ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS
Keywords:SDN, DDoS, Entropy
Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.
P. Goransson, C. Black, and T. Culver, Software Deﬁned Networks: A Comprehensive Approach, Morgan Kaufmann, 2016.
L. Chung-Sheng and W. Liao, “Software deﬁned networks,” IEEE Communications Magazine, vol. 51, no. 2, pp. 113-113, 2013.
M. Casado, T. Garﬁnkel, M. Freedman, A. Akella, D. Boneh, N. McKeown, and S. Shenker, “SANE: A protection architecture for enterprise networks,” Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, ser. USENIX-SS’06, Berkeley, CA, USA, 2006, pp. 137-151.
B. A. A. Nunes, M. Mendonca, X. Nguyen, K. Obraczka and T. Turletti, “A survey of software-defined networking: Past, present, and future of programmable networks,” IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1617-1634, Third Quarter 2014.
S. S. Mohammed, R. Hussain, O. Senko, B. Bimaganbetov, J. Lee, F. Hussain, C. A. Kerrache, E. Barka, and M. Z. A. Bhuiyan, “A new machine learning-based collaborative DDoS mitigation mechanism in software-defined network,” Proceedings of the 14th Int. Conf. Wireless Mobile Comput., Netw. Commun. (WiMob), Oct. 2018, pp. 1–8.
K. Bhushan and B. B. Gupta, “Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment,” J. Ambient Intell. Humanized Comput., vol. 10, no. 5, pp. 1985–1997, May 2019.
K. Kalkan, G. Gur, and F. Alagoz, “Defense mechanisms against DDoS attacks in SDN environment,” IEEE Commun. Mag., vol. 55, no. 9, pp. 175–179, Sep. 2017.
Q. Yan, F. R. Yu, Q. Gong and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602-622, First quarter 2016.
N. Handigol, B. Heller, V. Jeyakumar, D. Mazires, and N. McKeown, “I know what your packet did last hop: Using packet histories to troubleshoot networks,” Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2014), 2014, pp. 71-85.
Y. Ye, C. Qian, and X. Li, “Distributed and collaborative traffic monitoring in software deﬁned networks,” Proceedings of the third Workshop on Hot Topics in Software Deﬁned Networking, ACM, 2014, pp. 85-90.
R. Sahay, G. Blanc, Z. Zhang, and H. Debar, “Towards autonomic DDoS mitigation using software deﬁned networking,” Proceedings of the NDSS Workshop Security Emerging Networking Technologies (SENT), San Diego, CA, USA, 2015, pp. 1–7.
H. Wang, L. Xu and G. Gu, “FloodGuard: A DoS attack prevention extension in software-defined networks,” Proceedings of the 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, 2015, pp. 239-250.
T. Chin, X. Mountrouidou, X. Li, K. Xiong, Selective packet inspection to detect DoS flooding using software defined networking, in: (SDN),” Proceedings of the 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2015, pp. 95-99.
L. Zhou and H. Guo, “Applying NFV/SDN in mitigating DDoS attacks,” Proceedings of the IEEE Region 10 Conference TENCON 2017, Penang, 2017, pp. 2061-2066.
S. Nguyen, J. Choi, K. Kim, “Suspicious traffic detection based on edge gateway sampling method,” Proceedings of the 19th Asia-Pacific Network Operations and Management Symposium (APNOMS), Seoul, 2017, pp. 243-246.
M. S. Akbar, J. Khalid, and S. A. Khayam, “Revisiting traffic anomaly detection using software deﬁned networking,” Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Springer, Berlin, Heidelberg, 2011, pp. 161-180.
S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “Avant-guard: Scalable and vigilant switch ﬂow management in software-deﬁned networks,” Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, New York, NY, USA, 2013, pp. 413-424.
S. Lim, J. Ha, H. Kim, Y. Kim and S. Yang, “A SDN-oriented DDoS blocking scheme for botnet-based attacks,” Proceedings of the 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN), Shanghai, 2014, pp. 63-68.
N. I. G. Dharma, M. F. Muthohar, J. D. A. Prayuda, K. Priagung and D. Choi, “Time-based DDoS detection and mitigation for SDN controller,” Proceedings of the 2015 17th Asia-Paciﬁc Network Operations and Management Symposium (APNOMS), Busan, 2015, pp. 550-553.
Y. Xu and Y. Liu, “DDoS attack detection under SDN context,” Proceedings of the 35th Annual IEEE International Conference on Computer Communications INFOCOM 2016, San Francisco, CA, 2016, pp. 1-9.
P. Dong, X. Du, H. Zhang and T. Xu, “A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic ﬂows,” Proceedings of the 2016 IEEE International Conference on Communications (ICC), Kuala Lumpur, 2016, pp. 1-6.
S.M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against software defined network controllers,” Journal of Network and Systems Management, vol. 26, no. 3, pp. 573-591, 2018.
P. Kumar, M. Tripathi, A. Nehra, M. Conti and C. Lal, “SAFETY: Early detection and mitigation of TCP SYN flood utilizing entropy in SDN,” IEEE Transactions on Network and Service Management, vol. 15, issue 4, pp. 1545-1559, 2018.
Mininet. [Online]. Available at: http://mininet.org. last access 10/2/2019.
noxrepo/pox: The POX network software platform – GitHub. [Online]. Available at: https://github.com/noxrepo/pox. last access 10/2/2019.
N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, and S. Shenker, “NOX: towards an operating system for networks,” ACM SIGCOMM Computer Communication Review, vol. 38, no. 3, pp. 105-110, 2008.
Scapy Project. [Online]. Available at: https://scapy.net/. Last access: 10/2/2019.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.