SDN-Honeypot Integration for DDoS Detection Scheme Using Entropy

2020 ◽  
pp. 187-194
Author(s):  
Irmawati Feren Kilwalaga ◽  
Fauzi Dwi Setiawan Sumadi ◽  
Syaifuddin Syaifuddin
Keyword(s):  
Entropy Method ◽  
Software Defined Network ◽  
New Paradigm ◽  
Detection Scheme ◽  
Packet Delivery ◽  
Average Value ◽  
Ddos Attack ◽  
Incoming Packet ◽  
Ddos Detection ◽  
Security Gap

Limitations on traditional networks contributed to the development of a new paradigm called Software Defined Network (SDN). The separation of control and data plane provides an advantage as well as a security gap on the SDN network because all controls are centralized on the controller so when the compilation of attacks are directed the controller, the controller will be overburdened and eventually dropped. One of the attacks that can be used is the DDoS attack - ICMP Flood. ICMP Flood is an attack intended to overwhelm the target with a large number of ICMP requests. To overcome this problem, this paper proposes detection and mitigation using the Modern Honey Network (MHN) integration in SDN and then makes reactive applications outside the controller using the entropy method. Entropy is a statistical method used to calculate the randomness level of an incoming packet and use header information as a reference for its calculation. In this study, the variables used are the source of IP, the destination of IP and protocol. The results show that detection and mitigation were successfully carried out with an average value of entropy around 10.830. Moreover, CPU usage either in normal packet delivery or attacks showed insignificant impact from the use of entropy. In addition, it can be concluded that the best data collected in 30 seconds in term of the promptness of mitigation flow installation.

scholarly journals Improving Distributed Denial of Service (DDOS) Detection using Entropy Method in Software Defined Network (SDN)

2017 ◽  
Vol 8 (4) ◽  
pp. 215
Author(s):  
Maman Abdurohman ◽  
Dani Prasetiawan ◽  
Fazmah Arif Yulianto
Keyword(s):  
Denial Of Service ◽  
Entropy Method ◽  
Attack Detection ◽  
New Method ◽  
Sudden Increase ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
Ddos Detection ◽  
Ddos Attack Detection

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.

scholarly journals Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

2018 ◽  
Vol 7 (2.6) ◽  
pp. 46 ◽  
Author(s):  
Sanjeetha R ◽  
Shikhar Srivastava ◽  
Rishab Pokharna ◽  
Syed Shafiq ◽  
Dr Anita Kanavalli
Keyword(s):  
Network Architecture ◽  
Flow Rule ◽  
Software Defined Network ◽  
Ddos Attacks ◽  
Control Plane ◽  
Ddos Attack ◽  
Flow Table ◽  
Data Plane ◽  
Ddos Detection ◽  
Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

scholarly journals Software Defined Network : The Comparison of SVM kernel on DDoS Detection

2021 ◽  
Vol 1 (1) ◽  
pp. 281-290
Author(s):  
Rifki Indra Perwira ◽  
Hari Prapcoyo
Keyword(s):  
Network Security ◽  
New Technology ◽  
Training Data ◽  
Software Defined Network ◽  
Data Traffic ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Ddos Detection ◽  
The Difference ◽  
The Brain

SDN is a new technology in the concept of a network where there is a separation between the data plane and the control plane as the brain that regulates data forwarding so that it becomes a target for DDoS attacks. Detection of DDoS attacks is an important topic in the field of network security. because of the difficulty of detecting the difference between normal traffic and anomalous attacks. Based on data from helpnetsecurity.com, in 2020 there were 4.83 million attempted DoS/DDoS attacks on various services, this shows that network security is very important. Various methods have been used in detecting DDoS attacks such as using a threshold on passing network traffic with an average traffic size compared to 3 times the standard deviation, the weakness of this method is if there is a spike in traffic it will be detected as an attack even though the traffic is normal so that it increases false positives. To maintain security on the SDN network, the reason is that a system is needed that can detect DDoS attacks anomalously by taking advantage of the habits that appear on the system and assuming that if there are deviations from the habits that appear then it is declared a DDoS attack, the SVM method is used to categorize the data traffic obtained from the controller to detect whether it is a DDoS attack or not. Based on the tests conducted with 500 training data, the accuracy is 99,2%. The conclusion of this paper is that the RBF SVM kernel can be very good at detecting anomalous DDoS attacks.

scholarly journals A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Shanshan Yu ◽  
Jicheng Zhang ◽  
Ju Liu ◽  
Xiaoqing Zhang ◽  
Yafeng Li ◽  
...  
Keyword(s):  
Ensemble Learning ◽  
Denial Of Service ◽  
Attack Detection ◽  
Coarse Grained ◽  
Communication Overhead ◽  
Detection Scheme ◽  
Fine Grained ◽  
Ddos Attack ◽  
Network Status ◽  
Ddos Attack Detection

AbstractIn order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

scholarly journals Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

2021 ◽  
Author(s):  
Merlin James Rukshan Dennis
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Statistical Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Learning Approach ◽  
Ddos Attack ◽  
Machine Learning Approach ◽  
Ddos Detection ◽  
Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

Traffic Classification Features and its Application in DDoS Detection

2013 ◽  
Vol 380-384 ◽  
pp. 2673-2676
Author(s):  
Ze Yu Xiong
Keyword(s):  
Detection Method ◽  
Single Point ◽  
Attack Detection ◽  
Traffic Classification ◽  
Ddos Attacks ◽  
Detection Scheme ◽  
Ddos Detection ◽  
Point Detection ◽  
Ddos Attack Detection ◽  
Collaborative Detection

DDoS attacks have relatively low proportion of normal flow in the boundary network at the attack traffic,In this paper,we establish DDoS attack detection method based on defense stage and defensive position, and design and implement collaborative detection of DDoS attacks. Simulation results show that our approach has good timeliness, accuracy and scalability than the single-point detection and route-based distributed detection scheme.

