Generalized Entropy-Based Approach With A Dynamic Threshold To Detect Ddos Attacks On Software Defined Networking Controller

Thumbnail Image
Date
2021-03
Authors
Aladaileh, Mohammad Adnan Ahmad
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Sains Malaysia
Abstract
The wide proliferation of telecommunication technologies in the last decade also gives rise to many sophisticated security threats. Software-Defined Networking (SDN) is a new networking architecture that isolates the network control plane from the data plane that offers better features and functionalities to detect and deal with those security threats. Its programmable elastic feature permits efficient network management and provides network operators with the flexibility to monitor and fine-tune their network. However, the new technology is not free from new security concerns. The Distributed Denial of Service (DDoS) attack is one of the major concerns that mainly targets the SDN controller and threatens the security of the SDN networks. Since the controller is the key and focal component of the SDN, any problem occurring at the controller may degrade or even collapses the entire network. Therefore, there is a dire need for an effective approach to detect low rate DDoS attacks with high accuracy and low false positive rate. Thus, this thesis proposes an efficient DDoS attack detection approach called Generalized Entropy-Based Approach with a Dynamic Threshold to Detect DDoS Attacks on Software-Defined Networking Controller (GEADDDC). GEADDDC generalizes the Renyi Joint Entropy algorithm and uses a dynamic threshold to detect DDoS attacks on the SDN controller. The proposed approach has been evaluated using eight simulation scenarios covering a combination of either low or high rate DDoS attack against the SDN controller, triggered from either a single host attack or multiple host attacks, and targeting either a single victim or multiple victims in the SDN network. The effectiveness of the GEADDDC approach has been compared with the EDDSC approach, and the results prove that it outperforms the EDDSC approach in terms of the detection rate and the false positive rate. The proposed GEADDDC approach has improved the detection rate average over the EDDSC approach by 10.62%, 1.78%, 35.81%, 3.36%, 5.72%, 0.88%, 9.49%, and 0.73% for SSL, SSH, SML, SMH, MSL, MSH, MML, MMH, respectively. Moreover, the average false positive rates of GEADDDC improved to 90.20%, 76.09%, 92.07%, 71.75%, 90.73%, 75.65%, 94.01%, and 72.00% for SSL, SSH, SML, SMH, MSL, MSH, MML, MMH, respectively, compared to the existing EDDSC approach.
Description
Keywords
Tecnology
Citation
URI
http://hdl.handle.net/123456789/14974
Collections
Pusat IPv6 Termaju Negara - Tesis