Entropy Based Features Distribution for Anti-DDoS Model in SDN

Raja Majid Ali Ujjan, Zeeshan Pervez, Keshav Dahal, Wajahat Ali Khan, Asad Masood Khattak and Bashir Hayat
Additional contact information
Raja Majid Ali Ujjan: School of Computing, Engineering and Physical Sciences, University of the West of Scotland, Paisley PA1 2BE, UK
Zeeshan Pervez: School of Computing, Engineering and Physical Sciences, University of the West of Scotland, Paisley PA1 2BE, UK
Keshav Dahal: School of Computing, Engineering and Physical Sciences, University of the West of Scotland, Paisley PA1 2BE, UK
Wajahat Ali Khan: College of Engineering and Technology, University of Derby, Derby DE22 3AW, UK
Asad Masood Khattak: College of Technological Innovation, Zayed University, P.O. Box 144534, Abu Dhabi, United Arab Emirates
Bashir Hayat: Institute of Management Sciences, Peshawar 54600, Pakistan

Sustainability, 2021, vol. 13, issue 3, 1-27

Abstract: In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%.

Keywords: distributed denial of service (DDoS); entropy; software defined network (SDN); intrusion detection system (search for similar items in EconPapers)
JEL-codes: O13 Q Q0 Q2 Q3 Q5 Q56 (search for similar items in EconPapers)
Date: 2021
References: View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://www.mdpi.com/2071-1050/13/3/1522/pdf (application/pdf)
https://www.mdpi.com/2071-1050/13/3/1522/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jsusta:v:13:y:2021:i:3:p:1522-:d:491171

Access Statistics for this article

Sustainability is currently edited by Ms. Alexandra Wu

More articles in Sustainability from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().