A DDoS attack detection method based on conditional entropy and decision tree in SDN

doi:10.11835/j.issn.1000.582X.2023.07.001

Home > Archive>Volume 46, Issue 7, 2023 >1-8. DOI:10.11835/j.issn.1000.582X.2023.07.001

A DDoS attack detection method based on conditional entropy and decision tree in SDN
DOI:
                        10.11835/j.issn.1000.582X.2023.07.001
                    
CSTR:
                        [cstr]
                    
Author:
                        FU YouFU You
College of Computer Science, Chongqing University, Chongqing 400044, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
ZOU DongshengZOU Dongsheng
College of Computer Science, Chongqing University, Chongqing 400044, P. R. China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:College of Computer Science, Chongqing University, Chongqing 400044, P. R. China
Clc Number:TP393
Fund Project:Supported by National Natural Science Foundation of China (61309013).

Article

Figures

Metrics

Reference [16]

Related [20]

Cited by

Materials

Comments

Abstract:

Software defined network (SDN), as a novel network architecture, introduces significant flexibility through the ideas including separation between forwarding and controlling and centralized control. It also facilitates the global awareness of the network status. Distributed denial of service (DDoS) is a typical attack method. This paper focuses on the problem DDoS attack detection in SDN and proposes a DDoS attack detection method based on conditional entropy and decision tree. The proposed method used conditional entropy to evaluate the current network status. It analyzed the characteristics of DDoS attacks in SDN and extracted six key features for traffic detection. The C4.5 decision tree algorithm was utilized to classify network traffic and achieved DDoS attack detection in SDN. Experimental results show that the method presented in this paper exhibits superior detection precision and recall to other research methods. Additionally, it can significantly reduce the detection time.

Key words:software defined network;distributed denial of service;conditional entropy;C4.5 decision tree

Reference

[1] Sezer S, Scott-Hayward S, Chouhan P K, et al. Are we ready for SDN? Implementation challenges for software-defined networks[J]. IEEE Communications Magazine, 2013, 51(7): 36-43.

[2] McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2): 69-74.

[3] Yan Q, Yu F R, Gong Q X, et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges[J]. IEEE Communications Surveys & Tutorials, 2016, 18(1): 602-622.

[4] Dhawan M, Poddar R, Mahajan K, et al. SPHINX: detecting security attacks in software-defined networks[C]//Proceedings 2015 Network and Distributed System Security Symposium. San Diego, CA. Reston, VA: Internet Society, 2015.

[5] Noh J, Lee S, Park J, et al. Vulnerabilities of network OS and mitigation with state-based permission system[J]. Security and Communication Networks, 2016, 9(13): 1971-1982.

[6] Yan Q, Yu F R. Distributed denial of service attacks in software-defined networking with cloud computing[J]. IEEE Communications Magazine, 2015, 53(4): 52-59.

[7] Tao Y, Yu S. DDoS attack detection at local area networks using information theoretical metrics[C]//2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. July 16-18, 2013, Melbourne, VIC, Australia. IEEE, 2013: 233-240.

[8] Yu S, Thapngam T, Liu J W, et al. Discriminating DDoS flows from flash crowds using information distance[C]//2009 Third International Conference on Network and System Security. October 19-21, 2009, Gold Coast, QLD, Australia. IEEE, 2009: 351-356.

[9] Bhatia P K, Singh S. On a new csiszar’s f-divergence measure[J]. Cybernetics and Information Technologies, 2013, 13(2): 43-57.

[10] Behal S, Kumar K. Detection of DDoS attacks and flash events using novel information theory metrics[J]. Computer Networks, 2017, 116: 96-110.

[11] Santos R, Souza D, Santo W, et al. Machine learning algorithms to detect DDoS attacks in SDN[J]. Concurrency and Computation: Practice and Experience, 2020, 32(16): e5402.

[12] Braga R, Mota E, Passito A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]//IEEE Local Computer Network Conference. October 10-14, 2010, Denver, CO, USA. IEEE, 2011: 408-415.

[13] Yang L F, Zhao H. DDoS attack identification and defense using SDN based on machine learning method[C]//2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN). October 16-18, 2018, Yichang, China. IEEE, 2019: 174-178.

[14] Liu Z P, He Y P, Wang W S, et al. DDoS attack detection scheme based on entropy and PSO-BP neural network in SDN[J]. China Communications, 2019, 16(7): 144-155.

[15] Borgnat P, Dewaele G, Fukuda K, et al. Seven years and one day: sketching the evolution of Internet traffic[C]//IEEE INFOCOM. April 19-25, 2009, Rio de Janeiro, Brazil. IEEE, 2009: 711-719.

[16] 田俊峰, 齐鎏岭. SDN中基于条件熵和GHSOM的DDoS攻击检测方法[J]. 通信学报, 2018, 39(8): 140-149.Tian J F, Qi L L. DDoS attack detection method based on conditional entropy and GHSOM in SDN[J]. Journal on Communications, 2018, 39(8): 140-149.(in Chinese)

Get Citation

傅友,邹东升.SDN中基于条件熵和决策树的DDoS攻击检测方法[J].重庆大学学报,2023,46(7):1~8

Copy

Article Metrics

Abstract:296
PDF: 598
HTML: 73
Cited by: 0

History

Received:March 12,2022
Revised:
Adopted:
Online: August 02,2023
Published:

Home

Get Citation

Share

Article Metrics

History

Article QR Code