A DDoS attack detection method based on conditional entropy and decision tree in SDN
Article
Figures
Metrics
Preview PDF
Reference
Related
Cited by
Materials
Abstract:
Software defined network (SDN), as a novel network architecture, introduces significant flexibility through the ideas including separation between forwarding and controlling and centralized control. It also facilitates the global awareness of the network status. Distributed denial of service (DDoS) is a typical attack method. This paper focuses on the problem DDoS attack detection in SDN and proposes a DDoS attack detection method based on conditional entropy and decision tree. The proposed method used conditional entropy to evaluate the current network status. It analyzed the characteristics of DDoS attacks in SDN and extracted six key features for traffic detection. The C4.5 decision tree algorithm was utilized to classify network traffic and achieved DDoS attack detection in SDN. Experimental results show that the method presented in this paper exhibits superior detection precision and recall to other research methods. Additionally, it can significantly reduce the detection time.
Keywords:
Project Supported:
Supported by National Natural Science Foundation of China (61309013).
