标题：An entropy-based distributed DDoS detection mechanism in software-defined networking
作者：Wang, Rui ;Jia, Zhiping ;Ju, Lei
作者机构：[Wang, Rui ;Jia, Zhiping ;Ju, Lei ] School of Computer Science and Technology, Shandong University, Jinan, China
会议名称：14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
会议日期：20 August 2015 through 22 August 2015
来源：Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015
关键词：DDoS; Entropy; OpenFlow; SDN
摘要：Software-Defined Networking (SDN) and OpenFlow (OF) protocol have brought a promising architecture for the future networks. However, the centralized control and programmable characteristics also bring a lot of security challenges. Distributed denial-of-service (DDoS) attack is still a security threat to SDN. To detect the DDoS attack in SDN, many researches collect the flow tables from the switch and do the anomaly detection in the controller. But in the large scale network, the collecting process burdens the communication overload between the switches and the controller. Sampling technology may relieve this overload, but it brings a new tradeoff between sampling rate and detection accuracy. In this paper, we first extend a copy of the packet number counter of the flow entry in the OpenFlow table. Based on the flow-based nature of SDN, we design a flow statistics process in the switch. Then, we propose an entropy-based lightweight DDoS flooding attack detection model running in the OF edge switch. This achieves a distributed anomaly detection in SDN and reduces the flow collection overload to the controller. We also give the detailed algorithm which has a small calculation overload and can be easily implemented in SDN software or programmable switch, such as Open vSwitch and NetFPGA. The experimental results show that our detection mechanism can detect the attack quickly and achieve a high detection accuracy with a low false positive rate. © 2015 IEEE.