Distributed Denial of Service (DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking (SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDoS attack. In this paper, we first provide some SDN⁃supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN⁃self DDoS threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.
software defined networks; SDN security; DDoS; detection method; defense mechanism