A comprehensive Software-Defined Networking (SDN) security solution for real-time detection and mitigation of DoS/DDoS attacks using Ryu controller and Mininet.
This project implements an intelligent network security system that monitors network traffic, detects anomalous behavior indicating DoS/DDoS attacks, and automatically applies mitigation strategies. The system achieved 98% detection accuracy through adaptive threshold algorithms and novel topology-aware blocking mechanisms.
- Real-time Traffic Monitoring: Continuous packet analysis using TShark integration
- Adaptive Detection Algorithm: Dynamic threshold adjustment based on network behavior
- Topology-Aware Mitigation: Intelligent blocking strategies that consider network topology
- Web Dashboard: Interactive real-time monitoring interface with live statistics
- Whitelist Protection: Safeguards legitimate traffic during mitigation
- Configurable Thresholds: JSON-based configuration for easy customization
- Comprehensive Logging: Detailed attack logs for analysis and forensics
┌──────────────────────────────────────────────────────────────────────┐
│ Web Dashboard Layer │
│ ┌──────────────┐ ┌─────────────┐ ┌────────────────────────┐ │
│ │ Login UI ───▶ Dashboard ◀─── Real-time Analytics │ │
│ │ (Flask Auth) │ │ (Chart.js) │ │ (SocketIO Streaming) │ │
│ └──────────────┘ └─────────────┘ └────────────────────────┘ │
└───────────────────────────────┬──────────────────────────────────────┘
│ HTTP/WebSocket
│
┌───────────────────────────────▼──────────────────────────────────────┐
│ Flask Web Server Layer │
│ ┌──────────────────────────────────────────────────────────────┐ │
│ │ Flask-SocketIO Event Handler │ │
│ │ • Broadcasts packet stats • Sends attack alerts │ │
│ │ • Pushes topology updates • Streams mitigation logs │ │
│ └──────────────────────────────────────────────────────────────┘ │
└───────────────────────────────┬──────────────────────────────────────┘
│ IPC/Events
│
┌───────────────────────────────▼──────────────────────────────────────┐
│ Ryu SDN Controller Layer │
│ ┌────────────────┐ ┌──────────────────┐ ┌───────────────────┐ │
│ │ Packet Monitor │─▶│ Detection Engine │─▶│ Mitigation Module│ │
│ │ (TShark) │ │ • Adaptive │ │ • Flow blocking │ │
│ │ │ │ thresholds │ │ • Topology-aware │ │
│ │ │ │ • Pattern │ │ • Whitelist check │ │
│ │ │ │ analysis │ │ │ │
│ └────────────────┘ └──────────────────┘ └───────────────────┘ │
│ │ │ │ │
│ └───────────────────┴──────────────────────┘ │
│ │ │
│ ┌────────▼────────┐ │
│ │ Config Loader │ │
│ │ (config.json) │ │
│ └─────────────────┘ │
└───────────────────────────────┬──────────────────────────────────────┘
│ OpenFlow Protocol
│
┌───────────────────────────────▼──────────────────────────────────────┐
│ Mininet Network Layer │
│ │
│ ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ │
│ │ SW │───│ SW │───│ SW │───│ SW │─── | SW | │
│ │ s1 │ │ s2 │ │ s3 │ │ s4 │ | s5 | │
│ └──────┘ └──────┘ └──────┘ └──────┘ └──────┘ │
│ │ | | | | │
│ └────────────────────────────────────────────┘ │
│ │ │
│ ┌──────▼──────┐ │
│ │ Attack │ │
│ │ Simulator │ │
│ └─────────────┘ │
└──────────────────────────────────────────────────────────────────────┘
Data Flow & Communication
┌─────────────────────────────────────────────────────┐
│ 1. Network Traffic → Ryu Controller │
│ 2. Detection Engine → Mitigation Module │
│ 3. Flow Rules → OpenFlow → Mininet Switches │
│ 4. Stats & Alerts → SocketIO → Web Dashboard │
└─────────────────────────────────────────────────────┘
- Python: 3.8 or higher
- Mininet: 2.3.0+
- Ryu Controller: 4.34+
- Glances: Latest version
- Operating System: Linux (Ubuntu 20.04+ recommended)
git clone https://github.com/deedi80/SDN-DoS-DDoS-Security.git
cd SDN-DoS-DDoS-Security# Download and Install Mininet
https://mininet.org/download/
# Install Ryu Controller
pip install ryu
# Install Flask - for Dashboard
pip install flask flask-socketio eventlet
# Install Glances - for Host Metrics
pip install glancesEdit configuration files as needed:
controller/config.json- Controller settings and thresholdstopology/topology_config.json- Network topology configurationtopology/attack_config.json- Attack simulation parameters
1. Launch the Ryu Controller
cd controller
sudo ryu-manager controllerApp.py2. Create the Network Topology (in a new terminal)
cd topology
sudo python topology.py4. Access the Dashboard
Navigate to http://localhost:8088 in your web browser
Default credentials:
- Username:
user - Password:
user
The system includes configurable attack scenarios in topology/attack_config.json. Modify parameters to simulate different attack intensities and patterns.
- Real-time Packet Flow: Live visualization of network traffic
- Attack Detection Alerts: Instant notifications when attacks are detected
- Network Statistics: Current packet rates, bandwidth utilization
- Topology Visualization: Network structure and flow paths
- Mitigation Status: Active blocking rules and protected hosts
- Define detection thresholds, whitelist entries
Define your network structure with hosts, switches, and links.
SDN-Security-Project/
│
├── controller/ # Ryu controller implementation
│ ├── controllerApp.py # Main controller logic
│ ├── config.json # Configuration settings
│ └── logs/ # Attack and event logs
│
├── topology/ # Network topology setup
│ ├── topology.py # Mininet topology definition
│ ├── attack_config.json # Attack simulation config
│ └── topology_config.json # Network structure config
│
└── dashboard/ # Web-based monitoring interface
├── web_server.py # Flask application
├── templates/ # HTML templates
│ ├── dashboard.html # Main dashboard
│ └── login.html # Login page
└── static/ # Static assets
├── css/ # Stylesheets
├── js/ # JavaScript (Chart.js, SocketIO)
└── icons/ # UI icons
- Advanced Computer Networks & Network Security
- Detection Algorithm: Adaptive threshold mechanism with 98% accuracy
- Real-time Processing: Flask-SocketIO for live data streaming
- Network Analysis: TShark integration for deep packet inspection
- Scalable Design: Modular architecture supporting various network topologies
- Machine learning-based anomaly detection
- Multi-controller support for distributed networks
- Enhanced visualization with network graphs
- Export functionality for attack reports
- API endpoints for external integrations
This project is available for educational and research purposes.
Codo
- Focus: SDN Security, DoS/DDoS Detection & Mitigation
- Ryu SDN Framework community
- Mininet development team
Note: This system is designed for educational and research purposes. Test in a controlled virtual environment.