Research Article
An Entropy-Based DDoS Defense Mechanism in Software Defined Networks
@INPROCEEDINGS{10.1007/978-3-319-66625-9_17, author={Yajie Jiang and Xiaoning Zhang and Quan Zhou and Zijing Cheng}, title={An Entropy-Based DDoS Defense Mechanism in Software Defined Networks}, proceedings={Communications and Networking. 11th EAI International Conference, ChinaCom 2016, Chongqing, China, September 24-26, 2016, Proceedings, Part I}, proceedings_a={CHINACOM}, year={2017}, month={10}, keywords={DDoS defense Flash crowd SDN Entropy}, doi={10.1007/978-3-319-66625-9_17} }- Yajie Jiang
Xiaoning Zhang
Quan Zhou
Zijing Cheng
Year: 2017
An Entropy-Based DDoS Defense Mechanism in Software Defined Networks
CHINACOM
Springer
DOI: 10.1007/978-3-319-66625-9_17
Abstract
The issue on defensing against Distributed Denial of Service (DDoS) attacks in Software Defined Networks (SDN) has been highly concerned by academe and industry. The existing studies cannot eliminate the false positives by using the simple classification algorithms. In this paper, we analyze the essential difference between DDoS attacks and flash crowds which causes some similar consequences to DDoS. Accordingly we design a novel effective Entropy-based DDoS Defense Mechanism (EDDM) running on the SDN controller, which including a two-stage DDoS detection method. Compared with the existing works, the EDDM avoids the dropping of legitimate packets and minimizes the losses of legitimate users. Simulations demonstrate that the EDDM can distinguish the DDoS attacks from flash crowds, find the locations of bots, and block attack packets at source effectively.