Information Theory-based Approaches to Detect DDoS Attacks on Software-defined Networking Controller a Review

Abstract

The number of network users and devices has exponentially increased in the last few decades, giving rise to sophisticated security threats while processing users’ and devices’ network data. Software-Defined Networking (SDN) introduces many new features, but none is more revolutionary than separating the control plane from the data plane. The separation helps DDoS attack detection mechanisms by introducing novel features and functionalities. Since the controller is the most critical part of the SDN network, its ability to control and monitor network traffic flow behavior ensures the network functions properly and smoothly. However, the controller’s importance to the SDN network makes it an attractive target for attackers. Distributed Denial of Service (DDoS) attack is one of the major threats to network security. This paper presents a comprehensive review of information theory-based approaches to detect low-rate and high-rate DDoS attacks on SDN controllers. Additionally, this paper provides a qualitative comparison between this work and the existing reviews on DDoS attack detection approaches using various metrics to highlight this work’s uniqueness. Moreover, this paper provides in-depth discussion and insight into the existing DDoS attack detection approaches to point out their weaknesses that open the avenue for future research directions. Meanwhile, the finding of this paper can be used by other researchers to propose a new or enhanced approach to protect SDN controllers from the threats of DDoS attacks by accurately detecting both low-rate and high-rate DDoS attacks.