A two level security mechanism to detect a DDoS flooding attack in software-defined networks using entropy-based and C4.5 technique

摘要

Software-Defined Network (SDN) has recently emerged as a network paradigm due to its high network programmability and flexibility which can overcome the problem in traditional networks by decoupling the control plane from the data plane. The data plane will forward the packets as per the decision made by the controller in the control plane. This centralized control will help to provide the abstract view of the entire network infrastructure. Since the controller is a core part of SDN, it is more prone for attacks and turns as a major threat to the entire network. Distributed Denial of Service (DDoS) attack can then overload the SDN controller and switch flow table which leads to a performance degrade of the network. To address this problem, we have deployed two level security mechanisms. In level one, an entropy-based mechanism is proposed to detect the DDoS flooding attack in the early stage by temporarily holding the particular flow. In level two, a machine learning-based C4.5 technique is proposed to detect the attack by analysing additional features and send a permanent alert to drop the packets. The results are analysed with K-fold validation technique in terms of sensitivity, specificity and accuracy.