SDN-Based Network Intrusion Detection as DDoS defense system for Virtualization Environment

  • Saifudin Usman Politeknik Negeri Ketapang, Indonesia
  • Idris Winarno Politeknik Elektronika Negeri Surabaya, Indonesia
  • Amang Sudarsono Politeknik Elektronika Negeri Surabaya, Indonesia
Keywords: DDoS, High Availability, Cloud Computing, Virtualization, NIDS, SDN, Sflow, Openflow


Nowadays, DDoS attacks are often aimed at cloud computing environments, as more people use virtualization servers. With so many Nodes and distributed services, it will be challenging to rely solely on conventional networks to control and monitor intrusions. We design and deploy DDoS attack defense systems in virtualization environments based on Software-defined Networking (SDN) by combining signature-based Network Intrusion Detection Systems (NIDS) and sampled flow (sFlow). These techniques are practically tested and evaluated on the Proxmox production Virtualization Environment testbed, adding High Availability capabilities to the Controller. The evaluation results show that it promptly detects several types of DDoS attacks and mitigates their negative impact on network performance. Moreover, it also shows good results on Quality of Service (QoS) parameters such as average packet loss about 0 %, average latency about 0.8 ms, and average bitrate about 860 Mbit/s.


Download data is not yet available.


A. P. Utomo, I. Winarno, and I. Syarif, “Towards a Resilient Server with an external VMI in the Virtualization Environment,” Emit. Int. J. Eng. Technol., vol. 8, no. 1, pp. 49–66, Jun. 2020, doi: 10.24003/emitter.v8i1.468. DOI:

Q. Yan and F. R. Yu, “Distributed denial of service attacks in software-defined networking with cloud computing,” IEEE Commun. Mag., vol. 53, no. 4, pp. 52–59, Apr. 2015, doi: 10.1109/MCOM.2015.7081075. DOI:

M. Hao, “2020 Mid-Year DDoS Attack Landscape Report-3,” NSFOCUSGLOBAL, 3, Aug. 2020.

P. Manso, J. Moura, and C. Serrão, “SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks,” Information, vol. 10, no. 3, p. 106, Mar. 2019, doi: 10.3390/info10030106. DOI:

S. Badotra and S. N. Panda, “SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking,” Clust. Comput., May 2020, doi: 10.1007/s10586-020-03133-y. DOI:

Maxli Campos and J. S. B. Martins, “A Sdn-Based Flexible System For On-The-Fly Monitoring And Treatment Of Security Events,” Jan. 2017, doi: 10.5281/ZENODO.1291094.

Po-Wen Chi∗, Chien-Ting Kuo∗†, and He-Ming Ruan∗, “An AMI Threat Detection Mechanism Based on SDN Networks,” Secur. 2014 Eighth Int. Conf. Emerg. Secur. Inf. Syst. Technol., no. 8, p. 208, 2014.

A. Yazdinejadna, R. M. Parizi, A. Dehghantanha, and M. S. Khan, “A kangaroo-based intrusion detection system on software-defined networks,” Comput. Netw., vol. 184, p. 107688, Jan. 2021, doi: 10.1016/j.comnet.2020.107688. DOI:

M. A. Lopez, D. M. Ferrazani Mattos, and O. C. M. B. Duarte, “An elastic intrusion detection system for software networks,” Ann. Telecommun., vol. 71, no. 11–12, pp. 595–605, Dec. 2016, doi: 10.1007/s12243-016-0506-y. DOI:

P. M. Ombase, S. T. Bagade, N. P. Kulkarni, and A. V. Mhaisgawali, “DoS Attack Mitigation Using Rule Based and Anomaly Based Techniques in Software Defined Networking,” p. 7, 2017. DOI:

S. Wang et al., “SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks,” in NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Apr. 2018, pp. 1–5. doi: 10.1109/NOMS.2018.8406196. DOI:

N. I. G. Dharma, M. F. Muthohar, J. D. A. Prayuda, K. Priagung, and D. Choi, “Time-based DDoS detection and mitigation for SDN controller,” in 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), Busan, South Korea, Aug. 2015, pp. 550–553. doi: 10.1109/APNOMS.2015.7275389. DOI:

M. Latah and L. Toker, “A novel intelligent approach for detecting DoS flooding attacks in software-defined networks,” Int. J. Adv. Intell. Inform., vol. 4, no. 1, p. 11, Mar. 2018, doi: 10.26555/ijain.v4i1.138. DOI:

I. Sumantra and S. Indira Gandhi, “DDoS attack Detection and Mitigation in Software Defined Networks,” in 2020 International Conference on System, Computation, Automation and Networking (ICSCAN), Pondicherry, India, Jul. 2020, pp. 1–5. doi: 10.1109/ICSCAN49426.2020.9262408. DOI:

S. Usman, I. Winarno, and A. Sudarsono, “Implementation of SDN-based IDS to protect Virtualization Server against HTTP DoS attacks,” in 2020 International Electronics Symposium (IES), 2020, pp. 195–198. DOI:

A. Leal, J. F. Botero, and E. Jacob, “Improving Early Attack Detection in Networks with sFlow and SDN,” in Applied Computer Sciences in Engineering, vol. 916, J. C. Figueroa-García, J. G. Villegas, J. R. Orozco-Arroyave, and P. A. Maya Duque, Eds. Cham: Springer International Publishing, 2018, pp. 323–335. doi: 10.1007/978-3-030-00353-1_29. DOI:

How to Cite
Usman, S., Winarno, I., & Sudarsono, A. (2021). SDN-Based Network Intrusion Detection as DDoS defense system for Virtualization Environment. EMITTER International Journal of Engineering Technology, 9(2), 252-267.