Using FDAD to Prevent DAD Attack in SEcure Neighbor Discovery Protocol

-e SEND uses CGA as its address configurationmethod. CGA binds the IPv6 address withmultiple auxiliary parameters, thereby making the dependency relationship between IPv6 address and host provable, which prevents address embezzlement. Owing to the considerable overhead in CGA parameter verification, the malicious host can use this point to carry out DoS attacks. To prevent DoS, the paper proposes a new duplicate address detection method in an SDN environment called FDAD. Two additional mechanisms are added to the FDAD, namely, query and feedback; messages used by the new mechanisms are also designed. -rough these twomechanisms, on the one hand, the host can query theMAC address of the suspect host to the controller. On the other hand, if the CGA parameter verification fails, the controller will use feedback information to suppress malicious host from its source port in order to prevent subsequent attacks. Experiments show that the CPU overhead of FDAD is much lower than the normal CGAwhen suffering Denial of Service attack.-e increased CPU consumption andmemory overhead of the controller are also within acceptable range, and the network communication overhead is greatly reduced.


Introduction
People use modular approach in dealing with complex problems. In complex network communication, people utilize a hierarchical method to simplify its design and implementation. Regardless of the TCP/IP structure or the OSI structure, both expressed modularity [1]. To simplify the design, each layer employs different independent communication addresses, such as, Internet layer (layer 3) uses IP address as the communication address of the packet, whereas data-link layer (layer 2) utilizes the Media Access Control (MAC) address as its communication address to forward the frame.
A hierarchical network should solve two problems: one is how the network entity obtains its communication address and ensures its uniqueness, and the other one is how to determine the correspondence of communication addresses between layer N+1 and layer N when data are encapsulated and forwarded. For example, when layer 3 encapsulates the data using the IP address and forwards it to data-link layer, (i) Send a reply to host A, declaring that the address has been occupied (ii) Perform a DAD, and the target address is the same as host A wants to use Both of these attacks can cause host A to believe that IPx was occupied, and it should choose other addresses and repeat DAD. If the attack of malicious hosts persists, then victim host A will have no address to use.
Although IPv6 recommends using Internet Protocol Security (IPSec) to fully protect IPv6 messages, the chickenand-egg problem is bothersome when IPSec is employed to protect NDP messages [5]. IPsec should establish a point to point Security Association (SA) before security communication. However, the neighbor discovery process should be completed before SA is set up. erefore, IPsec cannot be used to protect NDP [6]. In this regard, IETF proposes SEcure Neighbor Discovery (SEND) as an enhancement for NDP. SEND uses four options, namely, Cryptographically Generated Address (CGA), Timestamp, Signature, and Nonce to prevent IPv6 address embezzlement [7]. Even so, DoS attack still bothers SEND [8].
In order to improve the security of DAD, we propose a new method which is called Feedback Duplicate Address Detection (FDAD). FDAD's query and feedback mechanisms have the ability to record information of Neighbor Solicitation (NS) and Neighbor Advertisement (NA) in DAD process and thus make DAD process stateful. e node can use its computing ability to identify the NA with forge CGA parameters, and then feedback the results to the FDAD-Server. ese will make controller have ability to inhibit malicious NA from the entrance, thereby preventing DoS attacks. Section 2 introduces the DoS principle in DAD and related research. Section 3 introduces the principle of feedback mechanism and shows the FDAD workflow through an instance. Section 4 is the experiment and result analysis; Section 5 summarizes the article.

