Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks

Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main control is made unreachable for any reason, the architecture of the network is crashed. A distributed denial of service (DDoS) attack is a threat for the SDN controller which can make it unreachable. In the previous researches in DDoS detection in SDN, not enough work has been done on improvement of accuracy in detection. The proposed solution of this research can detect DDoS attack on SDN controller with a noticeable accuracy and prevents serious damage to the controller. For this purpose, fast entropy of each flow is computed at certain time intervals. Then, by the use of adaptive threshold, the possibility of a DDoS attack is investigated. In order to achieve more accuracy, another method, computing flow initiation rate, is used alongside. After observation of the results of this two methods, according to the described conditions, the existence of an attack is confirmed or rejected, or this decision is made at the next step of the algorithm, with further study of flow statistics of network switches by the perceptron neural network. The evaluation results show that the proposed algorithm has been able to make a significant improvement in detection rate and a reduction in false alarm rate compared to closest previous work, besides maintaining the average detection time on an acceptable level.