Issue

Vol. 5, No. 3, August 2020

SDN-Honeypot Integration for DDoS Detection Scheme Using Entropy

https://doi.org/10.22219/kinetik.v5i3.1058
Irmawati Feren Kilwalaga
Universitas Muhammadiyah Malang
Fauzi Dwi Setiawan Sumadi
Universitas Muhammadiyah Malang
Syaifuddin Syaifuddin
Universitas Muhammadiyah Malang

Corresponding Author(s) : Fauzi Dwi Setiawan Sumadi

fauzisumadi@umm.ac.id

Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, Vol. 5, No. 3, August 2020

Abstract

Limitations on traditional networks contributed to the development of a new paradigm called Software Defined Network (SDN). The separation of control and data plane provides an advantage as well as a security gap on the SDN network because all controls are centralized on the controller so when the compilation of attacks are directed the controller, the controller will be overburdened and eventually dropped. One of the attacks that can be used is the DDoS attack - ICMP Flood. ICMP Flood is an attack intended to overwhelm the target with a large number of ICMP requests. To overcome this problem, this paper proposes detection and mitigation using the Modern Honey Network (MHN) integration in SDN and then makes reactive applications outside the controller using the entropy method. Entropy is a statistical method used to calculate the randomness level of an incoming packet and use header information as a reference for its calculation. In this study, the variables used are the source of IP, the destination of IP and protocol. The results show that detection and mitigation were successfully carried out with an average value of entropy around 10.830. Moreover, CPU usage either in normal packet delivery or attacks showed insignificant impact from the use of entropy. In addition, it can be concluded that the best data collected in 30 seconds in term of the promptness of mitigation flow installation.