Related Works
To prevent address deception, the Internet Engineering Task Force (IETF) proposed SEND. To enhance NDP, SEND uses CGA [9,10], digital signature, and timestamp to protect NDP messages and to prevent IP address embezzlement.
CGA is a unique address format for SEND, and its generation method has two steps: first is to find an appropriate Modifier through multiple times hash operations on public key, zero bit, Modifier, and extension field resulting in hahs2; second is to create a hash operation on Modifier, Collision Count, public key, and extension field leading to hash1; the left 64 bits of 160 bit hash1 is then combined with Security Level (Sec) and other parameters to form the final CGA address. e CGA calculation process is presented in Figure 2.
Although SEND uses complex security technologies, some problems still exist. First, the CGA computation and verification process requires a lot of CPU resources. Second, additional options expand the NDP message and increase communication overhead. ird, CGA generation time is related to the Sec bit, in which the larger the Sec value is, the longer the time is. Furthermore, when a new address is generated, DAD is still necessary.
In view of the aforementioned issues, Alsa'deh et al. [11] proposed stopping time algorithm for CGA process, which limits time consumption on CGA, and an appropriate Sec value is obtained by determining the upper limit of resource, to ensure that the CGA address is generated within a specified time. Rafiee et al. [12] indicated a parallel computing algorithm by using a multicore processor to shorten CGA computing time. Cheneau et al. [13] suggested using Elliptic Curve Cryptography (ECC) key and ECDSA to replace the RSA key and corresponding signature algorithm in order to reduce CGA computing time, but the same security can be achieved. Due to the ECC's key is shorter, so the NDP message generated is smaller. Qadir and Umar Siddiqi [14] make a performance evaluation of the deployments of CGA in mobile environment, and it shows that, in addition to the Sec field should not be greater than 0, the choice of public key is also crucial.
Su et al. [15] added a high-performance server in LAN for key computing, and it is recommended to use Dynamic Host Configuration Protocol (DHCP) server to manage CGA. e DHCP protocol is improved so that CGA parameters can be broadcasted in the network. When a host needs to compute CGA, the computing process is handed over to the DHCP server for completion. Certainly, this makes the DHCP server single point of failure. CS-CGA recommends using ECC instead of RSA to speed up calculation, and subnet prefix is also encrypted to counter the spatiotemporal balance algorithm [16]; however, this undoubtedly has a negative impact on routing and forwarding. Reshmi and Murugan [17] used the entropy of system state to generate Interface IDentifier (IID), which overcomes the centralized computation of CGA, reduces address calculation time, and prevents privacy leakage.
Owing to technical and cost reasons, most operating systems and communication device vendors have only implemented the partial function of SEND. us, the SEND protocol still has abundant work to complete from actual deployment [18,19]. e CGA verification process is described in Figure 3  In theory, CGA can effectively prevent address deception. e one-way feature of the hash function means that, for a given y, finding an x to satisfy equation hash(x) � y is computationally infeasible [20]. erefore, malicious hosts cannot embezzle other hosts' address by forgery parameters; simultaneously, digital signatures further increase deception difficulty. However, a host should complete verification whether CGA parameters are right or not. erefore, a malicious host can send numerous NA with false CGA parameters to consume the computing resources of a victim, forming DoS [21]. us, the manners in which DoS attacks are prevented and host CPU overhead is reduced to remain a major challenge for SEND.

FDAD
In traditional Ethernet, solving Denial of Service (DoS) attacks in the DAD process is difficult due to the equivalence between hosts and incompleteness of knowledge with single host [22]. However, the emergence and development of Software Defined Network (SDN) have injected new vitality into modern network. e characteristics of its forwarding and control separation and programmability provide new ideas for solving the network problem [23][24][25][26], such as the NDP message authentication scheme in SDN environment [27]. In SEND, network device has no ability to distinguish NA which is constructed by malicious host using false CGA parameters, but the host has the ability to distinguish them by hash calculation; therefore, we propose FDAD as a solution. In FDAD, the computing-intensive tasks are performed by various hosts, and the control plane prevents DoS attacks from the data plane. e characteristics of FDAD include the following aspects: (i) FDAD designs a feedback mechanism for duplicate address detection in SDN environment, which contained two parts: FDAD-S (FDAD-Server) and FDAD-C (FDAD-Client). (ii) FDAD-C can take advantage of host's computing power to identify malicious message, then feedback to the FDAD-S.

