Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller

Software defined networks (SDNs) in a combination of cloud computing are the best amalgamation for the researchers and industry. Though, these unique networking paradigms have been accepted world widely, they are hampered by various security threats. Among all the threats, the attack, Distributed Denial-of-Service (DDoS) is the most severe attack into the SDN-Cloud. In spite of, so many developments in tools and technology, it is still hard to detect the DDoS attack. Therefore, till now there is no efficient solution to cope up with this problem. In our research work, we proposed a defensive mechanism for DDoS attacks that is based on variations in entropy between DDoS attack and a normal traffic with a low computational overhead. We also proposed a mitigation technique to reduce the severity of the attack. On comparing with the existing DDoS mechanisms, our proposed method holds three advantages as (i) detection rate is high, (ii) false positive rate is low and (iii) the mitigation ability. Simulations are carried out in mininet emulator with POX controller and open flow switches at different attack strength. Our proposed mechanism has achieved a high detection rate with 98.2% over variable attack rate along with 0.04% false positive rate.