BWManager: Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction

Tao Wang, Zehua Guo, Hongchang Chen, Wei Liu

Research output: Contribution to journalArticlepeer-review

11 Scopus citations


Software-defined networking (SDN) has emerged as a new networking paradigm that can provide fine-grained network management service. Since the SDN controller makes control decision for the network, it becomes the main target of denial of service (DoS) attacks. In this paper, we propose BWManager to mitigate.. which mainly consists mitigate the DoS attacks on the SDN controller with BWManager that mainly consists of four key components: 1) simplified DoS detection module; 2) forecasting engine; 3) priority manager; and 4) scheduler. The simplified DoS detection module calculates a comprehensive judgment score for each switch, which indicates the attacking severity of each switch and is used to decide time slice allocation of the controller. The forecasting engine is the basis of the controller scheduling method and forecasts the bandwidth consumption of users to determine the users' trust values. The trust values are used by the priority manager to manage multiple buffer queues with different priorities for the users. The scheduler protects the controller and the normal users under DoS attacks by running a weighted Round-Robin algorithm to process flow requests in different priority queues. We evaluate the performance and overhead of BWManager in both hardware and software OpenFlow environments. The results demonstrate that BWManager is effective with a limited overhead.

Original languageEnglish (US)
Article number8480449
Pages (from-to)1235-1248
Number of pages14
JournalIEEE Transactions on Network and Service Management
Issue number4
StatePublished - Dec 2018

Bibliographical note

Funding Information:
Manuscript received April 14, 2018; revised July 30, 2018 and September 22, 2018; accepted September 28, 2018. Date of publication October 3, 2018; date of current version December 10, 2018. This work is partly supported by the National Key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101) and the National Natural Science Fund for Creative Research Groups Project(No.61521003). The associate editor coordinating the review of this paper and approving it for publication was S. Scott-Hayward. (Corresponding author: Zehua Guo.) T. Wang and H. Chen are with National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002, China.


  • DoS attacks
  • OpenFlow
  • SDN
  • controller scheduling method
  • priority queue
  • time slice allocation

Fingerprint Dive into the research topics of 'BWManager: Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction'. Together they form a unique fingerprint.

Cite this