A Dynamic DDoS Protection Mechanism for WLAN based on SDS Architecture

The impact of distributed denial of service (DDoS) attacks has become more and more serious and widespread in wireless local area network (WLAN). Traditional DDoS protection mechanisms become less reliable and cannot easily adapt to the diverse types of DDoS attacks. Meanwhile, the emergence of software defined networking (SDN) has provided a new solution to solve the security problem in WLAN. In this paper, we propose a dynamic DDoS protection mechanism for WLAN based on software defined security, which is a branch of SDN architecture in the network security. When outer-net data flow streams into the network, the mechanism can judge the credibility of the flow by its self-detection function, and then it will deploy different security strategies to handle the data flow according to the credibility before server responds to it. The analysis and experiment show that compared with traditional DDoS protection mechanisms, the proposed mechanism is a priori detection method, and is more flexible and efficient.