Enhanced Real-Time DDoS Detection and Mitigation in SDN Using ONOS Controller

Abstract

The proliferation of Software-Defined Networking (SDN) has enhanced flexibility and centralized control in modern networks. However, this architecture is highly vulnerable to Distributed Denial-of-Service (DDoS) attacks targeting the SDN controller. This paper proposes a real-time DDoS detection and mitigation framework for SDN environments using the ONOS controller, integrating machine learning models with high-speed Python-based data processing libraries. The system is designed to detect and block both UDP Flood and TCP SYN Flood attacks with minimal latency. Experiments were conducted using a network topology simulated using Mininet and realistic attack traffic generated using hping3 and Scapy. The proposed approach achieved 98.5% accuracy, a 90% detection rate, and a 1.5% false positive rate with a response time of only 3.2 seconds. A comparative evaluation against recent ONOS-based studies reveals improved precision, faster mitigation, and better scalability. These findings indicate that the proposed solution is practical for real time DDoS defense in SDN-enabled enterprise networks.