Entropy-Based DoS Attack Identification in SDN

Carvalho, Ranyelson Neres; Bordim, Jacir Luiz; Alchieri, Eduardo

doi:10.1109/ipdpsw.2019.00108

Cited by 28 publications

(27 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This implies that, for each attacker, the switch has to send a packet to the controller to find out what action to take by adding a new flow rule. In addition, if the detection mechanism corresponds to an entropy-based algorithm, all packets must be monitored [18], so stateless solutions are not efficient or scalable.…”

Section: Entropy-based (D)dos Attacks Detection and Mitigation In Stamentioning

confidence: 99%

“…As we will mention in Section 3, several solutions against DoS and DDoS attacks based on statistical methods have been proposed in the literature. There are also different works that investigate the detection of these attacks using the stateless SDN paradigm [18,19]. However, statistical solutions in SDN architectures exhibit several drawbacks that are required to be addressed in order to achieve efficient methods for the detection and mitigation of these security hazards.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach

Galeano-Brajones

Carmona-Murillo

Valenzuela-Valdés

et al. 2020

Sensors

105

View full text Add to dashboard Cite

The expected advent of the Internet of Things (IoT) has triggered a large demand of embedded devices, which envisions the autonomous interaction of sensors and actuators while offering all sort of smart services. However, these IoT devices are limited in computation, storage, and network capacity, which makes them easy to hack and compromise. To achieve secure development of IoT, it is necessary to engineer scalable security solutions optimized for the IoT ecosystem. To this end, Software Defined Networking (SDN) is a promising paradigm that serves as a pillar in the fifth generation of mobile systems (5G) that could help to detect and mitigate Denial of Service (DoS) and Distributed DoS (DDoS) threats. In this work, we propose to experimentally evaluate an entropy-based solution to detect and mitigate DoS and DDoS attacks in IoT scenarios using a stateful SDN data plane. The obtained results demonstrate for the first time the effectiveness of this technique targeting real IoT data traffic.

show abstract

Section: Entropy-based (D)dos Attacks Detection and Mitigation In Stamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach

Galeano-Brajones

Carmona-Murillo

Valenzuela-Valdés

et al. 2020

Sensors

105

View full text Add to dashboard Cite

show abstract

“…Since the centralized network architecture is more likely to be the target of DoS attacks, more research focuses on the detection and defense of DoS attacks in SDN. In [24], the authors built a mechanism that used statistical data to monitor the network and differentiate DoS traffic from benign traffic using entropy in an SDN environment. However, statistical solutions in SDN architectures display some flaws that need to be addressed to realize efficient methods for detecting and mitigating these security risks.…”

Section: Related Workmentioning

confidence: 99%

“…Next, we compared with other proposed solutions in the same environment, including the entropy-based detection method [24] and the DoSDefender. The results are shown in Table 4.…”

Section: Advancement Evaluationmentioning

confidence: 99%

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

et al. 2022

Sensors

View full text Add to dashboard Cite

Software-defined networking (SDN) is a new networking paradigm that realizes the fast management and optimal configuration of network resources by decoupling control logic and forwarding functions. However, centralized network architecture brings new security problems, and denial-of-service (DoS) attacks are among the most critical threats. Due to the lack of an effective message-verification mechanism in SDN, attackers can easily launch a DoS attack by faking the source address information. This paper presents DoSGuard, an efficient and protocol-independent defense framework for SDN networks to detect and mitigate such attacks. DoSGuard is a lightweight extension module on SDN controllers that mainly consists of three key components: a monitor, a detector, and a mitigator. The monitor maintains the information between the switches and the hosts for anomaly detection. The detector utilizes OpenFlow message and flow features to detect the attack. The mitigator protects networks by filtering malicious packets. We implement a prototype of DoSGuard in the floodlight controller and evaluate its effectiveness in a simulation environment. Experimental results show the DoSGuard achieves 98.72% detecion precision, and the average CPU utilization of the controller is only around 8%. The results demonstrate that DoSGuard can effectively mitigate DoS attacks against SDN with limited overhead.

show abstract

“…Maximum entropy estimation was suggested to identify the benign and attack traffic in the SDN network [23,24]. Similar approaches were proposed to detect DDoS attacks using a statistical based entropy model [5,25,26]. A classification framework that detects the DDoS attack based on statistical features at flow level and packet level was suggested [27].…”

Section: Related Workmentioning

confidence: 99%

A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

Riyad¹

2021

IJATEE

View full text Add to dashboard Cite

With the increase in the usage of the internet and related technologies such as cloud computing, the Internet of things, and big data, the network traffic is getting increased day by day. However, the traditional IP based network struggles in adopting the huge network traffic through scalability, controllability as well as manageability for which software defined network has become an alternative. It meets the requirements of modern technologies in which the control is centralized over the network. Due to the increased popularity and usage, the security of the SDN is often compromised. Distributed Denial of Service attack is a major threat that suppresses the service of the SDN network. This paper focuses on providing a defence framework for SDN against DDoS attacks with two main phases. The DDoS prevention phase implemented at the data plane is responsible for preventing attack packets through simple flow analysis. The DDoS detection phase at the control plane extracts the features from the incoming packets on which the rough set theory based entropy is applied to select the significant features. Later ensemble classifier categorizes the flow as normal or attack. The flow rules are updated based on the obtained results. The proposed model has experimented with two publically available datasets and the analysis are made with the obtained results. The proposed model has better precision values in predicting the flow as benign or attack with the values 96.3% and 96.12% respectively. The result analysis proves that the proposed model outperforms various other existing models in classifying DDoS attacks.

show abstract

Entropy-Based DoS Attack Identification in SDN

Cited by 28 publications

References 18 publications

Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach

Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

Contact Info

Product

Resources

About