This study evaluates internet control message protocol (ICMP) flood detection and mitigation in software-defined networks (SDN) using an SDN architecture with sFlow-RT for real-time traffic monitoring. OpenFlow switches and sFlow agents detect malicious patterns, following the prepare, plan, design, implement, operate, optimize (PPDIOO) methodology. Unlike prior approaches, this system leverages SDN programmability and sFlow-RT’s real-time analytics to reduce ICMP packets from 311,130.2 to 99 and latency by 80%, outperforming traditional methods in speed and responsiveness. It ensures network availability, with practical benefits for large-scale networks like internet service providers (ISPs). However, sFlow sampling rates may affect accuracy in high-speed networks, and a single OpenDaylight (ODL) controller limits generalizability. Future work should test alternative controllers and extend to other DDoS types like user datagram protocol (UDP) floods in diverse topologies.

internet control message protocol flood; network security; openflow; software-defined networks; sflow-rt;