Analysis on Willingness to Pay at the Ecotourism Destination, Cigamea Waterfall, Halimun-Salak National Reserve

2020 ◽  
Vol 11 (2) ◽  
pp. 403
Author(s):  
Aris MUNANDAR ◽  
Andi GUNAWAN ◽  
Ghoitsa Rohmah NURAZIZAH ◽  
Andrianto KUSUMOARTO
Keyword(s):  
Willingness To Pay ◽  
Living Organism ◽  
Montane Forest ◽  
Easy Access ◽  
Natural Phenomena ◽  
New Paradigm ◽  
Average Value ◽  
Potential Value ◽  
Forest Margin ◽  
Humid Tropical Forest

Cigamea Waterfall is one of the ecotourism destinations situated in area of Salak Resort II of Halimun-Salak National Reserve (HSNR) Indonesia that can be partialy developed. The area consists of sub montanes forest and montane forest categorized as humid tropical forest. The uniqueness and the beauty of the flora, fauna, natural phenomena, and the natural condition become attraction for people to visit the area and willingness to pay for contribution fee. This fee is used as management funding to preserve the area. A demand for a commodity is trigered by willingness affordibility in buying that commodity (willingness to pay). The research analyzed willingness to pay by visitors to enjoy the beauty of Cigamea Waterfall. Logit method with descriptive quantitative approach was used in this study. Several stages in this study included: (1) analysing visitors’ trend; (2) analysing respondents’logit regression towards willingness to pay (WTP); (3) analysing willingness to pay. During this research, this ecosystem may be the last home for Leopard which stated vulnerable (VU) by REDLIST of IUCN and may be the last home for other endangered (EN) species. Based on the analysis on the responses of 342 respondents concerning their willingness to pay for contribution, 202 of the (59,1%) were willing to pay while the rest 140 respondents (48,9%) refused to pay. The average value of willingness to pay obtained was 15.000 IDR (1 USD = 14.000 IDR per year 2016) paid to enjoy the beauty of Salak Resort II, HSNR. This value was higher than that of the ticket per ecotourism object charged by the management of the resort averaging 7.500 IDR. Based on respondents’ willingness to pay, the average of the willingness to pay to enjoy the Cigamea waterfall ecotourism object was 14.000 IDR. The Willingness to pay to get into Cigamea Waterfall was lower than that for entering Salak Resort II, HSNR. Visitors willingness to visit Cigamea Waterfall ecoturism object due to the existence of forest and some natural phenomena, river as ecological corridors of the area, easy access through trekking path corridors in the forest margin (edges) as well as the potential of the flora and the fauna. The potential value of Cigamea Waterfall was 3,66 (out of 1 to 7 scale of Guideline of Ministry of Forestry), that of the flora was 2,48, while value of the fauna was 3,29.  This also support claims toward a new paradigm of value that ecosystem is not only treated as supply depot of resources but also treated as oikos (home for us and other living organism).

scholarly journals DDoS Hazard and Precautionary Measures in Software Define Network

2019 ◽  
Vol 3 (1) ◽  
pp. 33-42
Author(s):  
Tanzeel Sultan Rana
Keyword(s):  
Threshold Value ◽  
Basic Mechanism ◽  
Emerging Technology ◽  
Cyber Attacks ◽  
Software Defined Network ◽  
Ddos Attack ◽  
Software Define Network ◽  
Precautionary Measures ◽  
Programming Interfaces

Software Defined Network is an emerging technology which is flourishing due to its diversity and by virtue of the fact that there are decoupled planes in this architecture which have some benefits as well as drawbacks, such as the execution of cyber attacks are easy at northbound and southbound interfaces and DDoS attack can easily be manipulated in this architecture. It has been identified that DDoS attack can be countered at northbound API so that appropriate decision about illegitimate traffic can be taken. Java has provided us with a very reliable support for three decades. Hence, all controls are governed by programming interfaces in this architecture with the help of this feature and according to the entropy of information which allows us to track the traffic and compare it with the threshold to identify the malware in the network. Floodlight controller is used in this paper to accommodate the illegitimate traffic. This paper allows the programmers to program such applications in Python or Java based on the basic mechanism of entropy which uses a threshold value from which DDoS attack can be countered, as we are well aware that a large number of systems are involved in producing illegitimate traffic on a network which creates distraction for the legitimate traffic.

The Implementation of DHCP Relay Using Pox Controller on Openflow Protocol

2018 ◽  
Vol 7 (2.29) ◽  
pp. 821 ◽  
Author(s):  
Eki Ahmad Zaki Hamidi ◽  
Mufid Ridlo Effendi ◽  
Nanang Ismail
Keyword(s):  
Network Design ◽  
Software Defined Network ◽  
New Paradigm ◽  
Pox Controller ◽  
Network Software

The fastest of development in a network which is longer more complex, it needed developing and managing efficiently. On a network which has more computer, it needed effectivity of regulation of IP with DHCP server, many more of a subnet, has become DHCP Relay to be a solution. DHCP relay or agent relay is a protocol Bootstrap which is DHCP asks to have a message between client and server for DHCP to the different network. Software Defined Network (SDN) offers a new paradigm in network design, manage, and implementation, especially to support a needed and innovation in this case, which is longer more complex.. 

Sign in / Sign up

Export Citation Format

Share Document