Security and Communication Networks
(iii) FDAD-S can then suppress malicious attacks from the source based on feedback information, thereby avoiding meaningless CGA verification consuming the CPU resources of the host. e architecture of FDAD is shown in Figure 4. It mainly includes four modules: Monitor, Status, FeedBack, and Suppression. e functions of each module are as follows: Monitor module: it includes two functions. On the one hand, it is responsible for initializing switches to monitor NDP messages; on the other hand, it classifies received messages, forwards NDP messages to Feedback module, and forwards OpenFlow statistical messages to Status module. Status module: it is responsible for statistical queries of switch flow tables and forwards the query results that satisfying specific conditions to Feedback module for processing. FeedBack module: it is responsible for maintaining and recording the behavior of DAD process in NDP, initiating MAC address statistics, and sending NDP message suppression rules. To achieve the above functions, it includes four tables: T NS , T NA , T Query , and T FeedBack . Suppression module: it generates flow tables and sends them to the corresponding switches according to the suppression rules generated by Feedback module.
FDAD-C is mainly responsible for CGA validation, MAC query, and feedback in the SEND process of the client.
In the following description, we assume that all the DAD messages include CGA, Signature, Nonce, and Timestamp options and that the network is consisted by OpenFlowenabled switches. To implement FDAD, we designed three new messages: FDAD-Request, FDAD-Reply, and FDAD-Feedback. eir formats are basically the same as that of NDP messages, whereas the differences are as follows: (1) Unlike NS and NA, their ICMPv6 "type" field is 200 (2) ree new options are used, detailed formats are presented in Figure 5, and the descriptions of each field in options are shown in Table 1 3.1. FDAD-S. e FDAD-S is an app running over the SDN controller. In FDAD-S, we added a feedback module to control the FDAD workflow. e feedback module contains four tables: T NS , T NA , T Query , and T Feedback ; their formats are the same as in Tables 2-5, respectively. e T NS table is used to record the NS in the DAD and the T NA table is used to record the NA that corresponds to the NS. e T Query table is utilized to note the query initiated by the hosts that previously sent NS, and it is constrained by the T NS and T NA . e T Feedback table is employed to record the feedback of the host that has carried out DAD before, and it is constrained by the T Query .
FDAD-S monitors the NS and NA messages in the DAD process by the preset flow tables in switch. e processing of different messages is as follows:

Condition 2.
ere is an Entry' in T NS that satisfies Entry'.NS.Tgt � � NA.Tgt.    Delete procedure: if feedback is successful, it means that a NA is malicious; then, first it deletes the entries related to the NA in T Query , then deletes the entries related to the NA in T NA , and finally deletes the entries related to the NA in the T NS .       When the MAC frame is forwarded in Ethernet, the same MAC address will form a forwarding path on multiple switches. If a host uses a new MAC address to communicate, then a new forwarding path will be formed on the switches. Corresponding to the SDN network, if the host adopts a new MAC address, no matter the switch is reactive or proactive, and then it will generate the flow table related to the new MAC address. erefore, we can determine the authenticity of the MAC address by analyzing the generation time of the flow table related to the MAC address. e DAD process of the host in FDAD-C is shown in Figure 6, described as follows: (1) After the host generates a new CGA address, suppose it is CGA X , the host should broadcast NS to carry out DAD and record start time as T1.
(2) Within a specified time (usually 3 seconds), if the host receives an NA responding to the NS, then it will record the receiving time as T2 and check whether the MAC address in the Option field is consistent with that at the head of NA and whether it is in the blacklist. If any of these conditions are met, then the NA will be discarded, and go back to Step  e blacklist contains five fields: Switch Dpid, Port No., MAC, Idle_time, and Flag. e Idle_time field is used to record the idle time of the entry, field value plus 1 per second; if the entry is not matched within 3 minutes, then the entry will be removed from the blacklist. e Idle_time field is cleared each time the entry is matched.

