DDoS detection in software-defined network using entropy method. (English) Zbl 07597633
Giri, Debasis (ed.) et al., Proceedings of the seventh international conference on mathematics and computing, ICMC 2021, Shibpur, India, March 2–5, 2021. Singapore: Springer. Adv. Intell. Syst. Comput. 1412, 129-139 (2022).
Summary: In the internet era, Software-defined Network (SDN) is the most alluring technology, which decouples the control plane and data plane in the network. The decoupling approach in networking has tremendous advantages compared to the traditional one. Although SDN provides several benefits by decoupling the control plane from the data plane, there is a contradictory relationship between SDN and Distributed Denial of Service (DDoS) attacks. Contradiction comes because the centralized SDN controller can detect and mitigate DDoS easily although centralization makes it vulnerable to these attacks. The DDoS attack is a Denial of Service (DoS) attack utilizing multiple distributed attack sources and can be easily detected using entropy method. Every network in the system has an entropy and an increase in randomness causes an increase in entropy. In this paper, detection and mitigation of DDoS attacks have been tackled by the entropy method which calculates the entropy variations at the destination IP address and the threshold. If the entropy values drop below a threshold value, we are blocking the certain port in the switch and bringing the port down. The proposed method detects the DDoS attack packets early and the solution is lightweight.
For the entire collection see [Zbl 1491.65006].
For the entire collection see [Zbl 1491.65006].
Software:
JESSReferences:
| [1] | O. N. Fundation, Software-defined networking: the new norm for networks, ONF White Pap, 2, 2-6, 11 (2012) |
| [2] | Jensen M, Gruschka N, Luttenberger N (2008) The impact of flooding attacks on network-based services. In: 2008 third international conference on availability, reliability and security. IEEE, pp 509-513 |
| [3] | Adat, V.; Gupta, B., Security in internet of things: issues, challenges, taxonomy, and architecture, Telecommun Syst, 67, 3, 423-441 (2018) · doi:10.1007/s11235-017-0345-9 |
| [4] | Bawany, NZ; Shamsi, JA; Salah, K., Ddos attack detection and mitigation using sdn: methods, practices, and solutions, Arab J Sci Eng, 42, 2, 425-441 (2017) · doi:10.1007/s13369-017-2414-5 |
| [5] | Kumar S (2007) Smurf-based distributed denial of service (ddos) attack amplification in internet. In: Second international conference on internet monitoring and protection (ICIMP 2007). IEEE, p 25 |
| [6] | Dong, S.; Abbas, K.; Jain, R., A survey on distributed denial of service (ddos) attacks in sdn and cloud computing environments, IEEE Access, 7, 80 813-80 828 (2019) · doi:10.1109/ACCESS.2019.2922196 |
| [7] | Geetha K, Sreenath N (2014) Syn flooding attack-identification and analysis. In: International conference on information communication and embedded systems (ICICES2014). IEEE, pp 1-7 |
| [8] | Saharan S, Gupta V (2019) Prevention and mitigation of dns based ddos attacks in sdn environment. In: 2019 11th international conference on communication systems & networks (COMSNETS). IEEE, pp 571-573 |
| [9] | Rudman L, Irwin B (2005) Characterization and analysis of ntp amplification based ddos attacks. In: 2015 information security for South Africa (ISSA). IEEE, pp 1-5 |
| [10] | Senn M (2009) The most basic entry for a website consists of the author name(s), page title, website title, web address, and date accessed (accessed February 3, 2014). [Online]. http://securelist.com/ |
| [11] | Braun, W.; Menth, M., Software-defined networking using openflow: protocols, applications and architectural design choices, Future Internet, 6, 2, 302-336 (2014) · doi:10.3390/fi6020302 |
| [12] | Sharma S, Sahu SK, Jena SK (2015) On selection of attributes for entropy based detection of ddos. In: 2015 international conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 1096-1100 |
| [13] | Cervantes, J.; Garcia-Lamont, F.; Rodriguez-Mazahua, L.; Lopez, A., A comprehensive survey on support vector machine classification: applications, challenges and trends, Neurocomputing, 408, 189-215 (2020) · doi:10.1016/j.neucom.2019.10.118 |
| [14] | Adat V, Dahiya A, Gupta B (2018) Economic incentive based solution against distributed denial of service attacks for iot customers. In: 2018 ieee international conference on consumer electronics (ICCE). IEEE, pp 1-5 |
| [15] | Adat V, Gupta B (2017) A ddos attack mitigation framework for internet of things. In: 2017 international conference on communication and signal processing (ICCSP). IEEE, pp 2036-2041 |
| [16] | Mehdi SA, Khalid J, Khayam SA (2011) Revisiting traffic anomaly detection using software defined networking. In: International workshop on recent advances in intrusion detection. Springer, pp 161-180 |
| [17] | Xing T, Huang D, Xu L, Chung C-J, Khatkar P (2013) Snortflow: a openflow-based intrusion prevention system in cloud environment. In 2013 second GENI research and educational experiment workshop. IEEE, pp 89-92 |
| [18] | Kalkan, K.; Altay, L.; Gür, G.; Alagöz, F., Jess: joint entropy-based ddos defense scheme in sdn, IEEE J Sel Areas Commun, 36, 10, 2358-2372 (2018) · doi:10.1109/JSAC.2018.2869997 |
| [19] | Zhang J, Qin Z, Ou L, Jiang P, Liu J, Liu AX (2010) An advanced entropy-based ddos detection scheme. In: 2010 international conference on information, networking and automation (ICINA), vol 2. IEEE, pp V2-67 |
| [20] | Mousavi SM, St-Hilaire M (2015) Early detection of ddos attacks against sdn controllers. In: 2015 international conference on computing, networking and communications (ICNC). IEEE, pp 77-81 |
| [21] | Bereziński P, Szpyrka M, Jasiul B, Mazur M (2015) Network anomaly detection using parameterized entropy. In: IFIP international conference on computer information systems and industrial management. Springer, pp 465-478 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
