物聯網透過整合裝置資訊實現智慧家庭或遠距離即時照護等便利服務，各服務的網路需求在第五代行動通訊中可分為大頻寬 (eMBB)、低延遲(URLLC)以及大量裝置(mMTC)接入三大類別，為了滿足此三大需求，軟體定義網路被視為核心技術，其解偶網路控制層與資料層的概念，使得軟體定義網路中的控制器能更全面地掌握網路狀況並即時應對網路問題。

物聯網雖然帶給人類許多便利之處，然而龐大的物聯網裝置數目也為軟體定義網路帶來嚴苛的挑戰，此外物聯網裝置的安全機制尚未成熟，導致近年來針對物聯網裝置的僵屍網路如雨後春筍般地浮現，本論文將分成三個面向探討物聯網於軟體定義網路中的安全議題，首先是如何防止轉送表溢出造成過高的網路延遲，第二是如何有效阻止僵屍網路的迅速擴散，最後是如何避免軟體定義網路因攻擊而癱瘓。

由於交換機中的轉送表空間有限，攻擊者可以利用大量的偽造封包使得轉送表溢出，因而造成高延遲或封包丟失等狀況，本論文提出兩套流量週期性偵測演算法 (稱為 PSPFIM 及 DAPFIM)，該算法可偵測毫秒等級之流量週期，以此優化轉送表的利用率，並減緩轉送表溢出造成的高延遲問題，此外由於僵屍網路大多透過網路掃描尋找感染目標，本論文針對網路掃描行為提出兩套高效率的資料蒐集方法 (稱為 0-Replacement 及 E-Replacement)，它們能將相對正常的流量資訊替換為較可疑的流量資訊，使得交換機在相同的記憶體花費下，蒐集到更多網路掃描行為的相關資訊，進而提升控制器偵測掃描行為的能力，最後為了避免攻擊者將控制器與交換機之間的通訊資源耗盡而癱瘓軟體定義網路，本論文提出以快照地方式 (稱為 SDNSnapshot) 減緩攻擊造成的影響。

針對上述的三種議題，本論文透過模擬實驗來觀察成效，結果顯示 DAPFIM 能偵測毫秒等級之流量週期，且所需的通訊成本相較於相關方法是最低的，因此電信商藉由 DAPFIM 不僅能優化轉送表的利用率，當轉送表因攻擊而溢出時也能減緩高延遲的問題，此外交換機藉由 E-Replacement 所蒐集的流量資訊，在僅花費 4.02Mb 靜態隨機存取記憶體的條件下，便能讓控制器偵測 93.4% 的掃描行為，如此證實了 E-Replacement 減緩僵屍網路擴散的功效，而 SDNSnapshot 能在控制器與交換機的通訊因攻擊而癱瘓時，大幅減緩軟體定義網路受到的衝擊，SDNSnapshot 相比相關方法降低了至少 66% 正常訊息被丟棄的數目。

Internet of Things (IoT) realizes convenient services such as smart home or remote healthcare. The network requirements of the services are classified into three categories in 5G mobile networks: Enhanced Mobile Broadband (eMBB), Ultra Reliable Low Latency Communications (URLLC), and Massive Machine Type Communications (mMTC).
To fulfill the three network requirements, the software-defined network (SDN) is regarded as an indispensable technology.
By decoupling the control plane and the data plane, controllers in SDN have more comprehensive network information to react to problems faster.

Although IoT brings many benefits, the massive number of IoT devices also brings challenges to SDN. Additionally, the security of IoT and SDN is still immature.
In this dissertation, we investigate three security issues in SDN for IoT.
The first is how to prevent high forwarding latency caused by flow table overflow. The second is how to slow down the spread of IoT botnets. The last is how to prevent SDN from being paralyzed by an attacker.

Given the size of flow tables in switches is limited, attackers can overflow flow tables by sending massive fake packets. Flow table overflow results in problems including high forwarding latency or severe packet loss. Therefore, we propose PSPFIM and DAPFIM to optimize the flow table utilization and mitigate the impact of flow table overflow by detecting the transmission periods of IoT traffic.
Given that IoT botnets typically scan over a network to find targets, we propose 0-Replacement and E-Replacement to collect scanner network statistics with limited memory resources. By replacing normal data with suspicious data, 0-Replacement and E-Replacement help a detector to identify more scanners.
