Arab J Sci Eng DOI 10.1007/s13369-017-2414-5 REVIEW ARTICLE - COMPUTER ENGINEERING AND COMPUTER SCIENCE DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions Narmeen Zakaria Bawany 1 · Jawwad A. Shamsi 1 · Khaled Salah 2 Received: 20 August 2016 / Accepted: 9 January 2017 © King Fahd University of Petroleum & Minerals 2017 Abstract Distributed denial-of-service (DDoS) attacks have become a weapon of choice for hackers, cyber extor- tionists, and cyber terrorists. These attacks can swiftly incapacitate a victim, causing huge revenue losses. Despite the large number of traditional mitigation solutions that exists today, DDoS attacks continue to grow in frequency, vol- ume, and severity. This calls for a new network paradigm to address the requirements of today’s challenging security threats. Software-defined networking (SDN) is an emerging network paradigm which has gained significant traction by many researchers to address the requirement of today’s data centers. Inspired by the capabilities of SDN, we present a comprehensive survey of existing SDN-based DDoS attack detection and mitigation solutions. We classify solutions based on DDoS attack detection techniques and identify requirements of an effective solution. Based on our findings, we propose a novel framework for detection and mitigation of DDoS attacks in a large-scale network which comprises a smart city built on SDN infrastructure. Our proposed frame- work is capable of meeting application-specific DDoS attack detection and mitigation requirements. The primary contri- bution of this paper is twofold. First, we provide an in-depth survey and discussion of SDN-based DDoS attack detec- B Khaled Salah khaled.salah@kustar.ac.ae Narmeen Zakaria Bawany nshawoo@gmail.com Jawwad A. Shamsi jawwad.shamsi@nu.edu.pk 1 Systems Research Laboratory, FAST-National University of Computer and Emerging Sciences, Karachi, Pakistan 2 Electrical and Computer Engineering Department, Khalifa University of Science, Technology and Research, PO Box 573, Sharjah, UAE tion and mitigation mechanisms, and we classify them with respect to the detection techniques. Second, leveraging the characteristics of SDN for network security, we propose and present an SDN-based proactive DDoS Defense Framework (ProDefense). We show how this framework can be utilized to secure applications built for smart cities. Moreover, the paper highlights open research challenges, future research direc- tions, and recommendations related to SDN-based DDoS detection and mitigation. Keywords Software-defined networking · SDN · DDoS attacks · OpenFlow · DDoS mitigation 1 Introduction Distributed denial-of-service (DDoS) attacks have been a real threat for network, digital, and cyber infrastructure [1].These attacks are capable to cause massive disruption in any information communication technology (ICT) infras- tructure [2]. There could be numerous reasons for launching DDoS attacks. These include financial gains [3], political gains [2], and disruption [4, 5]. DDoS attacks can paralyze networks and services by overwhelming servers, network links, and network devices (routers, switches, etc.) with illegitimate traffic. They can either cause degradation of service or a complete denial of service resulting in huge losses. Increasing reliance on Internet and data centers has aggravated this problem. The growing dependence of crit- ical infrastructure of a country in ICT have given rise to the need of efficient solutions for protection against DDoS attacks [6, 7]. For instance, data centers running critical ser- vices, such as smart grid, need to be protected in order to continue to provide highly reliable services. 123