abilities to a static specification, hindering extensible functionality and resulting in vendor lock-in.