FDAD Instance.
Suppose the network is composed of one SDN controller, two Openflow switches, and three hosts. e network has been running for a period of more than 3 minutes. e topology is shown in Figure 7, and the configuration of each host is presented in Table 6.
First, the controller should dispatch the flow table toOpen vSwitch1 (OVS1) and OVS2 in order to monitor DAD message in the network. e items in the flow table related to monitor are shown in Table 7.
Assume that host A generates a new link-local address CGA X using CGA as the address configuration method (for illustrative purposes, supposing the last 32 bits of CGA X is "cc00-aabb"), then host A broadcasts NS for DAD, and the details of the NS are shown in Figure 8. When OVS1 receives this NS, it will encapsulate the message and send a Packet_In to FDAD-S. After the FDAD-S gets the NS contained in Packet_In, it will check it and add a new entry in T NS . e result is shown in Table 4.
After host B receives NS, it finds that CGA X does not conflict with its own IPv6 address, thus, host B discards the NS. After the host C receives the NS, considering that C is malicious, C forges the NA to attack host A, and the NA detail is shown in Figure 9. According to the flow table, OVS2 generates a Packet_In message and forwards it to FDAD-S after receiving the NA. After FDAD-S checks the NA, it is found that Conditions 1-3 are satisfied, and then it updates the T NA . e result is shown in Table 3.
After the NA is received, host A does not verify the parameters immediately but checks the consistency of the MAC and blacklist; if the check is passed, the FDAD-Request message will be sent. e detail of the message is shown in Figure 10. After OVS1 receives the message, it uses Pack-et_In to forward the message to the FDAD-S.
FDAD-S checks the T NS and T NA , and it finds two entry corresponding to the FDAD-Request and satisfies Conditions 4-7, and thus, it updates the table T Query (see the update results in Table 4). en, FDAD-S queries to the OVS2 for the generation time of MAC C . Once the query is    Security and Communication Networks successful, the flag field of the entry in T Query is set to T (see Table 8). e controller then sends FDAD-reply message to OVS1 and indicates OVS1 use port 1 to forward the message, and the detail of FDAD-Reply is shown in Figure 11. Once host A receives the FDAD-reply, it finds that the MAC C existed for a long time and a new address does not appear in time T2-T1. us, host A verifies CGA parameters contained in NA. Because the parameters are fabricated by host C, the result fails, and so it sends a FDAD-feedback message which will be forwarded to FDAD-S by OVS1, and the detail of FDAD-feedback is shown in Figure 12.
After receiving the FDAD-Feedback, FDAD-S finds that the message meets Conditions 8-13, so it updates T Feedback (see Table 5). It then delivers the flow tables to suppress the NA that accessed in through OVS2 port 3 and

Experiment.
In order to verify FDAD, we implement it in Mininet. OpenFlow switch is Open vSwitch, and the controller is RYU. e operating system is Ubuntu Mate (virtual machine: CPU 2 GHz × 2, Memory 2 GB). e specific version of each software is shown in Table 9. e network has three hosts, namely, A, B, and C. Hosts A and C simulate normal and malicious hosts, and B is used for monitoring.
C is assumed to have the following computing and communication capabilities. (ii) Communication capability: (1) C can receive broadcast and unicast.
(2) C can change its protocol stack to send any NDP message, e.g., sending NA with false MAC address and CGA parameters and sending a large number of NA to consume the target's resource and carry out DoS. (3) C cannot sniff peer-to-peer communication, such as the switch forwards a unicast frame from port 1 to port 2. (4) C is aware of the FDAD mechanism and has the ability to send fake FDAD-Request and FDAD-Feedback to the controller or fake FDAD-Reply.

Experiment 3.
A conducts address configuration and DAD using SEND method; C sends a false NA with random MAC address and fake CGA parameters to attack (we define this kind of attack as DoS1). e experiment results are shown in Figure 13. e figure presents that the CPU overhead of NDP is the lowest. CGA which is used by SEND will cause CPU overhead slight increase of approximately 4.15%. When SEND   receives a false NA, its CPU consumption has no evident increase compared with normal state, and an increase of about 0.369%.