Keywords

SDN DDoS MHN Entropy Detection
Kilwalaga, I. F., Sumadi, F. D. S., & Syaifuddin, S. (2020). SDN-Honeypot Integration for DDoS Detection Scheme Using Entropy. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 5(3), 187-194. https://doi.org/10.22219/kinetik.v5i3.1058
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX
References
  1. Collaguazo Jaramillo, A., Alcivar, R., Pesantez, J., & Ponguillo, R. (2019). Cost Effective test-bed for Comparison of SDN Network and Traditional Network. 2018 IEEE 37th International Performance Computing and Communications Conference, IPCCC 2018, 1–2. https://doi.org/10.1109/PCCC.2018.8711223
  2. Sumadi, F., & Chandranegara, D. (2018). Controller Based Proxy for Handling NDP in OpenFlow Network. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 4(1), 55-62. doi:https://doi.org/10.22219/kinetik.v4i1.720
  3. Deepa, V., Sudar, K. M., & Deepalakshmi, P. (2019). Detection of DDoS Attack on SDN Control plane using Hybrid Machine Learning Techniques. 2018 International Conference on Smart Systems and Inventive Technology (ICSSIT), Icssit, 299–303. https://doi.org/10.1109/icssit.2018.8748836
  4. Thomas, R. M., & James, D. (2018). DDOS detection and denial using third party application in SDN. 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing, ICECDS 2017, 3892–3897. https://doi.org/10.1109/ICECDS.2017.8390193
  5. Yan, R., Xu, G., & Qin, X. J. (2017). Detect and identify DDoS attacks from flash crowd based on self-similarity and Renyi entropy. Proceedings - 2017 Chinese Automation Congress, CAC 2017, 2017-January, 7188–7194. https://doi.org/10.1109/CAC.2017.8244075
  6. Koay, A., Chen A., Welch I., &nK.G. Seah W. (2018). A New Multi Classifier System using Entropy-based Features in DDoS Attack Detection. (n.d.). http://10.1109/ICOIN.2018.8343104
  7. Daneshgadeh, S., Ahmed, T., Kemmerich, T., & Baykal, N. (2019). Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance. Proceedings of the 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2019, 222–229. https://doi.org/10.1109/ICIN.2019.8685891
  8. Zhang, N., Jaafar, F., & Malik, Y. (2019). Low-Rate DoS Attack Detection Using PSD Based Entropy and Machine Learning. Proceedings - 6th IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2019 and 5th IEEE International Conference on Edge Computing and Scalable Cloud, EdgeCom 2019, 59–62. https://doi.org/10.1109/CSCloud/EdgeCom.2019.00020
  9. Dharma, N. I. G., Muthohar, M. F., Prayuda, J. D. A., Priagung, K., & Choi, D. (2015). Time-based DDoS detection and mitigation for SDN controller. 17th Asia-Pacific Network Operations and Management Symposium: Managing a Very Connected World, APNOMS 2015, 550–553. https://doi.org/10.1109/APNOMS.2015.7275389
  10. Mousavi, S. M., & St-Hilaire, M. (2015). Early detection of DDoS attacks against SDN controllers. 2015 International Conference on Computing, Networking and Communications, ICNC 2015, 77–81. https://doi.org/10.1109/ICCNC.2015.7069319
  11. Dave, M. (2019). Defending DDoS against Software Defined Networks using Entropy. 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), 1–5. https://doi.org/10.1109/IoT-SIU.2019.8777688
  12. Wafi, H., Fiade, A., Hakiem, N., & Bahaweres, R. B. (2017). Implementation of a modern security systems honeypot Honey Network on wireless networks. Proceedings - 2017 International Young Engineers Forum, YEF-ECE 2017, November, 91–96. https://doi.org/10.1109/YEF-ECE.2017.7935647
  13. Divyasree I R., Selvamani K. (2018). Detection of High-Rate Distributed Denial of Service Attack using Entropy Metrics in Cloud Computing Environment. (n.d.). 53–59. https://csce.ucmss.com/cr/books/2018/LFS/CSREA2018/GCC4077.pdf
  14. Sahoo, K. S. (2017). Detection of Control Layer DDoS Attack using Entropy metrics in SDN : An Empirical Investigation. 2017 Ninth International Conference on Advanced Computing (ICoAC), 281–286. https://doi.org/10.1109/ICoAC.2017.8441392
  15. Bhagat, N., & Arora, B. (2018). Intrusion detection using honeypots. PDGC 2018 - 2018 5th International Conference on Parallel, Distributed and Grid Computing, 412–417. https://doi.org/10.1109/PDGC.2018.8745761
  16. Pandire, P. A., & Gaikwad, V. B. (2018). Attack Detection in Cloud Virtual Environment and Prevention Using Honeypot. Proceedings of the International Conference on Inventive Research in Computing Applications, ICIRCA 2018, Icirca, 515–520. https://doi.org/10.1109/ICIRCA.2018.8597359
  17. Agrawal, N., & Tapaswi, S. (2017). The Performance Analysis of Honeypot Based Intrusion Detection System for Wireless Network. International Journal of Wireless Information Networks, 24(1), 14–26. https://doi.org/10.1007/s10776-016-0330-3
  18. Ahalawat, A., Dash, S. S., Panda, A., & Babu, K. S. (2019). Entropy Based DDoS Detection and Mitigation in OpenFlow Enabled SDN. Proceedings - International Conference on Vision Towards Emerging Trends in Communication and Networking, ViTECoN 2019, 1–5. https://doi.org/10.1109/ViTECoN.2019.8899721
  19. Rebecchi, F., Boite, J., Nardin, P. A., Bouet, M., & Conan, V. (2019). DDoS protection with stateful software-defined networking. International Journal of Network Management, 29(1), 1–19. https://doi.org/10.1002/nem.2042
  20. RYU. (Online). Available: https://osrg.github.io/ryu/
  21. Mikrotik. (Online). Available: https://mikrotik.com/
  22. Scapy. (Online). Available: https://scapy.net/
  23. TCPreplay. (Online). Available: https://tcpreplay.appneta.com/
  24. Suricata. (Online). Available: https://github.com/pwnlandia/mhn/wiki/Suricata-Sensor
  25. Wang, R., Jia, Z., & Ju, L. (2015). An entropy-based distributed DDoS detection mechanism in software-defined networking. Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, 1, 310–317. https://doi.org/10.1109/Trustcom.2015.389
  26. Oshima, S., Nakashima, T., & Sueyoshi, T. (2010). Early DoS/DDoS detection method using short-term statistics. CISIS 2010 - The 4th International Conference on Complex, Intelligent and Software Intensive Systems, 168–173. https://doi.org/10.1109/CISIS.2010.53
  27. Kalkan, K., Altay, L., Gür, G., & Alagöz, F. (2018). JESS: Joint Entropy-Based DDoS Defense Scheme in SDN. IEEE Journal on Selected Areas in Communications, 36(10), 2358–2372. https://doi.org/10.1109/JSAC.2018.2869997
Read More
Author biographies is not available.
Download this PDF file
PDF
Statistic
Read Counter : 878 Download : 357

Downloads

Download data is not yet available.