Detecting Denial-of-Service Attacks Using sFlow

This paper addresses how to detect denial-of-service attacks using sFlow. Denial-of-service (DoS) attack is a critical security challenge in software-defined network (SDN). In DoS attack, the network bandwidth is acquired by disrupting the services of the server by abruptly increasing the traffic and making the server unavailable for other users. The most challenging problem of DoS attack is to detect the attack almost instantly and in a precise manner. This paper presents the detection of DoS attacks by using sFlow analyzer, a SDNs flow monitoring tool. In the event of any attack, sFlow collects sample packets from network traffic, analyzes suspicious behavior and creates handling rules which are then sent to the controller. Implementation of DoS attack is carried out by emulating a typical network in Mininet and integrating this with sFlow analyzer. Through the simulated results, the potential DoS victims and attackers are quickly found.