An Effective Probabilistic Technique for DDoS Detection in OpenFlow Controller

Distributed denial of service (DDoS) attacks have always been a nightmare for network infrastructure for the last two decades. Existing network infrastructure is lacking in identifying and mitigating the attack due to its inflexible nature. Currently, software-defined networking (SDN) is more popular due to its ability to monitor and dynamically configure network devices based on the global view of the network. In SDN, the control layer is accountable for forming all decisions in the network and data plane for just forwarding the message packets. The unique property of SDN has brought a lot of excitement to network security researchers for preventing DDoS attacks. In this article, for the identification of DDoS attacks in the OpenFlow controller, a probabilistic technique with a central limit theorem has been utilized. This method primarily detects resource depletion attacks, for which the DARPA dataset is used to train the probabilistic model. In different attack scenarios, the probabilistic approach outperforms the entropy-based method in terms of false negative rate (FNR). The emulation results demonstrate the efficacy of the approach, by reducing the FNR by 98% compared to 78% in the existing entropy mechanism, at 50% attack rate.