Keywords
How to Cite
Abstract
While Software-Defined Networking (SDN) offers flexibility by decoupling control and data planes, architectural centralization increases vulnerability to Distributed Denial of Service (DDoS) attacks targeting the core controller. This study evaluates a Shannon entropy-based dynamic filtering model for real-time anomaly isolation within OpenFlow-based SDNs. Simulations utilizing Mininet and the Ryu controller demonstrated that the system identifies anomalous flows in under 12 milliseconds. The algorithmic intervention reduced controller CPU utilization from 98% to 42%, preserving legitimate throughput at 91.5%. Transitioning to dynamic reactionary algorithms represents a fundamental strategic solution for ensuring centralized network continuity.
References
1. McKeown N, et al. OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM. 2008;38(2):69-74.
2. Kreutz D, et al. Software-Defined Networking: A comprehensive survey. Proceedings of the IEEE. 2015;103(1):14-76.
3. Ahmad I, et al. Security in Software Defined Networks: A survey. IEEE Communications Surveys & Tutorials. 2015;17(4):2317-2346.
4. Bawany NZ, et al. DDoS attack detection and mitigation using SDN. Arabian Journal for Science and Engineering. 2017;42(2):425-441.
5. Wang R, et al. An entropy-based distributed DDoS detection mechanism in SDN. IEEE Trustcom. 2015;1:310-317.
6. Yan Q, et al. SDN and DDoS attacks in cloud computing environments. IEEE Communications Surveys & Tutorials. 2016;18(1):602-622.
7. Mousavi SM, St-Hilaire M. Early detection of DDoS attacks against SDN controllers. ICNC. 2015;1:77-81.
8. Cui N, et al. Intrusion detection system based on dynamic flow feature extraction in SDN. Journal of Network and Computer Applications. 2020;151:102500.