To prevent SDN from being paralyzed due to the exhaustion of communication resources between controllers and switches, we propose SDNSnapshot to mitigate the impact of attacks.

We evaluate the performances in the aforementioned three issues through simulations. The results show that DAPFIM enables a controller to detect transmission periods shorter than one second with the lowest communication overhead compared to related work. Furthermore, E-Replacement enables a controller to detect around 93.4% scanners in a class B network by consuming only 4.02Mb SRAM in a switch. Finally, SDNSnapshot reduces the number of dropped benign packet-in messages by at least 66% compared to related work when SDN is paralyzed by an attacker.

[1] S. Henry, A. Alsohaily, and E. S. Sousa, "5g is real: Evaluating the compliance of the 3gpp 5g new radio system with the itu imt-2020 requirements," IEEE Access, vol. 8, pp. 42828-42840, 2020.
[2] N. Varsier, L.-A. Dufrène, M. Dumay, Q. Lampin, and J. Schwoerer, "A 5g new radio for balanced and mixed iot use cases: Challenges and key enablers in fr1 band," IEEE Communications Magazine, vol. 59, no. 4, pp. 82-87, 2021.
[3] N. H. Mahmood, N. Pratas, T. Jacobsen, and P. Mogensen, "On the performance of one stage massive random access protocols in 5g systems," in 2016 9th International Symposium on Turbo Codes and Iterative Information Processing (ISTC), pp. 340-344, 2016.
[4] S. Al-Sarawi, M. Anbar, R. Abdullah, and A. B. Al Hawari, "Internet of things market analysis forecasts, 2020–2030," in 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), pp. 449-453, 2020.
[5] D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, "Software-defined networking: A comprehensive survey," Proceedings of the IEEE, vol. 103, no. 1, pp. 14-76, 2015.
[6] S. Jouet, R. Cziva, and D. P. Pezaros, "Arbitrary packet matching in openflow," in 2015 IEEE 16th International Conference on High Performance Switching and Routing (HPSR), pp. 1-6, 2015.
[7] R. Braga, E. Mota, and A. Passito, "Lightweight ddos flooding attack detection using nox/openflow," in IEEE Local Computer Network Conference, pp. 408-415, 2010.
[8] K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, "Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments," Computer Networks, vol. 62, pp. 122-136, 2014.
[9] N. McKeown and J. Rexford, "Clarifying the differences between p4 and openflow." https://opennetworking.org/news-and-events/blog/clarifying-the-differences-between-p4-and-openflow, 2016.
[10] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese, and D. Walker, "P4: Programming protocol-independent packet processors," SIGCOMM Comput. Commun. Rev., vol. 44, p. 87–95, July 2014.
[11] The P4.org Architecture Working Group, "P4-16 portable switch architecture (psa)." https://opennetworking.org/wp-content/uploads/2020/10/P416-Portable-Switch-Architecture-PSA.html, 2020.
[12] J. Heinanen and R. Guerin, "Rfc 2698 - a two rate three color marker," tech. rep., RFC Editor, 1999.
[13] Pica8, "Flow scalability per broadcom chipset." https://docs.pica8.com/display/picos2102cg/Flow+Scalability+per+Broadcom+Chipset, 2018.
[14] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou, "Understanding the mirai botnet," in 26th USENIX Security Symposium (USENIX Security 17), (Vancouver, BC), pp. 1093-1110, USENIX Association, Aug. 2017.
[15] J. Xu, L. Wang, and Z. Xu, "An enhanced saturation attack and its mitigation mechanism in software-defined networking," Computer Networks, vol. 169, p. 107092, 2020.
[16] A. Holst, "Number of internet of things (iot) connected devices worldwide from 2019 to 2030." https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/, 2021.
[17] X.-N. Nguyen, D. Saucez, C. Barakat, and T. Turletti, "Rules placement problem in openflow networks: A survey," IEEE Communications Surveys Tutorials, vol. 18, no. 2, pp. 1273-1286, 2016.
[18] J. Ali, S. Lee, and B.-h. Roh, "Performance analysis of pox and ryu with different sdn topologies," in Proceedings of the 2018 International Conference on Information Science and System, ICISS '18, (New York, NY, USA), p. 244–249, Association for Computing Machinery, 2018.
