A Method for DDOS Attacks Prevention Using SDN and NFV

Abstract

Abstract One of the most widespread forms of security attacks in enterprise networks is Distributed Denial-of-Service (DDOS) attacks. The purpose of DDOS attacks is to intentionally disrupt a network by sending a large amount of false requests. A new path for network design and management has been created with the introduction of Network Functions Virtualization (NFV). NFV architectures allow network functions to be defined quite dynamically. Dynamic definitions of network functions provide the best support for organizational environments. The aim of this research is to prevent DDOS attacks using NFV and SDN platforms. The research method uses the Moving Target Defense (MTD) idea to change the network routes and services location for specific detection packets. The MTD prevents attackers from performing DDOS attacks on real network topologies. A major innovation presented in this research is the selection of moving target defense types based on the processing resources of the overlay networks. The results indicates that the proposed method will save these resources and reduce the time required to check packets in networks.