Effectiveness of an Entropy-Based Approach for Detecting Low- and High-Rate DDoS Attacks against the SDN Controller: Experimental Analysis

Aladaileh, Mohammad Adnan; Anbar, Mohammed; Hintaw, Ahmed J.; Hasbullah, Iznan H.; Bahashwan, Abdullah Ahmed; Al-Amiedy, Taief Alaa; Ibrahim, Dyala R.

doi:10.3390/app13020775

Cited by 14 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, DDoS attacks are significant threats to SDN networks. However, traditional defense approaches may be ineffective in detecting and mitigating these attacks since attackers nowadays use new techniques to flood the SDN networks with different traffic variations (i.e., high and low rates), leading to the degrading of the SDN controller and making it unavailable to legitimate individuals [9].…”

Section: Motivation Behind This Slrmentioning

confidence: 99%

“…Figure 5 illustrates the DDoS attack mechanism on the SDN network. Furthermore, DDoS attacks pose critical threats to the SDN network, especially if the controller becomes a target, directly or indirectly [9]. For example, when a switch receives invalid network packets, it buffers all packets and then forwards only the packets' headers to the controller using Packet-In messages.…”

Section: Ddos Attacks Against Sdn Networkmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

Bahashwan

Anbar

Manickam

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

Software-defined networking (SDN) is a revolutionary innovation in network technology with many desirable features, including flexibility and manageability. Despite those advantages, SDN is vulnerable to distributed denial of service (DDoS), which constitutes a significant threat due to its impact on the SDN network. Despite many security approaches to detect DDoS attacks, it remains an open research challenge. Therefore, this study presents a systematic literature review (SLR) to systematically investigate and critically analyze the existing DDoS attack approaches based on machine learning (ML), deep learning (DL), or hybrid approaches published between 2014 and 2022. We followed a predefined SLR protocol in two stages on eight online databases to comprehensively cover relevant studies. The two stages involve automatic and manual searching, resulting in 70 studies being identified as definitive primary studies. The trend indicates that the number of studies on SDN DDoS attacks has increased dramatically in the last few years. The analysis showed that the existing detection approaches primarily utilize ensemble, hybrid, and single ML-DL. Private synthetic datasets, followed by unrealistic datasets, are the most frequently used to evaluate those approaches. In addition, the review argues that the limited literature studies demand additional focus on resolving the remaining challenges and open issues stated in this SLR.

show abstract

Section: Motivation Behind This Slrmentioning

confidence: 99%

Section: Ddos Attacks Against Sdn Networkmentioning

confidence: 99%

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

Bahashwan

Anbar

Manickam

et al. 2023

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…SDN is one of the emerging technologies that decouples the control plane from the forwarding plane [6]. Its architecture typically involves three planes: the application plane, the control plane, and the data plane [7]. The application plane consists of network applications such as driving safety apps, infotainment, and mobility management that leverage the exposed northbound application interface to interact with the control plane [8].…”

Section: Introductionmentioning

confidence: 99%

“…The deployment of the detection and mitigation system directly on the controller necessitates a lightweight solution to avoid adding undue burden to the controller. Therefore, an information theory-based system, as demonstrated in related research [6], [7], is deemed preferable for attacks targeting the controller. Previous studies, including [14], [15], and [16], have explored DDoS attack detection in SDN using entropy theory with a fixed threshold value.…”

Section: Introductionmentioning

confidence: 99%

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Alemu,

Muhammed,

Belachew

et al. 2024

Preprint

View full text Add to dashboard Cite

Software-defined networking (SDN) has emerged as a transformative technology that separates the control plane from the data plane, providing advantages such as flexibility, centralized control, and programmability. This innovation proves particularly beneficial for Internet of Vehicles (IoV) networks, which amalgamate the Internet of Things (IoT) and Vehicular Ad Hoc Network (VANET) to implement Intelligent Transportation Systems (ITS). By employing an SDN controller, IoV networks can leverage centralized control and enhanced manageability, leading to the emergence of Software-Defined Internet of Vehicles (SD-IoV) as a promising solution for future communications. However, the integration of SDN into IoV networks introduces a potential vulnerability in the form of a single point of failure, particularly susceptible to Distributed Denial of Service (DDoS) attacks. This is because of the centralized nature of SDN and the dynamic nature of IoV. In this context, the SDN controller becomes a prime target for attackers who flood it with massive packet-in messages. To address this security concern, we propose an efficient and lightweight attack detection and mitigation scheme within the SDN controller. The scheme includes a detection module that utilizes entropy and flow rate to identify patterns indicative of attack traffic behavior. Additionally, a mitigation module is designed to minimize the effect of attack traffic on the normal operation, this is performed through analysis of payload lengths. An adaptive threshold computation for all parameter values enhances the scheme's effectiveness. We conducted simulations using SUMO, Mininet-WiFi, and Scapy. The simulation results demonstrate the efficacy of our proposed scheme in terms of detection time, accuracy, mitigation efficiency, controller load, and link bandwidth consumption, showcasing its superiority compared to existing works in the field.

show abstract

Analysis of the Impacts of Flooding-Based DDoS Attacks on SDN-Enabled Cloud

Chahal,

Bhandari,

Behal

2024

Communications in Computer and Information Science

View full text Add to dashboard Cite

Effectiveness of an Entropy-Based Approach for Detecting Low- and High-Rate DDoS Attacks against the SDN Controller: Experimental Analysis

Cited by 14 publications

References 19 publications

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Analysis of the Impacts of Flooding-Based DDoS Attacks on SDN-Enabled Cloud

Contact Info

Product

Resources

About