• Jawad Dalou'
  • Basheer Al-Duwairi
  • Mohammad Al-Jarrah



SDN, DDoS, Entropy


Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.


P. Goransson, C. Black, and T. Culver, Software Defined Networks: A Comprehensive Approach, Morgan Kaufmann, 2016.

L. Chung-Sheng and W. Liao, “Software defined networks,” IEEE Communications Magazine, vol. 51, no. 2, pp. 113-113, 2013.

M. Casado, T. Garfinkel, M. Freedman, A. Akella, D. Boneh, N. McKeown, and S. Shenker, “SANE: A protection architecture for enterprise networks,” Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15, ser. USENIX-SS’06, Berkeley, CA, USA, 2006, pp. 137-151.

B. A. A. Nunes, M. Mendonca, X. Nguyen, K. Obraczka and T. Turletti, “A survey of software-defined networking: Past, present, and future of programmable networks,” IEEE Communications Surveys & Tutorials, vol. 16, no. 3, pp. 1617-1634, Third Quarter 2014.

S. S. Mohammed, R. Hussain, O. Senko, B. Bimaganbetov, J. Lee, F. Hussain, C. A. Kerrache, E. Barka, and M. Z. A. Bhuiyan, “A new machine learning-based collaborative DDoS mitigation mechanism in software-defined network,” Proceedings of the 14th Int. Conf. Wireless Mobile Comput., Netw. Commun. (WiMob), Oct. 2018, pp. 1–8.

K. Bhushan and B. B. Gupta, “Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment,” J. Ambient Intell. Humanized Comput., vol. 10, no. 5, pp. 1985–1997, May 2019.

K. Kalkan, G. Gur, and F. Alagoz, “Defense mechanisms against DDoS attacks in SDN environment,” IEEE Commun. Mag., vol. 55, no. 9, pp. 175–179, Sep. 2017.

Q. Yan, F. R. Yu, Q. Gong and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602-622, First quarter 2016.

N. Handigol, B. Heller, V. Jeyakumar, D. Mazires, and N. McKeown, “I know what your packet did last hop: Using packet histories to troubleshoot networks,” Proceedings of the 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2014), 2014, pp. 71-85.

Y. Ye, C. Qian, and X. Li, “Distributed and collaborative traffic monitoring in software defined networks,” Proceedings of the third Workshop on Hot Topics in Software Defined Networking, ACM, 2014, pp. 85-90.

R. Sahay, G. Blanc, Z. Zhang, and H. Debar, “Towards autonomic DDoS mitigation using software defined networking,” Proceedings of the NDSS Workshop Security Emerging Networking Technologies (SENT), San Diego, CA, USA, 2015, pp. 1–7.

H. Wang, L. Xu and G. Gu, “FloodGuard: A DoS attack prevention extension in software-defined networks,” Proceedings of the 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, 2015, pp. 239-250.

T. Chin, X. Mountrouidou, X. Li, K. Xiong, Selective packet inspection to detect DoS flooding using software defined networking, in: (SDN),” Proceedings of the 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2015, pp. 95-99.

L. Zhou and H. Guo, “Applying NFV/SDN in mitigating DDoS attacks,” Proceedings of the IEEE Region 10 Conference TENCON 2017, Penang, 2017, pp. 2061-2066.

S. Nguyen, J. Choi, K. Kim, “Suspicious traffic detection based on edge gateway sampling method,” Proceedings of the 19th Asia-Pacific Network Operations and Management Symposium (APNOMS), Seoul, 2017, pp. 243-246.

M. S. Akbar, J. Khalid, and S. A. Khayam, “Revisiting traffic anomaly detection using software defined networking,” Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Springer, Berlin, Heidelberg, 2011, pp. 161-180.

S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “Avant-guard: Scalable and vigilant switch flow management in software-defined networks,” Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, New York, NY, USA, 2013, pp. 413-424.

S. Lim, J. Ha, H. Kim, Y. Kim and S. Yang, “A SDN-oriented DDoS blocking scheme for botnet-based attacks,” Proceedings of the 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN), Shanghai, 2014, pp. 63-68.

N. I. G. Dharma, M. F. Muthohar, J. D. A. Prayuda, K. Priagung and D. Choi, “Time-based DDoS detection and mitigation for SDN controller,” Proceedings of the 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), Busan, 2015, pp. 550-553.

Y. Xu and Y. Liu, “DDoS attack detection under SDN context,” Proceedings of the 35th Annual IEEE International Conference on Computer Communications INFOCOM 2016, San Francisco, CA, 2016, pp. 1-9.

P. Dong, X. Du, H. Zhang and T. Xu, “A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows,” Proceedings of the 2016 IEEE International Conference on Communications (ICC), Kuala Lumpur, 2016, pp. 1-6.

S.M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against software defined network controllers,” Journal of Network and Systems Management, vol. 26, no. 3, pp. 573-591, 2018.

P. Kumar, M. Tripathi, A. Nehra, M. Conti and C. Lal, “SAFETY: Early detection and mitigation of TCP SYN flood utilizing entropy in SDN,” IEEE Transactions on Network and Service Management, vol. 15, issue 4, pp. 1545-1559, 2018.

Mininet. [Online]. Available at: last access 10/2/2019.

noxrepo/pox: The POX network software platform – GitHub. [Online]. Available at: last access 10/2/2019.

N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, and S. Shenker, “NOX: towards an operating system for networks,” ACM SIGCOMM Computer Communication Review, vol. 38, no. 3, pp. 105-110, 2008.

Scapy Project. [Online]. Available at: Last access: 10/2/2019.




How to Cite

Dalou’, J., Al-Duwairi, B., & Al-Jarrah, M. (2020). ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS. International Journal of Computing, 19(3), 399-410.