Detection and Mitigation of (D)DoS Attacks in SDN Environment Using Entropy

Abstract

Software Defined Networking (SDN) is a paradigm for the networks, where the control planes and data planes are separated. It provides centralized network control by separating the network’s control logic from the underlying hardware devices. However, like traditional networks SDN is also susceptible to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. This paper aims to detect and mitigate DoS and DDoS attacks in an SDN environment using an entropy-based approach. The proposed mechanism calculates the entropy of the network over the collected traffic, and derives a dynamic threshold according to the network traffic conditions to determine whether the environment is subject to DoS or DDoS attacks. In the event of the attack, the proposed mechanism installs a drop flow rule into underlying forwarding devices, discarding the traffic sent from attacking host to victim host