Entropy-based distributed denial of service attack detection in software-defined networking

Kareem, Mohammed Ibrahim; Jasim, Mahdi Nsaif

doi:10.11591/ijeecs.v27.i3.pp1542-1549

Cited by 10 publications

(5 citation statements)

References 20 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To measure the entropy variation, it is suggested to use destination address rather than source addresses. In [15] and [23], researchers use entropy variation of destination IP address to detect the attack and shows the capability of detecting User Datagram Protocol (UDP) flood attack detection. The entropy variation could improved by including checking the variation of Log Energy Entropy (LEE) in addition with Information Entropy (IE) as proposed in [24].…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, an information theory-based system, as demonstrated in related research [6], [7], is deemed preferable for attacks targeting the controller. Previous studies, including [14], [15], and [16], have explored DDoS attack detection in SDN using entropy theory with a fixed threshold value. Recognizing the dynamic nature of environments like IoV, introducing a dynamic threshold in attack detection could enhance performance [17].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Alemu,

Muhammed,

Belachew

et al. 2024

Preprint

View full text Add to dashboard Cite

Software-defined networking (SDN) has emerged as a transformative technology that separates the control plane from the data plane, providing advantages such as flexibility, centralized control, and programmability. This innovation proves particularly beneficial for Internet of Vehicles (IoV) networks, which amalgamate the Internet of Things (IoT) and Vehicular Ad Hoc Network (VANET) to implement Intelligent Transportation Systems (ITS). By employing an SDN controller, IoV networks can leverage centralized control and enhanced manageability, leading to the emergence of Software-Defined Internet of Vehicles (SD-IoV) as a promising solution for future communications. However, the integration of SDN into IoV networks introduces a potential vulnerability in the form of a single point of failure, particularly susceptible to Distributed Denial of Service (DDoS) attacks. This is because of the centralized nature of SDN and the dynamic nature of IoV. In this context, the SDN controller becomes a prime target for attackers who flood it with massive packet-in messages. To address this security concern, we propose an efficient and lightweight attack detection and mitigation scheme within the SDN controller. The scheme includes a detection module that utilizes entropy and flow rate to identify patterns indicative of attack traffic behavior. Additionally, a mitigation module is designed to minimize the effect of attack traffic on the normal operation, this is performed through analysis of payload lengths. An adaptive threshold computation for all parameter values enhances the scheme's effectiveness. We conducted simulations using SUMO, Mininet-WiFi, and Scapy. The simulation results demonstrate the efficacy of our proposed scheme in terms of detection time, accuracy, mitigation efficiency, controller load, and link bandwidth consumption, showcasing its superiority compared to existing works in the field.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Alemu,

Muhammed,

Belachew

et al. 2024

Preprint

View full text Add to dashboard Cite

show abstract

“…One such way is network-based detection techniques whereby network traffic is monitored, and abnormal patterns of this traffic are identified. Another one is traffic analysis which is considered one of the network-based approaches [11,13,14]. Additionally, machine learning and artificial intelligence techniques are widely used today to detect distributed denialof-service attacks, in addition to blockchain technology [2,4,15,16].…”

Section: Introductionmentioning

confidence: 99%

Detection and Mitigation Distribution Denial of Service Attack Based on Blockchain Concept

Abdullah,

Hussein

2024

ISI

View full text Add to dashboard Cite

“…Currently VSS uses threshold crossing alerts (TCA) feature, based on traffic metrics like Packets in, Packets out, Bytes in, Bytes out, anterior cruciate ligament (ACL) deny event count, anti-spoof event count, that could be because of a DoS [16]- [18] attack, for generating real time alerts. TCA uses static threshold calculation to decide on the anomalies in the traffic pattern.…”

Section: Introductionmentioning

confidence: 99%

Anomaly detection for software defined datacenter networks using X-Pack

Mahabaleshwar

Shobha

Krishnamurthy³

2023

IJEECS

View full text Add to dashboard Cite

The global data center market is growing as more and more enterprises are increasingly adopting cloud computing services and applications. Data centers are evolving towards highly virtualized architectures where transformation to software defined network (SDN) based solutions provides benefits in terms of network programmability, automation, and flow visibility. With the benefits, the need for securing network becomes essential as many critical applications are hosted on to such networking platforms. Anomaly detection is a continuous process of monitoring the traffic pattern and alerting the user about the anomalies if detected. For such real time analysis NoSQL and relational databases are less efficient. This paper proposes a framework for anomaly detection and alerting system using Elasticsearch database for SDN. Traffic patterns generated from SDN devices are continuously monitored and predefined actions are taken immediately if an anomaly is detected. The proof of concept is implemented in NOKIAs Nuage Networks Laboratory and the results showed a real time anomaly detection and took relevant actions within minimum time.

show abstract

Entropy-based distributed denial of service attack detection in software-defined networking

Cited by 10 publications

References 20 publications

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Detection and Mitigation Distribution Denial of Service Attack Based on Blockchain Concept

Anomaly detection for software defined datacenter networks using X-Pack

Contact Info

Product

Resources

About