Early detection and mitigation of DDoS attacks in software defined networks

One of the security challenges in Software Defined networking (SON) is Distributed denial of service (DDoS) attacks that overwhelm the controller and consume its resources making it unreachable effecting the connectivity throughout the entire network. To detect and mitigate this attack at its early stages, an entropy-based DDoS attack detection and mitigation algorithm was proposed. The algorithm was written in Python programming language to be implementing on a POX controller. To find the proper detection threshold a series of tests on different scenarios of normal and attack traffic were conducted. If the entropy of the destination JP address falls below the threshold and continue for five consecutive times it is declared as an attack. Then the algorithm was tested with attack on one host and a sub net of six hosts with attack rates of25%, 50% and 75% for the first case and 50%, 75% attack rate for the subnet case. The attack was detected successfully without false negative alarms since the threshold was carefully chosen. Then the next step was to test the mitigation algorithm, the same above scenarios of attack were repeated and the entropy change after the mitigation was observed. The entropy increased and came close to the normal traffic entropy. The proposed method in this project was able to detect and mitigate the attack effectively in its early stages before the intensity escalate to a degree that exhausts the controller. This algorithm was minimal in line code to make it lightweight and made use of the controller's functionality without adding extra computational burden on the controller.