Defense method to dealing malicious attacks and load balancing in SDN networks

Software Defined Networks (SDN) are a new technology that, even after 10 years since its introduction, still has something new to offer in the network world. Active thinkers in this field believe that this technology will shape the future of operator networks. Software-based networks have significant power and numerous advantages, as they reduce the complexity of infrastructure management and employ a centralized network structure. The weakness of this network lies in its control panel, which is not scalable enough to support real-time requests or requests with high flow rates. This vulnerability makes the network susceptible to cyber-attacks. In the past, solutions such as network edge protection at the control layer or centralized controller protection have been proposed, partially addressing the problem. Our proposed method in this thesis, which is based on the Network Functions Virtualization, can effectively defend against cyber-attacks targeting the control panel of the network. Our proposed method, which focuses on overload control, consists of three phases. In the first phase, it statistically identifies the permitted flows. In the second step, it delves deeper and checks the validity of the handshake or 3-way handshake to ensure that the authorized flows are properly served. In the third stage, the legitimate streams that were incorrectly classified in the previous two stages and included in the streams that are being deleted are intelligently preserved. The simulation and implementation results demonstrate the effectiveness of the overload control feature in the network control panel. This feature reduces delay and enhances security by protecting against malicious attacks.