Detection of Control Layer DDoS Attack using Entropy metrics in SDN: An Empirical Investigation

Abstract

The Software Defined Networks (SDN) and OpenFlow technologies become the emerging networking technology that supports the dynamic nature of the network functions through simplified network management. The main innovation behind SDN is the decoupling of forwarding plane and control plane. In control plane, the controller provides a pivotal point of control to distribute the policy information throughout the network through a standard protocol like OpenFlow. Despite numerous benefits, SDN security is still a matter of concern among the research communities. The Distributed Denial-of-Service (DDoS) attack have been posing a tremendous threat to the Internet since a long back. The variant of this attack is quickly becoming more and more complex. With the advancement in network technologies, on the one hand SDN become an important tool to defeat DDoS attacks, but on another hand, it becomes a victim of DDoS attacks due to the potential vulnerabilities exist across various SDN layer. Moreover, this article focuses on the DDoS threat to control plane which is the central point of SDN. The entropy-based DDoS detection method is a wildly used technique in the traditional network. For detection of DDoS attack in control layer of SDN, few works have employed entropy method. In this paper, taking the advantages of flow based nature of SDN, we proposed General Entropy (GE) based DDoS attack detection mechanism. The experimental results show that our detection mechanism can detect the attack quickly and achieve a high detection accuracy with a low false positive rate.