Open Access

ARTICLE

Entropy-Based Approach to Detect DDoS Attacks on Software Defined Networking Controller

Mohammad Aladaileh¹, Mohammed Anbar^1,*, Iznan H. Hasbullah¹, Yousef K. Sanjalawe^1,2, Yung-Wey Chong¹
1 National Advanced IPv6 Centre of Excellence, Universiti Sains Malaysia, Penang, Malaysia
2 Department of Computer Sciences, Northern Border University, Ar’ar, Kingdom of Saudi Arabia
* Corresponding Author: Mohammed Anbar. Email:

Computers, Materials & Continua 2021, 69(1), 373-391. https://doi.org/10.32604/cmc.2021.017972

Received 19 February 2021; Accepted 24 March 2021; Issue published 04 June 2021

Abstract

The Software-Defined Networking (SDN) technology improves network management over existing technology via centralized network control. The SDN provides a perfect platform for researchers to solve traditional network’s outstanding issues. However, despite the advantages of centralized control, concern about its security is rising. The more traditional network switched to SDN technology, the more attractive it becomes to malicious actors, especially the controller, because it is the network’s brain. A Distributed Denial of Service (DDoS) attack on the controller could cripple the entire network. For that reason, researchers are always looking for ways to detect DDoS attacks against the controller with higher accuracy and lower false-positive rate. This paper proposes an entropy-based approach to detect low-rate and high-rate DDoS attacks against the SDN controller, regardless of the number of attackers or targets. The proposed approach generalized the Rényi joint entropy for analyzing the network traffic flow to detect DDoS attack traffic flow of varying rates. Using two packet header features and generalized Rényi joint entropy, the proposed approach achieved a better detection rate than the EDDSC approach that uses Shannon entropy metrics.

---

Keywords

Software-defined networking; DDoS attack; distributed denial of service; Rényi joint entropy

---