search

aswanthpp / Analysis-of-DDoS-Attacks-in-SDN-Environments

Analysis of DDoS attack in SDN Environments using miniedit and pox controller
51 stars 25 forks source link
ddos-attack ddos-detection python sdn-environments

readme

Analysis of DDoS Attacks in SDN Environments

Course : Internet Technology and Applications

Course code : CO368

Overview :

SDN :

Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications. This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services.


SDN Architecture

DDoS :

A Denial-of-Service (DoS) attack is a cyber-attack where the attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. This is typically accomplished by flooding the target with superfluous requests in an attempt to overload systems. In a Distributed Denial-of-Service (DDoS) attack, the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source. We have implemented two methods to detect DDoS attack in SDN environments

  1. Sample Entropy Sample Entropy is a method used to detect DDoS attacks in SDN. There are two essential components to DDoS detection using entropy: window size and a threshold. Window size is either based on a time period or number of packets. Entropy is calculated within this window to measure uncertainty in the coming packets. To detect an attack, a threshold is needed. If the calculated entropy passes a threshold or is below it, depending on the scheme, an attack is detected.
  2. Prinicple Component Analysis It is a mathematical procedure that transforms a number of (possibly) correlated variables into a (smaller) number of uncorrelated variables called principal components. The first principal component accounts for as much of the variability in the data as possible, and each succeeding component accounts for as much of the remaining variability as possible.

Steps to Reproduce :

Steps to reproduce along with the packages needed can be found here

Reference

  1. A Novel DDoS Attacks Detection Scheme for SDN Environments

    Conclusion :

Results and conclusions along with output are included in report

Team :

Aswanth P P (15CO112)
Mohammed Ameen (15CO131)
Joe Antony (15CO220)