Entropy-Based DoS Attack Identification in SDN

Software Defined Networks (SDN) represent a new network architecture that provides central control over the network. The main innovation behind an SDN network is that it decouples the data plane from the control plane, which defines a network programmable environment. In the control plane, the controller supports the execution of services that define the control policies and distributes these rules to the data plane through a standard protocol, such as OpenFlow. Despite the numerous benefits provided by this architecture, the security of an SDN network is still a matter of concern since the aforementioned decoupling increase the attack surface in the network. In fact, Denial of Service (DoS) attacks are the ones that challenge the SDN environments in many aspects, mainly due to vulnerabilities between the control and the data plane layers. Entropy-based DoS detection method is a technique widely used in conventional network architecture. This paper proposes the use of entropy in an SDN environment, through of the OpenFlow switches statistics, to build a mechanism that monitor the network and is able to differentiate DoS traffic from the benign traffic. Experimental results show the practical feasibility of the proposed solution.