International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 10 Issue: 08 | Aug 2023
p-ISSN: 2395-0072
www.irjet.net
Early Detection and Prevention of Distributed Denial Of Service Attack Using Software- Defined Networks with Mininet Network Simulator Pinnaka Khantirava Venkat Laxman Kumar, Pinnaka Khanil Sai Ram Manikanta Chowdary, Kakumanu LV Surya Anil, Vaduguri Sai Krishna, Pavuluri Prudhvi Kumar SBI Colony Road No 4 Sahithi Enclave, Kothapet, Hyderabad 500035 4-96 Laxmi Nilayam, APSRTC Colony, nandyala, Andhra Pradesh 518501 ---------------------------------------------------------------------***--------------------------------------------------------------------Abstract - Early identification is critical for successful protection of Distributed Denial of Service (DDoS) attacks, which pose a
significant risk to contemporary networks. This study presents a DDoS detection and prevention strategy that utilises a centralised Software Defined Networking (SDN) controller to handle this issue. The proposed mechanism employs flow statistics to identify anomalous traffic patterns that may indicate a potential DDoS attack. Once detected, SDN's ability to dynamically configure network paths is used to divert malicious traffic away from the target. The suggested technique effectively detects and mitigates DDoS attacks with low false positive rates. Additionally, it reduces the overall network traffic and improves network performance. The use of a centralized SDN controller enables a quick response to DDoS attacks and facilitates real-time monitoring. The mechanism is scalable and can be deployed in large-scale networks without compromising performance. Comparing with existing methods, the proposed mechanism shows superior performance in terms of accuracy and response time. It also reduces the need for expensive hardware-based solutions. The mechanism can be easily customized to cater to specific network requirements, and it is resilient to attacks that try to evade detection. The proposed mechanism has the potential to reduce the impact of DDoS attacks on critical network services, providing a more secure and reliable network. Furthermore, the mechanism enhances the visibility of network traffic, enabling network administrators to identify potential security threats. It may be used with other security tools to create a robust network security infrastructure. The proposed mechanism offers a practical solution to the growing threat of DDoS attacks, enabling organizations to safeguard their network services against malicious attacks. It is designed to be adaptive, enabling it to adjust to changing network conditions and traffic patterns, providing a high level of security against DDoS attacks, ensuring the availability of network services. Key Words: Distributed Denial of Service, Centralized SDN Controller, Entropy, flow statistics, anomalous traffic patterns.
1.INTRODUCTION The project aims to propose a mechanism for detecting and preventing DDoS attacks using SDN (Software Defined Networking) POX controller and Mininet network with Entropy methodology. In recent years, DDoS attacks have become a serious threat to modern networks, causing significant damage to organizations' critical services. Early detection and prevention of such attacks are crucial to ensure the availability and reliability of network services. SDN provides a flexible and programmable architecture that enables network administrators to configure network paths dynamically, making it a promising solution for DDoS detection and prevention. The proposed mechanism uses the Entropy methodology to identify the entropy values of different packet attributes and identify anomalies that may indicate a potential DDoS attack. The POX controller then dynamically reconfigures the network paths to divert the malicious traffic away from the target. The mechanism's effectiveness is evaluated using various statistical metrics for example detection rate, false alarm rate, and response time. Statistical analysis, machine learning, and rule-based approaches are only some of the methodologies described in previous research for DDoS detection and prevention. There are benefits and drawbacks to every approach, and the goal of the suggested technique is to eliminate the drawbacks. This project's primary advantage is that it achieves a high detection rate while minimizing false positives and response time, making it an efficient and effective solution for DDoS detection and prevention. However, it also has certain limitations, such as its reliance on the Entropy methodology and the need for a centralized POX controller.
© 2023, IRJET
|
Impact Factor value: 8.226
|
ISO 9001:2008 Certified Journal
|
Page 86