Switch, network controller, communication control method, and communication control program

1 . A switch in a communication network, the switch comprising: a memory storing instructions; and a controller for, based on the instructions, controlling a communication flow in the communication network, wherein: a suspected flow is the communication flow suspected of being related to a DDoS (Distributed Denial of Service) attack, a normal flow is the communication flow other than the suspected flow, the controller is configured to execute, based on the instructions, provisional handling when receiving a provisional handling instruction indicating identification information of the suspected flow from a network controller, the provisional handling includes processing of setting a priority of the suspected flow to a designated priority, and processing of setting a priority of the normal flow higher than the designated priority. 2 . The switch according to claim 1 , wherein: the designated priority is a lowest priority that is the lowest among a plurality of priorities, the provisional handling includes processing of searching for an empty priority not allocated to the normal flow from the plurality of priorities other than the lowest priority, and processing of increasing the priority of the normal flow in which the priority before the provisional handling is performed is lower than the empty priority by one step when the empty priority is found. 3 . The switch according to claim 1 , wherein: the designated priority is a lowest priority that is the lowest among a plurality of priorities, a lowest priority flow is the normal flow in which the priority before the provisional handling is performed is the lowest priority, the provisional handling includes processing of increasing the priority of at least the lowest priority flow from the lowest priority. 4 . The switch according to claim 1 , further comprising: a queue provided for each of the priorities, wherein: a queue length is a data amount of the communication flow stored in each queue, a first queue length is the queue length of the queue in which data of the communication flow of a first priority is stored, a second queue length is the queue length of the queue in which data of the communication flow having a second priority higher than the first priority by one step is stored, the designated priority is a lowest priority that is the lowest among a plurality of priorities, the provisional handling includes processing of searching for a combination of the first priority and the second priority for which the sum of the first queue length and the second queue length is less than or equal to a queue length upper limit value, or processing of searching for a combination of the first priority and the second priority for which a sum of the first queue length and the second queue length is minimum, and processing of increasing the priority of the normal flow in which the priority before the provisional handling is performed is less than or equal to the first priority by one step when the combination of the first priority and the second priority is found. 5 . A network controller, which is connected to a switch for controlling a communication flow in a communication network, the network controller, comprising: a memory storing instructions, and a controller for performing, based on the instructions, communication with the switch, wherein: a suspected flow is the communication flow suspected of being related to a DDoS (Distributed Denial of Service) attack, a normal flow is the communication flow other than the suspected flow, the controller is configured to perform processing, based on the instructions, of acquiring feature amount information indicating a feature amount for each of the communication flows from the switch, processing of detecting the suspected flow on the basis of the feature amount information, and processing of instructing the switch to execute provisional handling when the suspected flow is detected, the provisional handling includes processing of setting a priority of the suspected flow to a designated priority, and processing of setting a priority of the normal flow higher than the designated priority. 6 . The network controller according to claim 5 , wherein: the controller is further configured to execute processing of identifying a suspected section in which a communication of the suspected flow is performed in the communication network, a suspected port is a port connected to the suspected section among ports of the switch, the non-suspected port is a port not connected to the suspected section among the ports of the switch, the first switch is the switch having the non-suspected port to which a first normal flow is input and the suspected port to which the first normal flow is output, the second switch is the switch having the suspected port to which a second normal flow is input and the non-suspected port to which the second normal flow is output, the controller instructs the first switch to execute the provisional handling for setting the priority of the first normal flow higher than the designated priority, and instructs the second switch to return the priority of the second normal flow to an original priority before being performed the provisional handling. 7 . A communication control method, in a communication system including a switch for controlling a communication flow in a communication network, the communication control method including: processing of acquiring feature amount information indicating a feature amount for each of the communication flows; processing of detecting a suspected flow that is the communication flow suspected to be related to a DDoS(Distributed Denial of Service) attack on the basis of the feature amount information; and processing that executes provisional handling when the suspected flow is detected, wherein the provisional handling includes processing of setting a priority of the suspected flow to a designated priority, and processing of setting priority of a normal flow that is the communication flow other than the suspected flow higher than the designated priority. 8 . (canceled)