A node joining any Internet Protocol version 6 (IPv6) network is susceptible to Denial of Service (DoS) attack in the Duplicate Address Detection (DAD) phase of the IP address assignment process. A lot of research work is being carried out to mitigate this form of DoS attack. However, available approaches require changes in the Neighbor Discovery Protocol (NDP) and/or lead to increased computational and configuration overheads/complexity on each client. In this paper, we present a central

more »

... r approach to detect and mitigate DoS attacks on DAD in Software Defined Network (SDN) controlled wired IPv6 networks. Advantages of this approach over other approaches are its simplicity and zero modification requirements to the NDP. The proposed approach has been simulated on a Mininet emulator configured for SDN using RYU controller and is observed to achieve the desired results. The effectiveness of the proposed scheme in handling DAD DoS attacks is also presented in the paper. The results show that this scheme introduces a delay of the order of 0.34 seconds in the DAD process which is a good trade-off for providing DoS attack protection.