Entropy-KL-ML:Enhancing the Entropy-KL-Based Anomaly Detection on Software-Defined Networks

The Software-Defined Networking (SDN) concept allows network innovations by leveraging a centralized controller that commands the whole network. The controller manages the functionality of the entire network. In the event that the controller fails, the switches will attempt to continue to forward traffic based on the last set of entries in the forwarding table. Therefore, assuming an unstable network, no interruption can be expected. Consequently, when a controller fails due to an expiration time or capacity limitation for a forwarding table, the controller will not be able to handle newly arriving packets. This will result in the entire network going down. Because of vulnerabilities between the control plane and the data plane, Denial of Service (DoS) attacks often pose the greatest risk to SDN. The paper discusses a method to detect this attack before it leads to failure of the controller. The proposed combined anomaly detection method, which is called Entropy-KL-ML, uses entropy along with KL-divergence and ensemble learning to detect any uncertainty in incoming packets within time slots. KL-divergence and ML classifiers make the detection more accurate. We also present a new method for selecting features based on grouping the features that reduces the computational overhead of the controller. With an anomaly detection method in SDN, it is essential to provide a balance between overhead, accuracy, and processing time. Through a real-world data set and some anomaly detectors, we demonstrate that the Entropy-KL-ML method detects anomalies with greater accuracy and fewer overheads.