Entropy-Based DoS Attack Identification in SDN

Software Defined Networks (SDN) represent a new network architecture that provides central control over the network. The main innovation behind an SDN network is that it decouples the data plane from the control plane, which defines a network programmable environment. In the control plane, the controller supports the execution of services that define the control policies and distributes these rules to the data plane through a standard protocol, such as OpenFlow. Despite the numerous benefits provided by this architecture, the security of an SDN network is still a matter of concern since the aforementioned decoupling increase the attack surface in the network. In fact, Denial of Service (DoS) attacks are the ones that challenge the SDN environments in many aspects, mainly due to vulnerabilities between the control and the data plane layers. Entropy-based DoS detection method is a technique widely used in conventional network architecture. This paper proposes the use of entropy in an SDN environment, through of the OpenFlow switches statistics, to build a mechanism that monitor the network and is able to differentiate DoS traffic from the benign traffic. Experimental results show the practical feasibility of the proposed solution.

[1]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[2]  Abhinav Bhandari,et al.  Destination Address Entropy based Detection and Traceback Approach against Distributed Denial of Service Attacks , 2015 .

[3]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[4]  Byrav Ramamurthy,et al.  Network Innovation using OpenFlow: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[5]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[6]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[7]  Suratose Tritilanunt,et al.  Entropy-based input-output traffic mode detection scheme for DoS/DDoS attacks , 2010, 2010 10th International Symposium on Communications and Information Technologies.

[8]  Martín Casado,et al.  Virtualizing the network forwarding plane , 2010, PRESTO '10.

[9]  Jin Li,et al.  DDoS attack detection based on neural network , 2010, 2010 2nd International Symposium on Aware Computing.

[10]  Shang Gao,et al.  FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks , 2017, INFOCOM.

[11]  Kazuki Katagishi,et al.  A Simple Detection Method for DoS Attacks Based on IP Packets Entropy Values , 2014, 2014 Ninth Asia Joint Conference on Information Security.

[12]  Luciano Paschoal Gaspary,et al.  Offloading Real-time DDoS Attack Detection to Programmable Data Planes , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[13]  Abdalla Taha Software-Defined Networking and its Security , 2014 .

[14]  Sidharth Sharma,et al.  On selection of attributes for entropy based detection of DDoS , 2015, 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[15]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[16]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[17]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[18]  Otto Carlos Muniz Bandeira Duarte,et al.  AuthFlow: authentication and access control mechanism for software defined networking , 2016, Ann. des Télécommunications.

[19]  Mauro Conti,et al.  SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks , 2017, IEEE Transactions on Network and Service Management.

[20]  Zaid Al-Ali,et al.  SYN Flooding Attacks and Countermeasures: A Survey , 2013 .

[21]  Toshinori Sueyoshi,et al.  Early DoS/DDoS Detection Method using Short-term Statistics , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[22]  Yonggang Wen,et al.  “ A Survey of Software Defined Networking , 2020 .