Controller for software defined networking and method of detecting attacker

What is claimed is: 1. A controller for software defined networking, the controller comprising: a memory; and a hardware processor coupled to the memory, the hardware processor configured to receive first requests from a first communication partner; count a number of the received first requests; determine whether the number of the received first requests is larger than a predetermined threshold value; generate, upon determining that the number of the received first requests is larger than the predetermined threshold value, an inspection message on basis of a first packet included in one of the received first requests; send the inspection message to the first communication partner, the inspection message including an effective time period; monitor whether a first phenomenon occurs with respect to the first communication partner within the effective time period, the first phenomenon being expected to occur when an authorized switch performs a process on basis of the inspection message; and determine, when the first phenomenon does not occur within the effective time period, that the first communication partner is not the authorized switch but an attacker. 2. The controller according to claim 1 , wherein the processor is configured to determine that the first communication partner is an attacker when a first message is received from the first communication partner after the inspection message is sent, the first message being expected not to be received from the authorized switch. 3. The controller according to claim 1 , wherein the processor is configured to determine that the first communication partner is an attacker when a first message is not received from the first communication partner after the inspection message is sent, the first message being expected to be received from the authorized switch. 4. The controller according to claim 1 , wherein the processor is configured to generate a first inspection message including a condition for identifying the first packet; send the first inspection message to the first communication partner; receive a second request including a second packet from the first communication partner after the first inspection message is sent; and determine that the first communication partner is an attacker when the second packet matches the condition. 5. The controller according to claim 4 , wherein the processor is configured to set a first effective time period; and determine that the first communication partner is an attacker when the second request is received from the first communication partner before the first effective time period has expired and the second packet matches the condition. 6. The controller according to claim 4 , wherein the controller is an OpenFlow controller, the first request is a PacketIn message in OpenFlow, and the first inspection message is a FlowMod message in OpenFlow, in which an identification condition and an operation is defined, the identification condition being for identifying a packet included in the PacketIn message, the operation being to be applied on a packet which matches the identification condition. 7. The controller according to claim 1 , wherein the processor is configured to generate a first inspection message including the effective time period; send the first inspection message to the first communication partner; and determine that the first communication partner is an attacker when a response message is not received from the first communication partner after the first inspection message is sent, the response message indicating that the effective time period has expired. 8. The controller according to claim 7 , wherein the processor is configured to generate, when the response message is received from the first communication partner, a second inspection message including a condition for identifying the first packet; send the second inspection message to the first communication partner; receive a second request including a second packet from the first communication partner after the second inspection message is sent; and determine that the first communication partner is an attacker when the second packet matches the condition. 9. The controller according to claim 7 , wherein the processor is configured to set a timer which expires after the effective time period expires; and determine that the first communication partner is an attacker when the response message is not received before the timer has expired. 10. The controller according to claim 7 , wherein the processor is configured to send the first inspection message to the first communication partner a predetermined number of times; and determine that the first communication partner is an attacker when the response message is not received for any of the predetermined number of times of the sending. 11. The controller according to claim 7 , wherein the controller is an OpenFlow controller, the first inspection message is a FlowMod message with an effective time period in OpenFlow, and the response message is a FlowRemoved message in OpenFlow. 12. The controller according to claim 1 , wherein the processor is configured to send the inspection message to the first communication partner when a number of messages, which are received from the first communication partner within a unit time, exceeds a threshold value. 13. The controller according to claim 1 , wherein the processor is configured to receive requests including respective packets from communication partners including the first communication partner; generate inspection messages on basis of the respective packets when a number of messages, which are received from the communication partners within a unit time, exceeds a threshold value; and send the inspection messages to the respective communication partners. 14. A method of detecting an attacker, the method comprising: receiving, by a computer, first requests from a first communication partner; counting a number of the received first requests; determining whether the number of the received first requests is larger than a predetermined threshold value; generating, upon determining that the number of the received first requests is larger than the predetermined threshold value, an inspection message on basis of a first packet included in one of the received first requests; sending the inspection message to the first communication partner, the inspection message including an effective time period; monitoring whether a first phenomenon occurs with respect to the first communication partner within the effective time period, the first phenomenon being expected to occur when an authorized switch performs a process on basis of the inspection message; and determining, when the first phenomenon does not occur within the effective time period, that the first communication partner is not the authorized switch but an attacker.