SDN-based Port Hopping Technique for Mitigating Network Attacks.

Software Defined-Network (SDN) scheme has recently proven to be efficient in resisting different attack vectors which plague the Internet of Things (IoT) and other networks. Logically, the SDN utilizes port hopping as an active defense mechanisms through consolidated regulation and network programmable characteristics for the mitigation of network attacks such as Denial-of-Service (Dos), port scanning attempts, and other kinds of reconnaissance attacks in a network. However, existing port hopping techniques are limited in terms of the inability to completely mask the service port and the use of extra hardware capabilities which apparently results in overhead. To address these issues, this paper proposes a port hopping technique based on masked communication services (PHCSS) which not only have the capacity of detecting and clarifying malevolent data packets more efficiently as compared to existing port hopping techniques but also reduce the cost of port hopping for the protected server, and resist both DoS, internal attacks, and port scanning attempts. Results of our experiments suggest that the approach can successfully secure a network from both port scanning and DoS attacks, while not overwhelming excessive resources on the SDN controller.