Scenario 2.
Testing CPU overhead of SEND and FDAD when suffering DoS Scenario 2 simulates the host that suffered DoS attacks during CGA address configuration and DAD, and the attacker uses random MAC address and forged CGA parameters, and records its CPU overhead; it also carries out the following four experiments. Experiment 4. Host A carries out CGA address configuration and DAD. For each NS that host C receives, it sends ten times NA which contains false parameters to respond (DoS10).

Experiment 5.
Host A conducts CGA address configuration and DAD. C sends out NA 100 times which contains false parameters for each NS it received (DoS100). Experiment 6. Host A carries out CGA address configuration and DAD; C sends out NA 200 times which contains false parameters for each NS it received (DoS200).

Experiment 7.
Host A conducts address configuration and DAD using FDAD; C sends out NA 200 times which contains false parameters for each NS it received (DoS200).
e experiment results are shown in Figure 14. We can see that when host A suffers DoS attack in the CGA DAD process, its CPU consumption increases as attack frequency increases. When the attack frequency reaches 200, the host's CPU has been exhausted. In contrast, the figure also shows that the CPU utility of FDAD is much lower, stable, and insensitive to highfrequency attacks. Figure 15 shows the comparison of controller's CPU and memory overhead between Experiments 6 and 7. As the figure shows, the controller's CPU overhead in FDAD is stable but fluctuant in SEND, with average increases of approximately 1.59%. In FDAD, memory overhead average increases about 0.402% because the controller needs to maintain four additional state tables.
In terms of communication overhead, at the beginning of the experiment, FDAD-S needs to query the switch for MAC information and host communicate with switch frequently; these lead to FDAD communication overhead a slightly higher than normal environment. However, when the suppression mechanism of FDAD works, it effectively suppresses the DoS attack packets sent by the malicious host C. As a result, network traffic is reduced significantly, far below the normal environment, as shown in Figure 16. Figure 17 shows the overhead comparison of switch bandwidth and RTT in Experiments 6 and 7. e FDAD's bandwidth is relatively stable when suffering from DoS. Even though some fluctuations exist, the amplitude is very small. Under the same attack intensity, SEND's bandwidth gradually increases over time and finally reaches the peak. e RTT of SEND also increases significantly higher than that of FDAD due to  hundreds of times increase in network packets caused by DoS.

Attack Mode Analysis
(1) Malicious hosts use real MAC addresses to attack. Attack mode: when the attack host receives a DAD NS sent by a normal host, it sends a fake NA which contains its real MAC in response to declare a conflict.
In FDAD, after the host receives the NA which declares an address conflict, it will not carry out parameter verification immediately. Instead, it will query the controller for the generation time of NA's source MAC. If MAC exists on a switch for more than 1 second, the host will further verify the CGA parameters. Given that the NA is a forgery, the parameter verification step will fail, and the host will write the malicious host's information to the blacklist and feed it back to the FDAD-S. e result is that the subsequent NA of the malicious host will be blocked by a flow table and cannot enter the network. Even if the subsequent forged NA reaches the normal host, it will also be shielded from host's blacklist. (2) Malicious host uses fake Mac to perform Denial of Service attack. Attack mode: when the attack host receives the DAD NS sent by normal host, it sends a fake NA which contains random MAC for responding to declare a conflict. Its residence time on switch is less than 1 second because the random MAC address is newly generated. In FDAD, if the host receives the NA containing the new generated MAC, then it will immediately write it into the blacklist, then verify and discard it, and send feedback to the FDAD-S. us, the subsequent NA of the malicious host will be suppressed and cannot cause an effective attack.
(3) Host uses the FDAD-Request message to consume the controller resources.
Attack mode: the malicious host uses FDAD mechanism to send a large number of FDAD-Request messages to consume controller resources.
In FDAD, the controller does not allow a host which has not carried out DAD before to query other hosts' MAC information. For a host that has initiated DAD, MAC queries will not be allowed and only a host who responds the NS exists. e query is limited to specific entries in the T Query . When an entry is queried, it will be marked up, that is, repeated queries are prohibited. (4) Host uses FDAD-Feedback messages to attack other hosts. Attack mode: the malicious host uses FDAD mechanism to send a large number of FDAD-Feedback messages to suppress normal host's communication. e feedback is allowed only when Conditions 8-13 are satisfied because the T Feedback is limited by T NS , T NA , and q T Query , and even if the feedback is successful, the related entries in these three tables will be cleared, and all these means, for a specific NA, the host can feedback only once in the DAD process. (5) C sends forged FDAD-Reply to other hosts.
Attack mode: in the process of DAD, if C receives a NS, it sends a forged NA and FDAD-Reply to the response, which contains forged Dpid and port information. e switch does not forward the FDAD-Reply generated by the normal host.
us, the FDAD-Reply does not arrive at host A but directly arrives at the controller and is discarded. Furthermore, the fake NA cannot pass the CGA verification and is fed back to the controller by host A. erefore, this kind of attack is invalid. Subsequent attack message is suppressed; it cannot enter the network.

