DDoS Protection System for SDN Network Based on Multi Controller and Load Balancer

Husnul Ulfa, Akbari Indra Basuki, Galura Muhammad Suranegara, Ahmad Fauzi


DDoS attacks on SDN networks can create a single point of failure that has the potential to disrupt the overall network performance. In a single controller scheme, there is a potential risk of experiencing buffer overload, leading to traffic congestion as switches must wait for responses from the controller before forwarding network packets. To address this challenge, this research implements security measures using a multi-controller and load balancer approach, aiming to enhance SDN network resilience against DDoS attacks. The system operates by distributing the workload from the main controller to a backup controller through a load balancer when indications of a DDoS attack are detected. These attack indications are determined based on the miss rate value of unique forwarding requests exceeding a specific threshold. The results of this approach have proven effective in improving the reliability, responsiveness, and quality of SDN network traffic during DDoS attacks. The testing parameters involved in this research include controller response time and network traffic quality, comprising latency, bandwidth, throughput, and jitter. Based on the test results, the multi-controller and load balancer-based approach successfully enhanced network quality and controller responsiveness by 66.51% compared to the longer single controller scenario, specifically 202.49% during DDoS attacks. In terms of controller responsiveness, there is a very slight increase of around 0.01% in latency between the two. While Multi Controller demonstrated a remarkable 43.21% increase in throughput compared to Single Controller, this improvement in throughput is accompanied by a significant 204% increase in jitter.

Full Text:



Y. Zhang, L. Cui, W. Wang, and Y. Zhang, “A Survey on Software Defined Networking With Multiple Controllers,” Journal of Network and Computer Applications, vol. 103. Academic Press, pp. 101–118, Feb. 01, 2018. doi: 10.1016/j.jnca.2017.11.015.

M. Iqbal and M. Arif Ramadhan, “Analisa Quality of Service pada Jaringan Wireless Berbasis Software-Defined Network dengan Protokol Openflow Menggunakan Floodlight Controller,” 2020.

E. Taherian-Fard, T. Niknam, R. Sahebi, M. Javidsharifi, A. Kavousi-Fard, and J. Aghaei, “A Software Defined Networking Architecture for DDoS-Attack in the Storage of Multimicrogrids,” IEEE Access, vol. 10, pp. 83802–83812, 2022, doi: 10.1109/ACCESS.2022.3197283.

X. Li, Z. Fan, Y. Xiao, Q. Xu, and W. Zhu, “Improved Automated Graph And FCM Based DDoS Attack Detection Mechanism In Software Defined Networks,” Journal of Internet Technology, vol. 20, no. 7, pp. 2117–2127, 2019, doi: 10.3966/160792642019122007010.

H. H. Saleh, I. A. Mishkal, and D. S. Ibrahim, “Controller Placement Problem In Software Defined Networks,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 27, no. 3, pp. 1704–1711, Sep. 2022, doi: 10.11591/ijeecs.v27.i3.pp1704-1711.

D. P. Harja, A. Rakhmatsyah, and M. A. Nugroho, “Implementasi untuk Meningkatkan Keamanan Jaringan Menggunakan Deep Packet Inspection pada Software Defined Networks,” Indonesian Journal on Computing (Indo-JC), vol. 4, no. 1, p. 133, Mar. 2019, doi: 10.21108/indojc.2019.4.1.286.

J. Prathima Mabel, K. A. Vani, and K. N. Rama Mohan Babu, “SDN Security: Challenges and Solutions,” in Lecture Notes in Electrical Engineering, Springer Verlag, 2019, pp. 837–848. doi: 10.1007/978-981-13-5802-9_73.

A. K. Singh, S. Maurya, and S. Srivastava, “Varna-Based Optimization: A Novel Method For Capacitated Controller Placement Problem in SDN,” Front Comput Sci, vol. 14, no. 3, Jun. 2020, doi: 10.1007/s11704-018-7277-8.

J. Zhang, H. Guo, J. Liu, and Y. Zhang, “Task Offloading in Vehicular Edge Computing Networks: A Load-Balancing Solution,” IEEE Trans Veh Technol, vol. 69, no. 2, pp. 2092–2104, Feb. 2020, doi: 10.1109/TVT.2019.2959410.

