Software-defined networking (SDN) is an approach in the network that provides many advantages with the help of separating the intelligence of the network (controller) with the underlying network infrastructure (data plane). But this isolation also gives birth to many security concerns; therefore, the need to protect the network from various attacks is becoming mandatory. Distributed Denial of Service (DDoS) in SDN is one such attack that is becoming a hurdle to its growth. Before the mitigation of DDoS attacks, the primary step is to detect them. In this paper, an early DDoS detection tool is created by using SNORT IDS (Intrusion Detection System). This tool is integrated with popularly used SDN controllers (Opendaylight and Open Networking Operating System). For the experimental setup, five different network scenarios are considered. In each scenario number of hosts, switches and data packets vary. For the creation of different hosts, switches the Mininet emulation tool is used whereas for generating the data packets four different penetration tools such as Hping3, Nping, Xerxes, Tor Hammer, LOIC are used. The generated data packets are ranging from (50,000 per second–2,50,000 per second) and the number of hosts/switches are ranging from (50–250) in every scenario respectively. The data traffic is bombarded towards the controllers and the evaluation of these packets is achieved by making use of Wireshark. The analysis of our DDoS detection system is performed on the basis of various parameters such as time to detect the DDoS attack, Round Trip Time (RTT), percentage of packet loss and type of DDoS attack. It is found that ODL takes minimum time to detect the successful DDoS attack and more time to go down than ONOS. Our tool ensures the timely detection of fast DDoS attacks which delivers the better performance of the SDN controller and not compromising the overall functionality of the entire network.

软件定义网络（SDN）是网络中的一种方法，通过将网络（控制器）的智能与底层网络基础结构（数据平面）分离，可以提供许多优势。但是这种隔离也带来了许多安全问题。因此，保护​​网络免受各种攻击的需求变得迫在眉睫。SDN中的分布式拒绝服务（DDoS）就是这种攻击之一，正成为其发展的障碍。在缓解DDoS攻击之前，首要步骤是检测它们。本文使用SNORT IDS（入侵检测系统）创建了一种早期的DDoS检测工具。该工具与流行的SDN控制器（Opendaylight和开放式网络操作系统）集成在一起。对于实验设置，考虑了五个不同的网络方案。在每种情况下，主机，交换机和数据包的数量都不同。为了创建不同的主机，使用Mininet仿真工具进行交换机，而为了生成数据包，使用了四个不同的渗透工具，例如Hping3，Nping，Xerxes，Tor Hammer，LOIC。在每种情况下，生成的数据包的范围分别为（50,000每秒– 250,000每秒），主机/交换机的数量分别为（50–250）。数据流量被冲向控制器，这些数据包的评估是通过使用Wireshark实现的。我们对DDoS检测系统的分析是基于各种参数进行的，例如检测DDoS攻击的时间，往返时间（RTT），丢包百分比和DDoS攻击的类型。发现ODL比ONOS花费最少的时间来检测成功的DDoS攻击，并且花费更多的时间进行故障检测。我们的工具可确保及时检测到快速的DDoS攻击，从而提供SDN控制器更好的性能，并且不会损害整个网络的整体功能。