SDN-Honeypot Integration for DDoS Detection Scheme Using Entropy
Abstract views: 157

SDN-Honeypot Integration for DDoS Detection Scheme Using Entropy

Irmawati Feren Kilwalaga, Fauzi Dwi Setiawan Sumadi, Syaifuddin Syaifuddin

Abstract

Limitations on traditional networks contributed to the development of a new paradigm called Software Defined Network (SDN). The separation of control and data plane provides an advantage as well as a security gap on the SDN network because all controls are centralized on the controller so when the compilation of attacks are directed the controller, the controller will be overburdened and eventually dropped. One of the attacks that can be used is the DDoS attack - ICMP Flood. ICMP Flood is an attack intended to overwhelm the target with a large number of ICMP requests. To overcome this problem, this paper proposes detection and mitigation using the Modern Honey Network (MHN) integration in SDN and then makes reactive applications outside the controller using the entropy method. Entropy is a statistical method used to calculate the randomness level of an incoming packet and use header information as a reference for its calculation. In this study, the variables used are the source of IP, the destination of IP and protocol. The results show that detection and mitigation were successfully carried out with an average value of entropy around 10.830. Moreover, CPU usage either in normal packet delivery or attacks showed insignificant impact from the use of entropy. In addition, it can be concluded that the best data collected in 30 seconds in term of the promptness of mitigation flow installation.

Keywords

SDN, DDoS, MHN, Entropy, Detection

Full Text:

PDF

References

[1] Collaguazo Jaramillo, A., Alcivar, R., Pesantez, J., & Ponguillo, R. (2019). Cost Effective test-bed for Comparison of SDN Network and Traditional Network. 2018 IEEE 37th International Performance Computing and Communications Conference, IPCCC 2018, 1–2. https://doi.org/10.1109/PCCC.2018.8711223

[2] Sumadi, F., & Chandranegara, D. (2018). Controller Based Proxy for Handling NDP in OpenFlow Network. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 4(1), 55-62. doi:https://doi.org/10.22219/kinetik.v4i1.720

[3] Deepa, V., Sudar, K. M., & Deepalakshmi, P. (2019). Detection of DDoS Attack on SDN Control plane using Hybrid Machine Learning Techniques. 2018 International Conference on Smart Systems and Inventive Technology (ICSSIT), Icssit, 299–303. https://doi.org/10.1109/icssit.2018.8748836

[4] Thomas, R. M., & James, D. (2018). DDOS detection and denial using third party application in SDN. 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing, ICECDS 2017, 3892–3897. https://doi.org/10.1109/ICECDS.2017.8390193

[5] Yan, R., Xu, G., & Qin, X. J. (2017). Detect and identify DDoS attacks from flash crowd based on self-similarity and Renyi entropy. Proceedings - 2017 Chinese Automation Congress, CAC 2017, 2017-January, 7188–7194. https://doi.org/10.1109/CAC.2017.8244075

[6] Koay, A., Chen A., Welch I., &nK.G. Seah W. (2018). A New Multi Classifier System using Entropy-based Features in DDoS Attack Detection. (n.d.). http://10.1109/ICOIN.2018.8343104

[7] Daneshgadeh, S., Ahmed, T., Kemmerich, T., & Baykal, N. (2019). Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance. Proceedings of the 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2019, 222–229. https://doi.org/10.1109/ICIN.2019.8685891

[8] Zhang, N., Jaafar, F., & Malik, Y. (2019). Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning. Proceedings - 6th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2019 and 5th IEEE International Conference on Edge Computing and Scalable Cloud, EdgeCom 2019, 59–62. https://doi.org/10.1109/CSCloud/EdgeCom.2019.00020

[9] Dharma, N. I. G., Muthohar, M. F., Prayuda, J. D. A., Priagung, K., & Choi, D. (2015). Time-based DDoS detection and mitigation for SDN controller. 17th Asia-Pacific Network Operations and Management Symposium: Managing a Very Connected World, APNOMS 2015, 550–553. https://doi.org/10.1109/APNOMS.2015.7275389

[10] Mousavi, S. M., & St-Hilaire, M. (2015). Early detection of DDoS attacks against SDN controllers. 2015 International Conference on Computing, Networking and Communications, ICNC 2015, 77–81. https://doi.org/10.1109/ICCNC.2015.7069319

