DDoS ATTACKS AND ITS

DETECTION

Name of presenter(s)
Name of Guide
Ms. Shifaly Sharma Sonam Salaria (421)
Nishita Goyal (406)
Sakshi Arora (359)
Pooja Goyal (356)
 D Denial of Service Attacks
 DDOS is an attempt to make an online service
unavailable by overwhelming it with traffic from
multiple sources.
 Volumetric attacks that rely on a large volume of
network layer packets to exhaust the network
bandwidth of the server
 The distinction between a DoS attack and a
Distributed DoS (DDoS) attack is in the number of
attackers involved.
 Types of Detection Techniques

Detection
Techniques

Statistic Machine
Rule Based
Based Learning

★ NOTE: They also utilize legitimate application layer requests, which

makes it difficult for existing defense mechanisms to detect them.
Architecture of SDN IOT
Architecture of SDN IOT
 Our Objective
 To implement an Entropy-based
detection algorithm for DDoS attacks in
SDN networks using POX controller.
 To improve the network security, and to
test the performance of this algorithm
using POX controller in different
topologies.
 Working Of DDOS
DDoS Attacker: sends attack packet

SD-IoT Switch: attack packet is generated by attack script

If no corresponding match in the flow table

Header encapsulated in a packet–in message

Controller in controller pool

New flow table generated and issued to IoT switch

 Entropy Detection Algorithm
Calculation of entropy of a new packet based on
window size WHY?

Drop in values when large no. of packets attack

on one host

Controller collects statistics from switch tables

For each window, entropy is calculated and

compared to threshold.
 ENTROPY < THRESHOLD

YES NO

ATTACK DETECTED NO ATTACK

Topologies to be implemented

Single Topology Linear Topology

In this, a single In this, multiple
switch is switch are
connected to present and each
multiple hosts. is connected to
single host.
DEMO TIME
RESULTS
DDoS Detection Results

Before Attack
DDoS Detection Results

After Attack
Results with SINGLE topology:

This presents a combination of attack and normal traffic captured

by sFlow-RT, when the attack traffic is detected by the algorithm,
the number of bytes returns to the normal traffic rate.
Results with LINEAR topology:

In this test, POX controller is connected to linear topology, since the

number of switches in linear topology is more than in single topology, the
load on the controller will increase, and the detection of attack traffic
will be slower than in single topology
 Conclusion:
 Entropy detection algorithm detects lower than
threshold Entropy values and block attack
packets and only keep normal packets.
 Detection algorithm works better in single
topology than in linear topology, however single
topology has the disadvantage of single point of
failure.
 Finally, it is noticed that increasing the number
of controllers in linear topology improves the
security of the network.
THANK YOU