The Security Mechanism Based on the Entropy and Hurst Exponent Analysis to Detect DDoS Attack in SDN

• Main Authors: Te-Yuan Wang, 汪得源
• Other Authors: Woei Lin
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/cgi-bin/gs32/gsweb.cgi/login?o=dnclcdr&s=id=%22107NCHU5394030%22.&searchmode=basic

碩士 === 國立中興大學 === 資訊科學與工程學系所 === 107 === The Software Defined Networking（SDN）is a novel network architecture. The main feature of the SDN network architecture is separating the network layer into Control Plane and Data Plane. The network switch is only responsible for transmit and receive data. The controller implements the programmable ability of network logic to achieve the goal of centralized control. The communication mechanism between the SDN controller and switches is vulnerable to the DDoS attacks. To solve this problem, we propose a DDoS attack detection method based on the Hurst exponent variation and Renyi entropy. When the variation between the Hurst exponent and Renyi entropy one exceed the detection threshold, we assume DDoS attack happens. There are many controllers supported the SDN network. Opendaylight uses OSGi architecture. The kernel is the bundles running on the OSGi Framework implements the Model-Driven Service Abstraction Layer of Opendaylight. The MD-SAL allows developers uses YANG language defined model to build the application interface, control the communication between the modules, data access and remote procedure call. We developed the application to detect and defense DDoS attacks based on Hurst exponent and Renyi entropy. After we deployed the modules on the Opendaylight controller, the accuracy of detection is around 95% when the attack occurs.