[11] Dave, M. (2019). Defending DDoS against Software Defined Networks using Entropy. 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), 1–5. https://doi.org/10.1109/IoT-SIU.2019.8777688

[12] Wafi, H., Fiade, A., Hakiem, N., & Bahaweres, R. B. (2017). Implementation of a modern security systems honeypot Honey Network on wireless networks. Proceedings - 2017 International Young Engineers Forum, YEF-ECE 2017, November, 91–96. https://doi.org/10.1109/YEF-ECE.2017.7935647

[13] Divyasree I R., Selvamani K. (2018). Detection of High-Rate Distributed Denial of Service Attack using Entropy Metrics in Cloud Computing Environment. (n.d.). 53–59. https://csce.ucmss.com/cr/books/2018/LFS/CSREA2018/GCC4077.pdf

[14] Sahoo, K. S. (2017). Detection of Control Layer DDoS Attack using Entropy metrics in SDN : An Empirical Investigation. 2017 Ninth International Conference on Advanced Computing (ICoAC), 281–286. https://doi.org/10.1109/ICoAC.2017.8441392

[15] Bhagat, N., & Arora, B. (2018). Intrusion detection using honeypots. PDGC 2018 - 2018 5th International Conference on Parallel, Distributed and Grid Computing, 412–417. https://doi.org/10.1109/PDGC.2018.8745761

[16] Pandire, P. A., & Gaikwad, V. B. (2018). Attack Detection in Cloud Virtual Environment and Prevention Using Honeypot. Proceedings of the International Conference on Inventive Research in Computing Applications, ICIRCA 2018, Icirca, 515–520. https://doi.org/10.1109/ICIRCA.2018.8597359

[17] Agrawal, N., & Tapaswi, S. (2017). The Performance Analysis of Honeypot Based Intrusion Detection System for Wireless Network. International Journal of Wireless Information Networks, 24(1), 14–26. https://doi.org/10.1007/s10776-016-0330-3

[18] Ahalawat, A., Dash, S. S., Panda, A., & Babu, K. S. (2019). Entropy Based DDoS Detection and Mitigation in OpenFlow Enabled SDN. Proceedings - International Conference on Vision Towards Emerging Trends in Communication and Networking, ViTECoN 2019, 1–5. https://doi.org/10.1109/ViTECoN.2019.8899721

[19] Rebecchi, F., Boite, J., Nardin, P. A., Bouet, M., & Conan, V. (2019). DDoS protection with stateful software-defined networking. International Journal of Network Management, 29(1), 1–19. https://doi.org/10.1002/nem.2042

[20] RYU. (Online). Available: https://osrg.github.io/ryu/

[21] Mikrotik. (Online). Available: https://mikrotik.com/

[22] Scapy. (Online). Available: https://scapy.net/

[23] TCPreplay. (Online). Available: https://tcpreplay.appneta.com/

[24] Suricata. (Online). Available: https://github.com/pwnlandia/mhn/wiki/Suricata-Sensor

[25] Wang, R., Jia, Z., & Ju, L. (2015). An entropy-based distributed DDoS detection mechanism in software-defined networking. Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, 1, 310–317. https://doi.org/10.1109/Trustcom.2015.389

[26] Oshima, S., Nakashima, T., & Sueyoshi, T. (2010). Early DoS/DDoS detection method using short-term statistics. CISIS 2010 - The 4th International Conference on Complex, Intelligent and Software Intensive Systems, 168–173. https://doi.org/10.1109/CISIS.2010.53

[27] Kalkan, K., Altay, L., Gür, G., & Alagöz, F. (2018). JESS: Joint Entropy-Based DDoS Defense Scheme in SDN. IEEE Journal on Selected Areas in Communications, 36(10), 2358–2372. https://doi.org/10.1109/JSAC.2018.2869997

Refbacks

  • There are currently no refbacks.

Indexed by: 

    

Referencing Software:

Checked by:

Supervised by:

Statistic:

View My Stats


Creative Commons License Kinetik : Game Technology, Information System, Computer Network, Computing, Electronics, and Control by http://kinetik.umm.ac.id is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.