A low-rate DDoS detection and mitigation for SDN using Renyi Entropy with Packet Drop

被引:24
作者
Ahalawat, Anchal [1 ]
Babu, Korra Sathya [2 ]
Turuk, Ashok Kumar [1 ]
Patel, Sanjeev [1 ]
机构
[1] Natl Inst Technol Rourkela, Dept Comp Sci & Engn, Rourkela 769008, Odisha, India
[2] Indian Inst Informat Technol Kurnool, Dept Comp Sci & Engn, Kurnool 518007, Andhra Pradesh, India
关键词
SDN; OpenFlow; Low-rate DDoS; Renyi entropy; Information distance; ALGORITHM; PROTECTION; ATTACKS; DEFENSE;
D O I
10.1016/j.jisa.2022.103212
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Software-Defined Networking (SDN) is an approach to network architecture that enables software applications used for intelligent, centralized network management or scheduling. It is gaining popularity due to its flexibility, agility, and scalability feature. SDN provides high network programmability and speeds up the network variation by forwarding the control layer from the data layer. The logically centralized controller is always an attractive target for the Distributed Denial of Service (DDoS) attacks. According to various specifications, the low-rate DDoS attack is often not easy to detect against SDN because attackers behave like legitimate traffic. Hence, it is essential to have a fast and accurate detection model to detect the data layer attack traffic timely so that it could not affect on available resources such as bandwidth, memory, central processing unit (CPU). In this paper, we propose a DDoS detection technique based on Renyi Entropy with Packet Drop (REPD) where packets drop method is used for the purpose of mitigation. The information distance metric has been used to evaluate the fluctuation of network traffic with various probability distributions. Also, an extensive simulation has been carried out on the synthetic data to improve the performance in terms of detection time and accuracy. It was observed that the attained results outperformed the Shannon Entropy (SE), Generalized Entropy, and other statistical distance metrics.
引用
收藏
页数:15
相关论文
共 50 条
  • [31] DDoS Detection and Alleviation in IoT using SDN (SDIoT-DDoS-DA)
    Wani A.
    Revathi S.
    Journal of The Institution of Engineers (India): Series B, 2020, 101 (02): : 117 - 128
  • [32] Detection of Control Layer DDoS Attack using Entropy metrics in SDN: An Empirical Investigation
    Sahoo, Kshira Sagar
    Sahoo, Bibhudatta
    Vankayala, Manikanta
    Dash, Ratnakar
    2017 NINTH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING (ICOAC), 2017, : 281 - 286
  • [33] Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions
    Singh, Jagdeep
    Behal, Sunny
    COMPUTER SCIENCE REVIEW, 2020, 37
  • [34] A Low-rate DDoS Strategy for Unknown Bottleneck Link Characteristics
    Takahashi, Yuta
    Inamura, Hiroshi
    Nakamura, Yoshitaka
    2021 IEEE INTERNATIONAL CONFERENCE ON PERVASIVE COMPUTING AND COMMUNICATIONS WORKSHOPS AND OTHER AFFILIATED EVENTS (PERCOM WORKSHOPS), 2021, : 508 - 513
  • [35] RMCARTAM For DDoS Attack Mitigation in SDN Using Machine Learning
    Revathi M.
    Ramalingam V.V.
    Amutha B.
    Computer Systems Science and Engineering, 2023, 45 (03): : 3023 - 3036
  • [36] Mitigation of DDoS Attack Using Moving Target Defense in SDN
    Swami, Rochak
    Dave, Mayank
    Ranga, Virender
    WIRELESS PERSONAL COMMUNICATIONS, 2023, 131 (04) : 2429 - 2443
  • [37] Mitigation of DDoS Attack Using Moving Target Defense in SDN
    Rochak Swami
    Mayank Dave
    Virender Ranga
    Wireless Personal Communications, 2023, 131 : 2429 - 2443
  • [38] A novel CNN-enhanced detection and mitigation of DDoS attacks in SDN
    Ashfaq Ahmad Najar
    S. Manohar Naik
    Faisal Rasheed Lone
    Azra Nazir
    Cluster Computing, 2025, 28 (6)
  • [39] DNS Amplification Based DDoS Attacks in SDN Environment: Detection and Mitigation
    Gupta, Vishal
    Kochar, Amrit
    Saharan, Shail
    Kulshrestha, Rakhee
    2019 IEEE 4TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION SYSTEMS (ICCCS 2019), 2019, : 473 - 478
  • [40] Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model
    Alashhab, Abdussalam Ahmed
    Zahid, Mohd Soperi
    Isyaku, Babangida
    Elnour, Asma Abbas
    Nagmeldin, Wamda
    Abdelmaboud, Abdelzahir
    Abdullah, Talal Ali Ahmed
    Maiwada, Umar Danjuma
    IEEE ACCESS, 2024, 12 : 51630 - 51649