Storage and Communication Overhead Analysis
(1) Switch Storage Overhead. In Ethernet, the switch is capable of learning the MAC address. When a frame arrives, the switch learns the source MAC address and accesses the port of the frame. A forwarding entry is then generated in the cache; its format is like < mac, inport, ttl, type>. en, the frame is forwarded in unicast or broadcast. In SDN, the frame forwarding mode of OpenFlow-enabled switch is similar to that of Ethernet switch. erefore, in SDN, when the host uses a random MAC address for DoS, a large number of garbage flows are generated in the switch, occupying a large amount of storage space. In FDAD, if a malicious node responds to NS with a random MAC address, since the forwarding entry is newly generated, the time of existence on the switch is less than 1 second. erefore, the node is directly written in the blacklist of the host. After CGA verification, the host discards it and feeds back to the controller. erefore, the subsequent NA of the malicious host is suppressed at its entry port by the controller. Even if the malicious host sends numerous frames with random MAC address, it does not form a DoS attack and generate additional flows on the switch. respectively. e size of NDP with CGA option is 238 bytes. erefore, the new messages adopted by FDAD are larger than the original NDP, with increased ratios of 15.4%, 30.8%, and 41%, respectively, but still less than the messages of SEND. e increased overhead is mainly used to reduce the additional consumption caused by DoS. e communication overhead is analyzed in several typical scenarios.
(1) Normal DAD process (no address conflict): e normal FDAD process is shown in Figure 18. Host A generates the address CGA X and then broadcasts the NS_CGA X . No host answers because an address conflict does not exist. After the timeout, the DAD process is completed and CGA X is available. In this case, the communication overheads of SEND and FDAD are the same, that is, both have one NS broadcast. e specific number is determined by number n, which refers to the hosts in the LAN: (2) Address conflict in SEND: (i) When the address of B is also CGA X , an address conflict exists. e DAD process is shown in   Figure 19(a). A sends NS_CGA X in broadcast, B replies to NA_CGA X after detecting the address conflict, and then A regenerates a new address CGA Y and broadcasts NS_CGA Y again without conflict. e communication overhead of the whole process is as follows: (3) DoS attack in SEND: e DoS process in SEND is shown in Figure 19(b). In DAD, C sends m NA to reply and consume A's resources after receiving the NS_CGA X sent by A. e communication overhead is as follows: (4) Address conflict in FDAD e communication process is shown in Figure 20(a). In DAD, A sends the FDAD-Request message to the controller and receives the FDAD-Reply after receiving the NA_CGA X sent by B. en, CGA parameters are verified for NA. After the address conflict is found, host A needs to generate a new address CGA Y and then broadcasts NS_CGA Y . At this time, no address conflict exists, and the DAD process is completed. e communication overhead is as follows:

