Overall statement ​or summary of the article and its findings in your own words:

The paper addresses the denial of service attacks issue by proposing the new solution leveraging the programmable data planes. the paper takes advantage of the domain specific language approach to solve the well known spoof based and volumetric attacks in a novel approach, which is commendable. the key technique sued by the author to solve the problem is distinguishing the switch ports connected to hosts or neighbor switches and measuring the incoming packets timestamp and host reputation. the experimental topology setup in mininet emulator and the experiments run for spoofing attacks and volumetric attacks clearly showing the impact of the proposed technique and the results were well presented with better visualization graphs distinguishing the performance difference of the author technique compared to the basic version of the switch.

Overall ​strengths​ of the article and what ​impact​ it might have in your field:

The paper addresses the known network security issue (DOS attacks) with novel approach of considering the programmable data planes. this paper would enable the researchers to consider the potential of using programmable data planes to address the security issues.

Specific comments on ​weaknesses​ of the article and what could be done to improve it:

Major points in the article which needs clarification, refinement, reanalysis, rewrites and/or additional information and suggestions for what could be done to improve the article.

1.the methods used to prove the research study were good in terms of repeatability. However, the experiments were based on the ICMP protocol and its not common to perform the DOS attacks in all of the existing scenarios in the real world. this questions the validity and reliability of the results based on the proposed approach for DOS attacks detection and would like to see if the tcp or udp based experiments on the proposed approach. 2. MAC spoofing is only application in Internal networks. However, most of the Spoofing based DOS attacks originates from external world. Does the paper address the external Dos attacks? 3. The proposed approach defines the attack detection/mitigation using time threshold. How do you determine the ideal time threshold in the experiments ? Is there any methods followed to define threshold and also determining the known host IP's for whitelisting?

Minor points like figures/tables not being mentioned in the text, a missing reference, typos, and other inconsistencies.

1. the paper introduction mentioned the vulnerabilities in SDN to motivate this approach. however, having a reference of the papers solved those vulnerabilities would complete the background of the paper.
2. The link bandwidth between the switch and switch or host and switch used for the experiments not mentioned in the paper and would helpful for experiments repeatability.
3. In page 56, under Section 2 Related work, Line 19 and 20 tend to require proper connection of sentences.

...................................................................................................................................................................................

Comments on abstract, title, references.

Author outlined the aim of the paper in the abstract. Author described the contribution of the paper and how they have implemented. the Title is relevant to the paper contribution. Yes, they are relevant. Yes, they are recent. Yes, Referenced correctly. Broadly covered the papers relevant to the DOS technique proposed.

Comments on introduction/background

the SDN topic introduction is very well articulated and discussed the security challenges in SDN. the research question of the paper is well defined and quoted the necessity of the approach. Yes, the author justified the need of this research for solving a security issue.

Comments on methodology

the subject selection process for this research article is clear. the methods used to prove the research study were good in terms of repeatability. However, the experiments were based on the ICMP protocol and its not common to perform the DOS attacks in all of the existing scenarios in the real world. this questions the validity and reliability of the results based on the proposed approach for DOS attacks detection.

Comments on data and results

the experimental data clearly depicts the effect of the DOS attacks with and without the proposed solution and the graphs were well presented in the paper. the result data discussion in the paper is appropriate and not repetitive.

Comments on discussion and conclusions

the authors contribution and the Dos mitigation technique approach is commendable in the paper. However, the Experiments were focused on setting up the network topology quite suitable to internal network and used the outdated protocol(ICMP) traffic(unlikely used for Dos attack in either internal or external) for getting the results and proving the concept. In addition, the Experimental tests are not well suited for mitigating Dos attacks originating from external world, as the MAC spoofing is very unlikely happen from external network and determining the IP address is known host or not is not realistic.