Abstract

The OpenFlow based Software Defined networks (SDN) is a new network architecture has gained much popularity in these days. Although the centralized control of SDN provides an enormous benefit, there are still a lot of security challenges are in control plane. As Distributed Denial of Services (DDoS) attack is one of the main security threat to the Internet, the goal of this paper is to detect the attack at the control layer by using the flow table information of the OpenFlow switches. The controller is the separate entity of SDN if it is made unreachable by a DDoS attack the entire architecture become defunct. In the current high-speed network scenario, discriminating a high-rate DDoS traffic from the flash events(FE) is a relatively more challenging task. The characteristics of the high-rate DDoS traffic are nearly similar to the legitimate FE traffic. Hence, in this work for detection purpose, we have used information theory based metrics such as General Entropy(GE) and Generalized Information Distance (GID). We evaluate the effectiveness of these metrics with Shannon entropy and Kullberg-Leibler divergence. The extensive simulation result shows that the considered metrics outperforms the other metrics with reduced false positives.