(5) DoS attack in FDAD:
e communication process is shown in Figure 20(b). Host A receives the forged NA_CGA X sent by C after NS_CGAX broadcast. en, host A sends FDAD-Request to the controller and receives FDAD-Reply message. Host A sends the FDAD-Feedback to the controller because the forged NA cannot pass the CGA verification, and then FDAD-S performs NDP message suppression on the port connected to C. erefore, the subsequent NA_C-GA X can no longer enter the network. e communication overhead is as follows: e following is a quantitative analysis of the abovementioned situations.
(1) Normal DAD process (no address conflict): (2) Address conflict: e difference between the two is  (3) Under DoS attack: For a LAN with n nodes, the total length of CGA address is 64 bits. If Sec bits (3 bits), u bit, and g bit are removed, the remaining 59 bits are random values. If each node generates k IPv6 addresses for a specific network prefix, then the probability of address conflict P is as follows: e size of a general LAN is less than 2 9 to prevent broadcast storm. For the same network prefix, the number of IPv6 addresses generated by each node does not exceed 2 5 (only one address is usually generated). When n is set to 2 9 and k to 2 5 , e probability of real address conflict is very small. us, the communication overheads of FDAD and SEND are almost the same.
Assuming h attack nodes exist in the LAN and each node sends m NA during the DAD process, the overhead comparison is as follows: T SEND_DoS � 238 × n + h × m × 238, T FDAD_DoS � 238 × n + 302 × h. (12) As long as m > 1.3, the expression T SEND_DoS > T FDAD_DoS is satisfied. erefore, the communication overhead of FDAD is much less than that of SEND when attacked by DoS.

Strengths and Limitations of FDAD.
FDAD is the combination of the host's computing capability and SDN's control capability. Although network protocols can be implemented in hosts and network devices, in the traditional network, both of them detect attacks from their own point of view and adopt different methods. For example, distributed hosts have powerful computing power, but they are unable to prevent the generation and access of attack packets in DoS attack. e network device has the ability to prevent the packets from coming into the network but lacks the computing ability to verify the attack. FDAD combines the both abilities effectively, and its advantages are as follows: (1) It protects the security of the host's DAD process for the host to generate IPv6 address smoothly (2) It could suppress DoS attack from the source and reduce the generation of useless flow in SDN (3) When suffering from DoS attack, the amount of LAN packets could be greatly reduced FDAD also has some limitations: (1) It adds three new NDP messages to the network, and the new message is larger than the original NDP message. us, in some cases, the communication overhead increases. (2) It is not suitable for traditional Ethernet because its mechanism needs the support of a control layer. Otherwise, FDAD-Query, FDAD-Reply, and FDAD-Feedback messages could not play their roles. (3) FDAD mechanism increases the memory and CPU cost of the controller, but this cost is greatly reduced when DoS attack occurs in the network.

Conclusion
DoS attacks are difficult to eliminate, largely because the attack hosts are concealed. In the DAD process, for the CGA parameters in NA, the host cannot identify its authenticity before verification is completed. However, even if the host identifies a false NA through verification, it is unable to prevent subsequent attacks from the same host because a malicious host can send a message using other false source address. In FDAD, the host can use the FDAD-Request to retrieve specific MAC's generation time and evaluate the authenticity of the NA in advance. For a false NA, the host can use FDAD-Feedback message to send the feature of the attack host to the control part. e controller can suppress the attack message from the source by dispatching a flow table, breaking the concealment of the attack host. Experiments show that FDAD greatly reduces the CPU and communication overhead of the host that suffering DoS. Of course, feedback mechanism causes the controller's CPU and memory consumption to increase slightly in s some scenarios, but its security cannot be matched by the traditional method.

Data Availability
All data are included in the manuscript.

Conflicts of Interest
e authors declare that they have no conflicts of interest.