Recent years witnessed a surge in network traffic due to the emergence of new online services, causing periodic saturation and complexity problems. Additionally, the growing number of IoT devices further compounds the problem. Software Defined Network (SDN) is a new architecture which offers innovative advantages that help to reduce saturation problems. Despite its benefits, SDNs not only can be affected by traditional attacks but also introduce new security challenges. In this context, Distributed Denial of Service (DDoS) is one of the most important attacks that can damage an SDN network's normal operation. Furthermore, if these attacks are executed using botnets, they can use thousands of compromised devices to disrupt critical online services. This paper proposes a framework for detecting DDoS attacks generated by a group of botnets in an SDN network. The framework is implemented using open-source tools such as Mininet and OpenDaylight and tested in a centralized network topology using BYOB and SNORT. The results demonstrate real-time attack identification by implementing an intrusion detection mechanism in the victim client. Our proposed solution offers quick and effective detection of DDoS attacks in SDN networks. The framework can successfully differentiate the type of attack with high accuracy in a short time

翻译：近年来，随着新型在线服务的出现，网络流量急剧增长，导致了周期性的网络饱和与复杂性问题。此外，物联网设备数量的不断增加进一步加剧了这一问题。软件定义网络（SDN）作为一种新架构，具有创新性优势，有助于缓解网络饱和问题。尽管有诸多优势，SDN不仅可能受到传统攻击的影响，还引入了新的安全挑战。在此背景下，分布式拒绝服务（DDoS）攻击是能够破坏SDN网络正常运行的最重要攻击之一。此外，若此类攻击借助僵尸网络实施，则可能利用数千台受感染设备破坏关键在线服务。本文提出了一种在SDN网络中检测由僵尸网络群生成的DDoS攻击的框架。该框架使用Mininet和OpenDaylight等开源工具实现，并在采用BYOB和SNORT的集中式网络拓扑中进行了测试。结果表明，通过在受害客户端中部署入侵检测机制，能够实现实时攻击识别。我们提出的解决方案能够快速有效地检测SDN网络中的DDoS攻击，该框架可在短时间内以高准确率成功区分攻击类型。