Software-defined networking (SDN) has revolutionized network management by providing modular control and data plane attributes for flexible network management. It implies the concept of separating the control and data plane attributes for flexible network management. However, centralized management due to control plane separation in SDN also exposes it to cyber threats such as Distributed Denial-of-service (DDoS) attacks that can compromise the SDN controllers. In recent research, entropy-based attack detection approaches showed much significance among other detection methods but relying on entropy itself can neglect detection in several variables such as variations in flow specification. Based on these limitations, in this work, we have designed a DDoS attack detection framework inside the SDN control plane by integrating the packet flow initiation and its specifications properties with entropy-based algorithm to ensure correct measures of attack detection. The simulation is performed on Mininet network simulator, for implementing SDN architecture and the testbed is created on UDP flood attacks on commonly used data-centric tree topologies. Based on experimentation, this lightweight framework is designed to mitigate DDoS attacks by detecting its effects in the early stages to prevent SDN controller being hijacked due to immense packet flooding Based on the results, the proposed solution assures the SDN-based DDoS attack detection and mitigation under 150 packets maintaining significantly low detection time and high accuracy.accuracy.
Software-defined networking provides modular network management, allowing the flexible quality of services to remove conventional networks' limitations. It implies the concept of separating the control and data plane attributes for flexible network management. Contrary to network flexibilities, the centralized management is exposed to cyber threats i.e., Distributed Denial-of-service (DDoS) attacks which can compromise of SDN controllers. Meanwhile, entropy-based DDoS attack detection methods are most prominent among other detection methods but relying on entropy itself can neglect detection in several parameters i.e., variations in flow specification. In this research, a DDOS attacks detection and mitigation framework inside the SDN control plane is designed to ensure the secure availability of the network. Our approach comprises an entropy-based detection system integrated flow initiation and specification modules to classify the malicious DDoS flows against regular traffic. This lightweight approach is designed to minimize DDoS attacks by detecting its effects in the early stages a perform mitigation before compromising the controller resources. The simulation is performed on Mininet network simulator, for implementing SDN architecture and the testbed is created on various DDOS attacks, i.e., UDP, TCP-SYN, and ICMP ping flood attacks, to validate on commonly used data centric network environments. Based on the results, the proposed solution assures the SDN-based DDoS attack detection and mitigation under 150 packets maintaining significantly low detection time and high accuracy.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.