An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics

Kshira Sagar Sahoo, Deepak Puthal, Mayank Tiwary, Joel J.P.C. Rodrigues, Bibhudatta Sahoo, Ratnakar Dash

Research output: Contribution to journalArticlepeer-review

142 Scopus citations


The primary innovations behind Software Defined Networks (SDN) are the decoupling of the control plane from the data plane and centralizing the network management through a specialized application running on the controller. In spite of many advantages, SDN based data centers’ security issues is still a matter of concern among the research communities. Although SDN becomes a valuable tool to defeat attackers, at the same time SDN itself becomes a victim of Distributed Denial-of-Service (DDoS) attacks due to the potential vulnerabilities exist across various SDN layer. The logically centralized controller is always an attractive target for DDoS attack. Hence, it is important to have a fast as well as accurate detection model to detect the control layer attack traffic at an early stage. We have employed information distance (ID) as a metric to detect the attack traffic at the controller. The ID metric can quantify the deviations of network traffic with different probability distributions. In this paper, taking the advantages of flow based nature of SDN, we proposed a Generalized Entropy (GE) based metric to detect the low rate DDoS attack to the control layer. The experimental results show that our detection mechanism improves the detection accuracy as compared to Shannon entropy and other statistical information distance metrics.

Original languageBritish English
Pages (from-to)685-697
Number of pages13
JournalFuture Generation Computer Systems
StatePublished - Dec 2018


  • Controller
  • DDoS attack
  • Generalized entropy
  • Information distance
  • SDN


Dive into the research topics of 'An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics'. Together they form a unique fingerprint.

Cite this