Abstract
Information Communication Technology (ICT) environment in traditional power grids makes detection and mitigation of DDoS attacks more challenging. Existing security technologies, besides their efficiency, are not adequate to cater to DDoS security in Smart Grids (SGs) due to highly distributed and dynamic network environments. Recently, emerging Software Defined Networking- (SDN-) based approaches are proposed by researchers for SG’s DDoS protection; however, they are only able to protect against flooding attacks and are dependent on static thresholds. The proposed approach, i.e., Software Defined Networking-based DDoS Protection System (S-DPS), is efficiently addressing these issues by employing light-weight Tsallis entropy-based defense mechanisms using SDN environment. It provides early detection mechanism with mitigation of anomaly in real time. The approach offers the best deployment location of defense mechanism due to the centralized control of network. Moreover, the employment of a dynamic threshold mechanism is making detection process adaptive to the changing network conditions. S-DPS has demonstrated its effectiveness and efficiency in terms of Detection Rate (DR) and minimal CPU/RAM utilization, considering DDoS protection focusing smurf attacks, socket stress attacks, and SYN flood attacks.
Highlights
Frequency of communication between smart meter and utility server is set to different intervals, i.e., 1 second, 4 seconds, 60 seconds, 5 minutes, and 15 minutes, depending upon the scheduling criteria set by utility service provider [29]
Traffic profile for the experiments is shown in Table 5. ese traffic profiles are simulated using UDP/TCP/Internal Control Message Protocols (ICMP)-based packets at destination port 80/21 using random spoofed source Internal Protocol (IP) addresses and source ports
The attack is detected in these windows. To verify whether it is a DoS or Distributed Denial of Service (DDoS) attack, it can be seen from Figure 7(b) that source IP current entropy is above the threshold value for consecutive windows from windows 6–25, meaning the number of packets with multiple SrcIPs/windows for the target host exists, resulting in increase of overall SrcIP address entropy from the threshold. erefore, the attack detected is DDoS
Summary
Considering the wide spread of ICT and upcoming IoT devices, applications, and scenarios in almost every field of life, the authors in [7] showcased the vulnerabilities that may attract negative attentions. E authors in [20] present a novel entropy-based statistical approach in multicontroller SDN environment approach which is proposed for early detection and mitigation of DDoS attack. E authors in [21] present a generalized entropy-based feature selection technique which is used to detect network anomalies from real-life WAN traffic data with a high DR and low FPR. E proposed approach is evaluated against other entropy metrics like Shannon entropy and Kullback–Leibler divergence using both simulated and real-time DDoS datasets Another important variant of parameterized entropy, i.e., Tsallis entropy, is utilized by researchers for anomaly detection. Erefore, it necessitates developing an adaptive light-weight entropy-based defence mechanism using SDN environment for SG, providing early detection and mitigation of anomaly in real time.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
