Abstract
The advent of software-defined networking (SDN) has significantly transformed network management by offering modular control and data plane characteristics, enabling adaptability and flexibility in managing networks. This innovation entails the separation of control and data plane elements to facilitate efficient network administration. Nevertheless, the centralization resulting from control plane separation renders SDN vulnerable to cyber threats, particularly Distributed Denial-of-service (DDoS) attacks that target SDN controllers. Recently, studies have highlighted the relevance of entropy-based attack detection techniques compared to alternative methods. However, relying solely on entropy may overlook detection in specific variables, such as flow specification variations. To address the limitations of entropy-based detection systems, we developed a DDoS attack detection framework within the SDN control plane, integrating the packet flow initiation and specification properties with an entropy-based algorithm to ensure accurate attack detection measures. Our lightweight framework aims to mitigate DDoS attacks by detecting their impact in the early stages, thus preventing SDN controllers from being hijacked due to excessive packet flooding. The simulation is employed in Mininet network simulator to implement, and the testbed is created by focusing UDP flood attacks in widely used data-centric tree topologies. The experimental results demonstrate that our proposed solution effectively detects and mitigates novel parameters of SDN-based DDoS floods within 150 packets while maintaining minimal delay and high accuracy
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.