TY - JOUR
T1 - Software-defined DDoS Detection with Information Entropy Analysis and Optimized Deep Learning
AU - Liu, Ying
AU - Zhi, Ting
AU - Shen, Ming
AU - Wang, Lu
AU - Li, Yikun
AU - Wan, Ming
PY - 2022/4
Y1 - 2022/4
N2 - Software Defined Networking (SDN) decouples the control plane and the data plane and solves the difficulty of new services deployment. However, the threat of a single point of failure is also introduced at the same time. Attackers usually launch distributed denial of service (DDoS) attacks towards the controller through switches. However, it is difficult for the traditional DDoS detection methods to balance the relationship between accuracy and efficiency. Statistical analysis-based methods have low accuracy, while machine learning-based methods have low efficiency and high training cost. In this paper, a two-level DDoS attack detection method based on information entropy and deep learning is proposed. First, the information entropy detection mechanism detects suspicious components and ports in coarse granularity. Then, a fine-grained packet-based detection mechanism is executed by the convolutional neural network (CNN) model to distinguish normal traffic from suspicious traffic. Finally, the controller performs the defense strategy to intercept the attack. The experiment results indicate that the detection accuracy of the proposed method reaches 98.98%, which shows the potential of detecting DDoS attack traffic effectively in the SDN environment.
AB - Software Defined Networking (SDN) decouples the control plane and the data plane and solves the difficulty of new services deployment. However, the threat of a single point of failure is also introduced at the same time. Attackers usually launch distributed denial of service (DDoS) attacks towards the controller through switches. However, it is difficult for the traditional DDoS detection methods to balance the relationship between accuracy and efficiency. Statistical analysis-based methods have low accuracy, while machine learning-based methods have low efficiency and high training cost. In this paper, a two-level DDoS attack detection method based on information entropy and deep learning is proposed. First, the information entropy detection mechanism detects suspicious components and ports in coarse granularity. Then, a fine-grained packet-based detection mechanism is executed by the convolutional neural network (CNN) model to distinguish normal traffic from suspicious traffic. Finally, the controller performs the defense strategy to intercept the attack. The experiment results indicate that the detection accuracy of the proposed method reaches 98.98%, which shows the potential of detecting DDoS attack traffic effectively in the SDN environment.
KW - DDoS attack detection
KW - Deep learning
KW - Information entropy
KW - Software Defined Network
UR - http://www.scopus.com/inward/record.url?scp=85120887696&partnerID=8YFLogxK
U2 - 10.1016/j.future.2021.11.009
DO - 10.1016/j.future.2021.11.009
M3 - Journal article
SN - 0167-739X
VL - 129
SP - 99
EP - 114
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -