Software Defined networking (SDN) is a new approach for the design and management of computer networks. The main concept behind SDN is the separation of the network’s control and forwarding planes with the control plane moved to the centralized controller. In SDN networks with the centralized controller structure DDoS attacks can easily exhaust the controller's or the switches' computing and communication resources, thus, breakdown the network within a short time.
In this thesis, the scheme, running at the controller, can detect DDoS attacks at the early stage. The method not only can detect the attacks but also identify the attacking paths and start a mitigation process to provide some degree of protection of the network devices the moment an attack is detected. The Proposed method is based on the Entropy variation of destination IP address, Flow initiation rate and study of the Flow specifications.