Software Defined Networks (SDN) is a new network architecture that provides central
control over the network. This control works as if it is an operating system that can
send instructions and apply changes through its interface. This operating system is
called the controller. Although central control is the major advantage of SDN, it is
also a single point of failure if it is made unreachable by a Distributed Denial of
Service Attack (DDoS).
Two main objectives of this study are utilizing the central control of SDN for attack
detection and, proposing a solution that is effective and
lightweight in terms of the
resources that it uses.
This research shows how DDoS attacks can exhaust controller resources and provides
a solution to detect such attacks based on entropy variation of destination IP address.
This method is able to detect DDoS within the first five hundred packets of the attack