[19] J. Ali, S. Lee, and B.-h. Roh, "Performance analysis of pox and ryu with different sdn topologies," in Proceedings of the 2018 International Conference on Information Science and System, ICISS '18, (New York, NY, USA), p. 244–249, Association for Computing Machinery, 2018.
[20] P. Schulz, M. Matthe, H. Klessig, M. Simsek, G. Fettweis, J. Ansari, S. A. Ashraf, B. Almeroth, J. Voigt, I. Riedel, A. Puschmann, A. Mitschele-Thiel, M. Muller, T. Elste, and M. Windisch, "Latency critical iot applications in 5g: Perspective on the design of radio interface and network architecture," IEEE Communications Magazine, vol. 55, no. 2, pp. 70-78, 2017.
[21] X. Wen, B. Yang, Y. Chen, L. E. Li, K. Bu, P. Zheng, Y. Yang, and C. Hu, "Ruletris: Minimizing rule update latency for tcam-based sdn switches," in 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pp. 179-188, 2016.
[22] S. Shirali-Shahreza and Y. Ganjali, "Delayed installation and expedited eviction: An alternative approach to reduce flow table occupancy in sdn switches," IEEE/ACM Transactions on Networking, vol. 26, no. 4, pp. 1547-1561, 2018.
[23] A. Zarek, Y. Ganjali, and D. Lie, "Openflow timeouts demystified," Univ. of Toronto, Toronto, Ontario, Canada, 2012.
[24] E.-D. Kim, S.-I. Lee, Y. Choi, M.-K. Shin, and H.-J. Kim, "A flow entry management scheme for reducing controller overhead," in 16th International Conference on Advanced Communication Technology, pp. 754-757, 2014.
[25] C.-H. He, B. Y. Chang, S. Chakraborty, C. Chen, and L. C. Wang, "A zero flow entry expiration timeout p4 switch," in Proceedings of the Symposium on SDN Research, SOSR '18, (New York, NY, USA), Association for Computing Machinery, 2018.
[26] R. Ying, W.-K. Jia, Y. Zheng, and Y. Wu, "Fast invalid tcp flow removal scheme for improving sdn scalability," in 2019 16th IEEE Annual Consumer Communications Networking Conference (CCNC), pp. 1-5, 2019.
[27] C. Bormann, A. P. Castellani, and Z. Shelby, "Coap: An application protocol for billions of tiny internet nodes," IEEE Internet Computing, vol. 16, no. 2, pp. 62-67, 2012.
[28] A. Sivanathan, H. H. Gharakheili, F. Loi, A. Radford, C. Wijenayake, A. Vishwanath, and V. Sivaraman, "Classifying iot devices in smart environments using network traffic characteristics," IEEE Transactions on Mobile Computing, vol. 18, no. 8, pp. 1745-1759, 2019.
[29] M. Laner, N. Nikaein, P. Svoboda, M. Popovic, D. Drajic, and S. Krco, "Traffic models for machine-to-machine (m2m) communications: types and applications," in Machine-to-machine (M2M) Communications (C. Antón-Haro and M. Dohler, eds.), pp. 133-154, Oxford: Woodhead Publishing, 2015.
[30] V. Gupta, S. K. Devar, N. H. Kumar, and K. P. Bagadi, "Modelling of iot traffic and its impact on lorawan," in GLOBECOM 2017 - 2017 IEEE Global Communications Conference, pp. 1-6, 2017.
[31] P. Bull, R. Austin, and M. Sharma, "Pre-emptive flow installation for internet of things devices within software defined networks," in 2015 3rd International Conference on Future Internet of Things and Cloud, pp. 124-130, 2015.
[32] L. Sanabria-Russo, J. Alonso-Zarate, and C. Verikoukis, "Sdn-based pro-active flow installation mechanism for delay reduction in iot," in 2018 IEEE Global Communications Conference (GLOBECOM), pp. 1-6, 2018.
[33] T. Motzkin, "The euclidean algorithm," Bulletin of the American Mathematical Society, vol. 55, pp. 1142-1146, 1949.
[34] Jmmurillo, "How to find the approximate basic period or gcd of a list of numbers?." https://math.stackexchange.com/q/914288, 2017.
[35] R. Jurdi, S. R. Khosravirad, H. Viswanathan, J. G. Andrews, and R. W. Heath, "Outage of periodic downlink wireless networks with hard deadlines," IEEE Transactions on Communications, vol. 67, no. 2, pp. 1238-1253, 2019.
