Entropy Based Features Distribution for Anti-DDoS Model in SDN
Journal article
Authors | Raja Majid Ali Ujjan, Zeeshan Pervez, Keshav Dahal, Wajahat Ali Khan, Asad Masood Khattak and Bashir Hayat |
---|---|
Abstract | In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%. |
Keywords | distributed denial of service (DDoS); software defined network (SDN); entropy ; intrusion detection system |
Year | 2021 |
Journal | Sustainability |
Journal citation | 13 (3), pp. 1-27 |
Publisher | MDPI |
ISSN | 2071-1050 |
Digital Object Identifier (DOI) | https://doi.org/10.3390/su13031522 |
Web address (URL) | https://doi.org/10.3390/su13031522 |
Output status | Published |
Publication dates | 01 Feb 2021 |
Publication process dates | |
Deposited | 24 Apr 2023 |
https://repository.derby.ac.uk/item/9y465/entropy-based-features-distribution-for-anti-ddos-model-in-sdn
106
total views0
total downloads0
views this month0
downloads this month