R. R. Zebari, S. R. M. Zeebaree, A. B. Sallow, H. M. Shukur, O. M. Ahmad, and K. Jacksi, “Distributed Denial of Service Attack Mitigation using High Availability Proxy and Network Load Balancing,” in 3rd International Conference on Advanced Science and Engineering, ICOASE 2020, Institute of Electrical and Electronics Engineers Inc., Dec. 2020, pp. 174–179. doi: 10.1109/ICOASE51841.2020.9436545.

I. M. Huda and I. M. Suartana, “Implementasi Intrusion Prevention System Untuk Mencegah Serangan DDOS pada Software Defined Network,” Journal of Informatics and Computer Science, vol. 03, 2021.

S. Kaur, K. Kumar, N. Aggarwal, and G. Singh, “A Comprehensive Survey of DDoS Defense Solutions in SDN: Taxonomy, Research Challenges, and Future Directions,” Computers and Security, vol. 110. Elsevier Ltd, Nov. 01, 2021. doi: 10.1016/j.cose.2021.102423.

T. Akhir, M. Kuliah, K. Informasi, J. El5241, and D. Pratama, “Serangan Ddos Pada Software Defined Network.”

G. Li, X. Wang, and Z. Zhang, “SDN-Based Load Balancing Scheme for Multi-Controller Deployment,” IEEE Access, vol. 7, pp. 39612–39622, 2019, doi: 10.1109/ACCESS.2019.2906683.

M. S. Tok and M. Demirci, “Security analysis of SDN Controller-Based DHCP Services and Attack Mitigation with DHCPguard,” Comput Secur, vol. 109, Oct. 2021, doi: 10.1016/j.cose.2021.102394.

K. Kalkan, L. Altay, G. Gür, and F. Alagöz, “JESS: Joint Entropy-Based DDoS Defense Scheme in SDN,” IEEE Journal on Selected Areas in Communications, vol. 36, no. 10, pp. 2358–2372, Oct. 2018, doi: 10.1109/JSAC.2018.2869997.

C. Bhatt, V. Sihag, G. Choudhary, P. V. Astillo, and I. You, “A Multi-Controller Authentication Approach for SDN,” in 2021 International Conference on Electronics, Information, and Communication, ICEIC 2021, Institute of Electrical and Electronics Engineers Inc., Jan. 2021. doi: 10.1109/ICEIC51217.2021.9369825.

P. Valizadeh and A. Taghinezhad-Niar, “DDoS Attacks Detection in Multi-Controller Based Software Defined Network,” in 2022 8th International Conference on Web Research, ICWR 2022, Institute of Electrical and Electronics Engineers Inc., 2022, pp. 34–39. doi: 10.1109/ICWR54782.2022.9786246.

Y. C. Wang and E. J. Chang, “Cooperative Flow Management in Multi-domain SDN-based Networks with Multiple Controllers,” in HONET 2020 - IEEE 17th International Conference on Smart Communities: Improving Quality of Life using ICT, IoT and AI, Institute of Electrical and Electronics Engineers Inc., Dec. 2020, pp. 82–86. doi: 10.1109/HONET50430.2020.9322815.

K. Mulligan, J. T. Grant, S. T. Mockabee, and J. Q. Monson, “Response Latency Methodology for Survey Research: Measurement and Modeling Strategies,” Political Analysis, vol. 11, no. 3, pp. 289–301, 2003, doi: 10.1093/pan/mpg004.

A. Saputra, M. Akbar, I. Solikin, and M. Kom, “Pengembangan Jaringan Wireless Local Area Network (Wlan) Menggunakan Metode PPDIOO (Studi kasus : SMK N 1 Indralaya Utara).”

R. R. Zebari, S. R. M. Zeebaree, A. B. Sallow, H. M. Shukur, O. M. Ahmad, and K. Jacksi, “Distributed Denial of Service Attack Mitigation using High Availability Proxy and Network Load Balancing,” in 3rd International Conference on Advanced Science and Engineering, ICOASE 2020, Institute of Electrical and Electronics Engineers Inc., Dec. 2020, pp. 174–179. doi: 10.1109/ICOASE51841.2020.9436545.

DOI: https://doi.org/10.32520/stmsi.v13i2.3802

Article Metrics

Abstract view : 137 times
PDF - 39 times


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.