Software-defined DDoS detection with information entropy analysis and optimized deep learning

Software Defined Networking (SDN) decouples the control plane and the data plane and solves the difficulty of new services deployment. However, the threat of a single point of failure is also introduced at the same time. Attackers usually launch distributed denial of service (DDoS) attacks towards the controller through switches. However, it is difficult for the traditional DDoS detection methods to balance the relationship between accuracy and efficiency. Statistical analysis-based methods have low accuracy, while machine learning-based methods have low efficiency and high training cost. In this paper, a two-level DDoS attack detection method based on information entropy and deep learning is proposed. First, the information entropy detection mechanism detects suspicious components and ports in coarse granularity. Then, a fine-grained packet-based detection mechanism is executed by the convolutional neural network (CNN) model to distinguish normal traffic from suspicious traffic. Finally, the controller performs the defense strategy to intercept the attack. The experiment results indicate that the detection accuracy of the proposed method reaches 98.98%, which shows the potential of detecting DDoS attack traffic effectively in the SDN environment.