Enhancing DDoS attack detection in software-defined networks with entropy-based techniques

Abstract

The introduction of Software-Defined Networks (SDN) represents significant advancements in network design by separating control and forwarding planes. While SDN improves network administration productivity, it has many vulnerabilities which hackers can exploit. One such cyber-attack is Distributed Denial of Service (DDoS), which leads to many challenges. This paper aims to assess SDN vulnerabilities by using a novel technique, Entropy, that can detect DDoS attacks at an early stage. The methodology relies on Entropy to identify abnormal network behaviour, which may indicate DDoS attacks. In addition, a novel mitigation technique using flow drop rules enables the rapid and targeted suppression of malicious traffic. Therefore, it enhances the security of SDN network devices. The solution implements a three-stage DDoS attack detection system for the SDN environment. It involves data gathering, entropy calculation, and threshold-based detection to identify potential attacks.