Location-Aware SDN-IDPS Framework for Real-Time DoS Mitigation in Vehicular Networks

Integrating Software-Defined Networking (SDN) to enhance mobility management in Vehicular Ad Hoc Networks (VANETs) comes with an additional critical risk. Because centralized controllers are single points of failure, they create the risk that the network will be subject to denial-of-service (DoS) attacks during handovers. Most Intrusion Detection and Prevention systems (IDPSs) do not adequately address these risks because they are topology-blind and have excessive processing layers. This article presents a novel Location-Aware SDN-IDPS Framework that employs a hierarchical defense approach to protect vehicular networks against volumetric attacks. This two-plane system operates with the first tier, which uses dynamic host-location mappings to drop spoofed traffic at the switch level (data plane). In contrast, the second tier analyzes confirmed traffic through a Suricata-based engine to identify and respond to complex flood attack patterns. The experimental results from the Mininet-WiFi testbed show that the system provides a significant improvement over the unprotected state, with controller CPU utilization reduced by up to 18 times (from 9.0% to below 0.5%). In addition, the system provides a 2.3 s guaranteed recovery time, service continuity, successful microsecond-level mitigation time, and a packet delivery ratio (PDR) of 99.73% for legitimate safety messages. In control-plane stress testing, the proposed location-aware logic improved throughput stability by approximately 76.26% compared to the baseline. These findings confirm that offloading anti-spoofing logic to the network edge significantly enhances resilience without compromising performance in safety-critical vehicular environments.