Software-defined Networking (SDN) is a transformative approach for addressing the limitations of legacy networks due to decoupling of control planes from data planes. It offers increased programmability and flexibility for designing of cloud-based data centers. SDN-Enabled cloud data centers help in managing the huge traffic very effectively and efficiently. However, the security of SDN-Enabled Cloud data centers against different attacks is a key concern for cloud security professionals. Distributed Denial of Service Attacks have emerged as one of the most devastating attacks that constantly worried the entire cloud security research community. To prelude this, it is pertinent to fundamentally focus on classification of these attacks and their defence strategies in an effective way which has been the basis of this research paper. The aim of this paper is to formulate and conceptualize the taxonomies of DDoS attacks and its Défense mechanisms. Improved taxonomy of DDoS attacks highlights the various vulnerable points of vulnerability in SDN-enabled cloud architecture. Additionally, a taxonomy of defence mechanisms offers an extensive survey of recent techniques for detecting and mitigating DDoS attacks in the SDN-enabled cloud environment. Finally, we discuss the open research issues and challenges for the cloud security research community for carrying out future research and investigation.

中文翻译：

---

支持 SDN 的云中的 DDoS 攻击和防御机制：分类、审查和研究挑战


软件定义网络 (SDN) 是一种变革性方法，用于解决由于控制平面与数据平面解耦而导致的传统网络的局限性。它为基于云的数据中心的设计提供了更高的可编程性和灵活性。支持 SDN 的云数据中心有助于非常有效和高效地管理巨大的流量。然而，支持SDN的云数据中心针对不同攻击的安全性是云安全专业人士关注的一个关键问题。分布式拒绝服务攻击已成为最具破坏性的攻击之一，一直令整个云安全研究社区担忧。为此，有必要从根本上关注这些攻击的分类及其有效的防御策略，这也是本研究论文的基础。本文的目的是制定和概念化 DDoS 攻击的分类法及其防御机制。改进的 DDoS 攻击分类突出了支持 SDN 的云架构中的各种漏洞点。此外，防御机制的分类提供了对在支持 SDN 的云环境中检测和缓解 DDoS 攻击的最新技术的广泛调查。最后，我们讨论了云安全研究社区开展未来研究和调查的开放研究问题和挑战。