[36] O. Chum and J. Matas, "Optimal randomized ransac," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 30, no. 8, pp. 1472-1482, 2008.
[37] N. Abu Ali, E. Ekram, A. Eljasmy, and K. Shuaib, "Measured delay distribution in a wireless mesh network test-bed," in 2008 IEEE/ACS International Conference on Computer Systems and Applications, pp. 236-240, 2008.
[38] Z.-K. Zhang, M. C. Y. Cho, C.-W. Wang, C.-W. Hsu, C.-K. Chen, and S. Shieh, "Iot security: Ongoing challenges and research opportunities," in 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, pp. 230-234, 2014.
[39] I. Farris, T. Taleb, Y. Khettab, and J. Song, "A survey on emerging sdn and nfv security mechanisms for iot systems," IEEE Communications Surveys Tutorials, vol. 21, no. 1, pp. 812-837, 2019.
[40] K. Angrishi, "Turning internet of things(iot) into internet of vulnerabilities (iov) : Iot botnets," 2017.
[41] P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Computers Security, vol. 28, no. 1, pp. 18-28, 2009.
[42] N. B. Amor, S. Benferhat, and Z. Elouedi, "Naive bayes vs decision trees in intrusion detection systems," in Proceedings of the 2004 ACM Symposium on Applied Computing, SAC '04, (New York, NY, USA), p. 420–424, Association for Computing Machinery, 2004.
[43] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, "Statistical approaches to ddos attack detection and response," in Proceedings DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303-314 vol.1, 2003.
[44] A. C. Lapolli, J. Adilson Marques, and L. P. Gaspary, "Offloading real-time ddos attack detection to programmable data planes," in 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 19-27, 2019.
[45] F. Paolucci, F. Civerchia, A. Sgambelluri, A. Giorgetti, F. Cugini, and P. Castoldi, "P4 edge node enabling stateful traffic engineering and cyber security," Journal of Optical Communications and Networking, vol. 11, no. 1, pp. A84-A95, 2019.
[46] F. Musumeci, V. Ionata, F. Paolucci, F. Cugini, and M. Tornatore, "Machine-learning-assisted ddos attack detection with p4 language," in ICC 2020 - 2020 IEEE International Conference on Communications (ICC), pp. 1-6, 2020.
[47] C. Estan and G. Varghese, "New directions in traffic measurement and accounting," SIGCOMM Comput. Commun. Rev., vol. 32, p. 323–336, Aug. 2002.
[48] N. Hohn and D. Veitch, "Inverting sampled traffic," IEEE/ACM Transactions on Networking, vol. 14, no. 1, pp. 68-80, 2006.
[49] G. Cormode and S. Muthukrishnan, "An improved data stream summary: the count-min sketch and its applications," Journal of Algorithms, vol. 55, no. 1, pp. 58-75, 2005.
[50] B. Krishnamurthy, S. Sen, Y. Zhang, and Y. Chen, "Sketch-based change detection: Methods, evaluation, and applications," in Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, IMC '03, (New York, NY, USA), p. 234–247, Association for Computing Machinery, 2003.
[51] J. Jung, V. Paxson, A. Berger, and H. Balakrishnan, "Fast portscan detection using sequential hypothesis testing," in IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, pp. 211-225, 2004.
[52] S. E. Schechter, J. Jung, and A. W. Berger, "Fast detection of scanning worm infections," in Recent Advances in Intrusion Detection (E. Jonsson, A. Valdes, and M. Almgren, eds.), (Berlin, Heidelberg), pp. 59-81, Springer Berlin Heidelberg, 2004.
[53] A. Sridharan, T. Ye, and S. Bhattacharyya, "Connectionless port scan detection on the backbone," in 2006 IEEE International Performance Computing and Communications Conference, pp. 10 pp.-576, 2006.
[54] E. Biglar Beigi, H. Hadian Jazi, N. Stakhanova, and A. A. Ghorbani, "Towards effective feature selection in machine learning-based botnet detection approaches," in 2014 IEEE Conference on Communications and Network Security, pp. 247-255, 2014.
[55] V. Sivaraman, S. Narayana, O. Rottenstreich, S. Muthukrishnan, and J. Rexford, "Heavy-hitter detection entirely in the data plane," in Proceedings of the Symposium on SDN Research, SOSR '17, (New York, NY, USA), p. 164–176, Association for Computing Machinery, 2017.
