Analisis dan Mitigasi Serangan Distributed Denial of Service (DDoS) pada Jaringan Berbasis SDN (Software-Defined Networking)
Article Sidebar
Main Article Content
Abstract
Abstrak
Penelitian ini menganalisis dampak dan mengusulkan mitigasi serangan Distributed Denial of Service (DDoS) pada jaringan Software-Defined Networking (SDN). Serangan DDoS secara signifikan menurunkan
throughput dan meningkatkan latensi, serta menyebabkan tingginya packet loss dan jenuhnya utilisasi bandwidth, menunjukkan kerentanan SDN meskipun memiliki kontrol terpusat. Kontroler SDN sendiri berpotensi menjadi titik kegagalan tunggal atau target serangan. Untuk mengatasi hal tersebut, dikembangkan algoritma deteksi anomali berbasis
packet rate dan flow entropy yang menunjukkan akurasi tinggi (di atas 95%) dengan False Positive Rate (FPR) rendah, serta waktu deteksi yang cepat (rata-rata di bawah 250 ms). Setelah deteksi, mekanisme mitigasi dengan
dynamic traffic filtering (melalui Blackholing selektif) terbukti efektif dalam memulihkan kinerja jaringan, mengembalikan throughput hingga sekitar 90% dari kondisi normal dan mengurangi latensi secara signifikan, dengan waktu pemulihan rata-rata antara 300-400 ms. Solusi mitigasi ini juga efisien dalam penggunaan sumber daya kontroler SDN, menjamin skalabilitas. Meskipun demikian, pengembangan lebih lanjut diperlukan untuk deteksi serangan canggih, pengamanan kontroler SDN, dan mitigasi berskala besar.
Kata kunci: Distributed Denial of Service (DDoS), Software-Defined Networking (SDN), Deteksi, Mitigasi, Keamanan Jaringan.
Abstract
This research analyzes the impact of Distributed Denial of Service (DDoS) attacks and proposes mitigation strategies for Software-Defined Networking (SDN) environments. DDoS attacks significantly reduce throughput, increase latency, and lead to high packet loss and bandwidth saturation, demonstrating SDN's vulnerability despite its centralized control. The SDN controller itself can be a single point of failure or a primary target for attacks. To address these issues, an anomaly detection algorithm based on packet rate and flow entropy was developed. This algorithm achieved high accuracy (above 95%) with a low False Positive Rate (FPR), and a fast detection time (average below 250 ms). Following detection, the mitigation mechanism, which utilizes dynamic traffic filtering (through selective Blackholing), proved highly effective in restoring network performance. It recovered throughput to approximately 90% of normal conditions and significantly reduced latency, nearing baseline levels, with an average recovery time between 300-400 ms. This mitigation solution also demonstrated efficiency in SDN controller resource utilization, ensuring scalability. Nevertheless, further development is needed for advanced attack detection, securing the SDN controller, and large-scale mitigation.
Keywords: Distributed Denial of Service (DDoS), Software-Defined Networking (SDN), Detection, Mitigation, Network Security.
Article Details
Section
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
How to Cite
References
Handayanto, R., Tripathi, N. K., Kim, S. M., & Herlawati, H. (2018). Land Use Growth Simulation and Optimization for Achieving a Sustainable Urban Form. TELKOMNIKA (Telecommunication Computing Electronics and Control), 16(5), 2063–2072. https://doi.org/10.12928/telkomnika.v16i5.9309
Bakti, P. S., Pratama, N. P., & Putra, D. A. (2023). Deteksi Serangan DDoS Berbasis Metode Support Vector Machine (SVM) pada Jaringan SDN. Jurnal Rekayasa Komputer, 10(1), 1-8.
Chen, H., Wang, Z., & Gao, R. (2022). A Deep Reinforcement Learning-Based Approach for DDoS Attack Detection and Mitigation in SDN. IEEE Access, 10, 45789-45801.
Hossain, M. S., & Al-Hammoud, S. A. (2020). A Survey on DDoS Attack Detection and Mitigation in Software Defined Networking. Journal of Network and Computer Applications, 173, 102871.
Kaur, H., Singh, M., & Kumar, R. (2021). Software Defined Networking (SDN): Architecture, Challenges and Security Issues. Journal of Network and Computer Applications, 181, 103003.
Al-Hammoud, S. A., Hossain, M. S., & Aljuraidan, S. (2021). A comprehensive experimental study of DDoS attacks and their mitigation in SDN environments. Journal of Network and Computer Applications, 181, 103003.
Gupta, A., Singh, J., & Kaur, M. (2023). A Survey on DDoS Attack Detection and Mitigation Techniques in SDN and IoT Environment. Journal of Network and Computer Applications, 220, 103756.
Hu, H., Zhang, T., & Guan, X. (2020). A comprehensive survey of SDN simulation and emulation platforms. Future Generation Computer Systems, 105, 1-17.
Khan, A. N., Iqbal, N., & Khan, M. A. (2022). A survey on DDoS attack detection and mitigation in SDN. Computers & Security, 114, 102577.
Misbah, S., & Karim, N. (2021). A comprehensive review on DDoS attack detection and mitigation in SDN using machine learning. Journal of Network and Computer Applications, 185, 103135.
Pour, S., Arslan, M., & Akram, V. (2023). A Comprehensive Review on DDoS Attack Detection and Mitigation Techniques in SDN-based Networks. Computers & Security, 130, 103134.
Wang, H., Li, X., & Deng, Q. (2021). A Secure and Efficient DDoS Attack Mitigation Scheme for SDN Control Plane. IEEE Transactions on Network and Service Management, 18(4), 4851-4864.
Zhou, Y., Yang, J., & Li, F. (2024). AI-Driven DDoS Attack Detection and Mitigation in 5G and Beyond Networks: A Survey. Future Generation Computer Systems, 150, 1-17.