Abstract
Distributed Denial of Service (DDoS) attack is known to be one of the most lethal attacks in traditional network architecture. In this attack, the attacker uses botnets to overwhelm network resources. Botnets can be randomly compromised computers or IoT devices that are used to generate excessive traffic towards the victim, and as a result, legitimate users cannot access the services. In this research, software-defined networking (SDN) has been suggested as a solution to fight DDoS attacks. SDN uses the idea of centralized control and segregation of the data plane from the control plane. SDN is more flexible, and policy implementation on the centralized controller is easy. SDN is now being widely used in modern network paradigms because it has enhanced security. In this work, an entropy-based statistical approach has been suggested to detect and mitigate TCP SYN flood DDoS attacks. The proposed algorithm uses a three-phased detection scheme to minimize the false-positive rate. Entropy, standard deviation, and weighted moving average have been used for intrusion detection. Multiple experiments were performed, and the results show that the suggested approach is more reliable and lightweight and has a minimal false-positive rate.
Highlights
Introduction eInternet has become a crucial part of homes and offices in the 21st century
Users have been targeted over the information superhighway using a multitude of approaches. e first Distributed Denial of Service (DDoS) attack happened in 1996 when a DDoS attack rendered Panix, an Internet service provider, inaccessible for many days
In the context of software-defined networking (SDN), there are three mitigation schemes: (1) intraentropy to assess data unpredictability, (2) intrabay-based approach to classify attack traffic, and (3) intradomain mitigation that is a strategy for preventing intradomain attacks
Summary
In application-layer attacks, server resources like CPU and memory are exhausted by generating excessive ping requests towards the server. It is to detect DDoS attacks because the firewall cannot detect them, for example, HTTP GET flood attack [10]. Definition of SDN provided by ONF says that “A network architecture in which the control plane controls the network flow and forwarding is separated. SDN has OpenFlow switches; whenever a new packet enters inside the network, the flow rule implemented by the controller decides what to do with that packet. Southbound APIs. Lower-level architectures like network switches and routers use southbound APIs to communicate with the controller. E paper organization has been done in the following manner: Section 2 explains the literature review, in Section 3, we have discussed the proposed technique, Section 4 describes the experimental scheme and results, and the conclusion has been discussed in Sections 5 and 6
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
