Lightweight Anti DDoS Security Tool: Edge Level Filtering in SDN using P4

Software Defined Network (SDN) which has a promising future in satellite communication was first introduced as the solution to solve problems existing in the traditional network architecture. So far in SDN, mitigation strategies employed hardware installation or software solution which is heavily dependent on SDN controllers. The disadvantage of these approaches is the a) cost for implementation, b) intensive resource usage, and 3) costly optimization strategy necessary to enhance SDN performance. This research aims to fill the gap of the previously seen defense mechanism by enabling edge-level filtering without involving the control plane. By implementing filtering functions in edge switches, it can provide an efficient and effective defense layer in SDN network systems so that SDN switch can become the first line of defense against packet injection attacks. The proposed solution, Lightweight Anti-DDoS Software (LADS) focuses on lightweight workloads and provisioning of effective filtering mechanism to allow SDN switches to drop and block malicious packets sent by attackers. It utilizes Programming Protocol-independent Packet Processors (P4) programming language to create custom functionalities in SDN switches. P4 allows SDN switches to conduct host authentication and malicious packet filtering as well as blacklisting to isolate attackers. Simulation result proves that LADS efficiently manages malicious activities and maintains network performance during attacks at the data plane independent of SDN controller.