[56] Y.-B. Lin, C.-C. Huang, and S.-C. Tsai, "Sdn soft computing application for detecting heavy hitters," IEEE Transactions on Industrial Informatics, vol. 15, no. 10, pp. 5690-5699, 2019.
[57] T. Kanungo, D. Mount, N. Netanyahu, C. Piatko, R. Silverman, and A. Wu, "An efficient k-means clustering algorithm: analysis and implementation," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 24, no. 7, pp. 881-892, 2002.
[58] Scikit-learn developers, "Scikit-learn k-means documents." https://scikit-learn.org/stable/modules/generated/sklearn.cluster.KMeans.html, 2021.
[59] A. Feldmann, Characteristics of TCP Connection Arrivals, ch. 15, pp. 367-399. John Wiley Sons, Ltd, 2000.
[60] M. Kihl, P. Ödling, C. Lagerstedt, and A. Aurelius, "Traffic analysis and characterization of internet user behavior," in International Congress on Ultra Modern Telecommunications and Control Systems, pp. 224-231, 2010.
[61] M. Yu, L. Jose, and R. Miao, "Software defined traffic measurement with opensketch," in 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13), (Lombard, IL), pp. 29-42, USENIX Association, Apr. 2013.
[62] R. Fontugne, J. Mazel, and K. Fukuda, "An empirical mixture model for large-scale rtt measurements," in 2015 IEEE Conference on Computer Communications (INFOCOM), pp. 2470-2478, 2015.
[63] Cisco, "Monitoring and troubleshooting with cisco prime lan management solution," report, Cisco, California, United States, 2018.
[64] J. Davis and M. Goadrich, "The relationship between precision-recall and roc curves," in Proceedings of the 23rd International Conference on Machine Learning, ICML '06, (New York, NY, USA), p. 233–240, Association for Computing Machinery, 2006.
[65] P. Bosshart, G. Gibb, H.-S. Kim, G. Varghese, N. McKeown, M. Izzard, F. Mujica, and M. Horowitz, "Forwarding metamorphosis: Fast programmable match-action processing in hardware for sdn," in Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM, SIGCOMM '13, (New York, NY, USA), p. 99–110, Association for Computing Machinery, 2013.
[66] M. P. Singh and A. Bhandari, "New-flow based ddos attacks in sdn: Taxonomy, rationales, and research challenges," Computer Communications, vol. 154, pp. 509-527, 2020.
[67] M. Zhang, G. Li, L. Xu, J. Bi, G. Gu, and J. Bai, "Control plane reflection attacks in sdns: New attacks and countermeasures," in Research in Attacks, Intrusions, and Defenses (M. Bailey, T. Holz, M. Stamatogiannakis, and S. Ioannidis, eds.), (Cham), pp. 161-183, Springer International Publishing, 2018.
[68] H. Wang, D. Zhang, and K. G. Shin, "Detecting syn flooding attacks," in Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 1530-1539, 2002.
[69] D. Lee, B. E. Carpenter, and N. Brownlee, "Observations of udp to tcp ratio and port numbers," in 2010 Fifth International Conference on Internet Monitoring and Protection, pp. 99-104, 2010.
[70] S. Fichera, L. Galluccio, S. C. Grancagnolo, G. Morabito, and S. Palazzo, "Operetta: An openflow-based remedy to mitigate tcp synflood attacks against web servers," Computer Networks, vol. 92, pp. 89-100, 2015.
[71] R. Mohammadi, R. Javidan, and M. Conti, "Slicots: An sdn-based lightweight countermeasure for tcp syn flooding attacks," IEEE Transactions on Network and Service Management, vol. 14, no. 2, pp. 487-497, 2017.
[72] R. R. Kompella, S. Singh, and G. Varghese, "On scalable attack detection in the network," in Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, IMC '04, (New York, NY, USA), p. 187–200, Association for Computing Machinery, 2004.
[73] C. Sun, C. Hu, Y. Zhou, X. Xiao, and B. Liu, "A more accurate scheme to detect syn flood attacks," in IEEE INFOCOM Workshops 2009, pp. 1-2, 2009.
[74] I. Dodig, V. Sruk, and D. Cafuta, "Reducing false rate packet recognition using dual counting bloom filter," Telecommunication Systems, vol. 68, pp. 67-78, May 2018.
