Early detection of DDoS based on φ-entropy in SDN networks

software defined network (SDN) is an emerging network architecture. Its control logic and forwarding logic are separated. SDN has the characteristics of centralized management, which makes it easier for malicious attackers to use the security vulnerabilities of SDN networks to implement distributed denial Service (DDoS) attack. Information entropy is a kind of lightweight DDoS early detection method. This paper proposes a DDoS attack detection method in SDN networks based on phi-entropy. phi-entropy can adjust related parameters according to network conditions and enlarge feature differences between normal and abnormal traffic, which can make it easier to detect attacks in the early stages of DDoS traffic formation. Firstly, this article demonstrates the basic properties of phi-entropy, mathematically illustrates the feasibility of phi-entropy in DDoS detection, and then we use Mini-net to conduct simulation experiments to compare the detection effects of DDoS with Shannon entropy.