Entropy-based distributed denial of service attack detection in software-defined networking

Mohammed Ibrahim Kareem, Mahdi Nsaif Jasim


Software defined networking (SDN) is a new network architecture that allows for centralized network control. The separation of the data plane from the control plane, which establishes a programmable network environment, is the key breakthrough underpinning SDN. The controller facilitates the deployment of services that specify control policies and delivers these rules to the data plane using a common protocol such as OpenFlow at the control plane. Despite the many advantages of this design, SDN security remains a worry because the aforementioned chapter expands the network's attack surface. In fact, denial of service (DoS) assaults pose a significant threat to SDN settings in a variety of ways, owing to flaws in the data and control layers. This work shows how distributed denial of service (DDoS) attack detection is based on the entropy variation of the destination IP address. The study takes advantage of the OpenFlow protocol's (OFP) flexibility and an OpenFlow controller (POX) to apply the proposed method. An entropy computation to determine the distributed features of DDoS traffic is developed and it is capable of detecting a user datagram protocol (UDP) flood attack after 0.445 seconds this type of attack occurred.


Distributed denial of service; Early detection; Entropy; Python-based software defined networking controller; Software defined networking security

Full Text:


DOI: http://doi.org/10.11591/ijeecs.v27.i3.pp1542-1549


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

shopify stats IJEECS visitor statistics