[75] S. Shin, V. Yegneswaran, P. Porras, and G. Gu, "Avant-guard: Scalable and vigilant switch flow management in software-defined networks," in Proceedings of the 2013 ACM SIGSAC Conference on Computer Communications Security, CCS '13, (New York, NY, USA), p. 413–424, Association for Computing Machinery, 2013.
[76] M. Ambrosin, M. Conti, F. De Gaspari, and R. Poovendran, "Lineswitch: Efficiently managing switch flow in software-defined networking while effectively tackling dos attacks," in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS '15, (New York, NY, USA), p. 639–644, Association for Computing Machinery, 2015.
[77] Y. Afek, A. Bremler-Barr, and L. Shafir, "Network anti-spoofing with sdn data plane," in IEEE INFOCOM 2017 - IEEE Conference on Computer Communications, pp. 1-9, 2017.
[78] S. MAHRACH and A. HAQIQ, "Ddos flooding attack mitigation in software defined networks," International Journal of Advanced Computer Science and Applications, vol. 11, no. 1, 2020.
[79] M. Stusek, K. Zeman, P. Masek, J. Sedova, and J. Hosek, "Iot protocols for low-power massive iot: A communication perspective," in 2019 11th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), pp. 1-7, 2019.
[80] L. Wei and C. Fung, "Flowranger: A request prioritizing algorithm for controller dos attacks in software defined networks," in 2015 IEEE International Conference on Communications (ICC), pp. 5254-5259, 2015.
[81] M. A. Sarwar, M. Hussain, M. U. Anwar, and M. Ahmad, "Flowjustifier: An optimized trust-based request prioritization approach for mitigation of sdn controller ddos attacks in the iot paradigm," in Proceedings of the 3rd International Conference on Future Networks and Distributed Systems, ICFNDS '19, (New York, NY, USA), Association for Computing Machinery, 2019.
[82] H. Wang, L. Xu, and G. Gu, "Floodguard: A dos attack prevention extension in software-defined networks," in 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 239-250, 2015.
[83] G. Shang, P. Zhe, X. Bin, H. Aiqun, and R. Kui, "Flooddefender: Protecting data and control plane resources under sdn-aimed dos attacks," in IEEE INFOCOM 2017 - IEEE Conference on Computer Communications, pp. 1-9, 2017.
[84] S. Deng, X. Gao, Z. Lu, Z. Li, and X. Gao, "Dos vulnerabilities and mitigation strategies in software-defined networks," Journal of Network and Computer Applications, vol. 125, pp. 209-219, 2019.
[85] F. Baker and P. Savola, "Rfc3704: Ingress filtering for multihomed networks," 2004.
[86] J. v. Brakel, "Robust peak detection algorithm using z-scores." https://stackoverflow.com/a/22640362, 2014.
[87] L. Luo, D. Guo, R. T. B. Ma, O. Rottenstreich, and X. Luo, "Optimizing bloom filter: Challenges, solutions, and comparisons," IEEE Communications Surveys Tutorials, vol. 21, no. 2, pp. 1912-1949, 2019.
[88] L. Vu, D. Turaga, and S. Parthasarathy, "Impact of dhcp churn on network characterization," in The 2014 ACM International Conference on Measurement and Modeling of Computer Systems, SIGMETRICS '14, (New York, NY, USA), p. 587–588, Association for Computing Machinery, 2014.
[89] A. Hamza, H. H. Gharakheili, T. A. Benson, and V. Sivaraman, "Detecting volumetric attacks on iot devices via sdn-based monitoring of mud activity," in Proceedings of the 2019 ACM Symposium on SDN Research, SOSR '19, (New York, NY, USA), p. 36–48, Association for Computing Machinery, 2019.
[90] Agustin, Parmisano and Sebastian, Garcia and Maria Jose, Erquiaga, "A labeled dataset with malicious and benign iot network traffic." https://www.stratosphereips.org/datasets-iot23, 2020.
[91] J. Cao, M. Xu, Q. Li, K. Sun, Y. Yang, and J. Zheng, "Disrupting sdn via the data plane: A low-rate flow table overflow attack," in Security and Privacy in Communication Networks (X. Lin, A. Ghorbani, K. Ren, S. Zhu, and A. Zhang, eds.), (Cham), pp. 356-376, Springer International Publishing, 2018.