A low-rate DDoS detection and mitigation for SDN using Renyi Entropy with Packet Drop

Abstract

Software-Defined Networking (SDN) is an approach to network architecture that enables software applications used for intelligent, centralized network management or scheduling. It is gaining popularity due to its flexibility, agility, and scalability feature. SDN provides high network programmability and speeds up the network variation by forwarding the control layer from the data layer. The logically centralized controller is always an attractive target for the Distributed Denial of Service (DDoS) attacks. According to various specifications, the low-rate DDoS attack is often not easy to detect against SDN because attackers behave like legitimate traffic. Hence, it is essential to have a fast and accurate detection model to detect the data layer attack traffic timely so that it could not affect on available resources such as bandwidth, memory, central processing unit (CPU). In this paper, we propose a DDoS detection technique based on Renyi Entropy with Packet Drop (REPD) where packets drop method is used for the purpose of mitigation. The information distance metric has been used to evaluate the fluctuation of network traffic with various probability distributions. Also, an extensive simulation has been carried out on the synthetic data to improve the performance in terms of detection time and accuracy. It was observed that the attained results outperformed the Shannon Entropy (SE), Generalized Entropy, and other statistical distance metrics.