Information Gain-Based Detection of Low and High Severity DDoS Attacks in SDN with Automated Mitigation Responses
| International Journal of Electronics and Communication Engineering |
| © 2025 by SSRG - IJECE Journal |
| Volume 12 Issue 8 |
| Year of Publication : 2025 |
| Authors : Jaimin M Shroff, Sanjay M Shah |
10.14445/23488549/IJECE-V12I8P101
How to Cite?
Jaimin M Shroff, Sanjay M Shah, "Information Gain-Based Detection of Low and High Severity DDoS Attacks in SDN with Automated Mitigation Responses," SSRG International Journal of Electronics and Communication Engineering, vol. 12, no. 8, pp. 1-10, 2025. Crossref, https://doi.org/10.14445/23488549/IJECE-V12I8P101
Abstract:
Distributed Denial of Service (DDoS) attacks continue to be a significant danger to network infrastructure, especially in Software-Defined Networking (SDN) environments, because of their centralized management mechanisms. This study presents a dynamic, multi-tiered DDoS detection and mitigation framework utilizing entropy and Information Gain (IG) for real-time severity assessment. In contrast to conventional single-threshold models, our methodology differentiates between normal, low-intensity, and high-intensity DDoS attacks by analyzing statistical traffic entropy fluctuations and IG thresholds. Low-severity attacks are diverted to honeypots for isolation and examination, but high-severity threats activate automatic port-blocking protocols at the switch level. The proposed method demonstrates significant responsiveness in mitigation while causing minimum disturbance to legal traffic. Our architecture offers a strong, automated defensive strategy that corresponds with the evolving characteristics of contemporary network threats. This research represents a substantial advancement in intelligent, SDN-based DDoS mitigation. It establishes a basis for future integration with deep learning and cloud-native architectures to manage encrypted and large-scale traffic environments.
Keywords:
DDoS, SDN, Information Gain, Mitigation, Packet-Per-Second.
References:
[1] Neelam Dayal et al., “Research Trends in Security and DDoS in SDN,” Security and Communication Networks, vol. 9, no. 18, pp. 6386-6411, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Monika Sachdeva, Krishan Kumar, and Gurvinder Singh, “A Comprehensive Approach to Discriminate DDoS Attacks from Flash Events,” Journal of Information Security and Applications, vol. 26, pp. 8-22, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[3] Basheer Husham Ali et al., “Detection of Different Types of Distributed Denial of Service Attacks Using Multiple Features of Entropy and Sequential Probabilities Ratio Test,” Journal of Engineering Science and Technology, vol. 18, no. 2, pp. 844-861, 2023.
[Google Scholar] [Publisher Link]
[4] Chandrapal Singh, and Ankit Kumar Jain, “A Comprehensive Survey on DDoS Attacks Detection & Mitigation in SDN-IoT Network,” e-Prime - Advances in Electrical Engineering, Electronics and Energy, vol. 8, pp. 1-17, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Juan Camilo Correa Chica, Jenny Cuatindioy Imbachi, and Juan Felipe Botero Vega, “Security in SDN: A Comprehensive Survey,” Journal of Network and Computer Applications, vol. 159, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Bushra Alhijawi et al., “A Survey on DoS/DDoS Mitigation Techniques in SDNs: Classification, Comparison, Solutions, Testing Tools and Datasets,” Computers and Electrical Engineering, vol. 99, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Cameron S. Whittle, and Hong Liu, “Effectiveness of Entropy-Based DDoS Prevention for Software Defined Networks,” 2021 IEEE International Symposium on Technologies for Homeland Security, Boston, MA, USA, pp. 1-7, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Mayadah A. Mohsin, and Ali H. Hamad, “Implementation of Entropy-Based DDoS Attack Detection Method in Different SDN Topologies,” American Academic Scientific Research Journal for Engineering, Technology, and Sciences, vol. 86, no. 1, pp. 63-76, 2022.
[Google Scholar] [Publisher Link]
[9] Mohammed Ibrahim Kareem, and Mahdi Nsaif Jasim, “Entropy-Based Distributed Denial of Service Attack Detection in Software-Defined Networking,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 27, no. 3, pp. 1542-1549, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Debashis Kar Suvra, “An Efficient Real Time DDoS Detection Model Using Machine Learning Algorithms,” Arxiv Preprint, pp. 1-7, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[11] Alexandru Apostu et al., “Detecting and Mitigating DDoS Attacks with AI: A Survey,” Arxiv Preprint, pp. 1-35, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Amany I. Hassan, Eman Abd El Reheem, and Shawkat K. Guirguis, “An Entropy and Machine Learning Based Approach for DDoS Attacks Detection in Software Defined Networks,” Scientific Reports, vol. 14, no. 1, pp. 1-18, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Najmun Nisa et al., “TPAAD: Two‐Phase Authentication System for Denial of Service Attack Detection and Mitigation Using Machine Learning in Software‐Defined Network,” International Journal of Network Management, vol. 34, no. 3, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Sergii Lysenko et al., “Detection of the Botnets’ Low-Rate DDoS Attacks Based on Self-Similarity,” International Journal of Electrical and Computer Engineering, vol. 10, no. 4, pp. 3651-3659, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[15] Anchal Ahalawat et al., “A Low-Rate DDoS Detection and Mitigation for SDN Using Renyi Entropy with Packet Drop,” Journal of Information Security and Applications, vol. 68, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Nirzari Patel, and Hiren Patel, “Novel Approach for Ddos Attack Mitigation in Software Defined Network,” Journal of Information Systems Engineering and Management, vol. 10, no. 30s, pp. 2468-4376, 2025.
[CrossRef] [Publisher Link]
[17] Jin Wang, and Liping Wang, “LR-STGCN: Detecting and Mitigating Low-Rate DDoS Attacks in SDN Based on Spatial–Temporal Graph Neural Network,” Computers & Security, vol. 154, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[18] Pooja Chaudhary, A.K. Singh, and B.B. Gupta, “Dynamic Multiphase DDoS Attack Identification and Mitigation Framework to Secure SDN-Based Fog-Empowered Consumer IoT Networks,” Computers and Electrical Engineering, vol. 123, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Jishuai Li et al., “DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks,” Sensors, vol. 22, no. 3, pp. 1-17, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Wajdy M. Othman, “Implementation and Performance Analysis of SDN Firewall on POX Controller,” 2017 IEEE 9th International Conference on Communication Software and Networks, Guangzhou, China, pp. 1461-1466, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Phan The Duy, Leduy An, and Van Hau Pham, “Mitigating Flow Table Overloading Attack with Controller-based Flow Filtering Strategy in SDN,” Proceedings of the 2019 9th International Conference on Communication and Network Security, Chongqing China, pp. 154-158, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[22] R. Srivastava et al., “Mitigation of DDoS Attack Instigated by Compromised Switches on SDN Controller by Analyzing the Flow Rule Request Traffic,” International Journal of Engineering & Technology, vol. 7, no. 2.6, pp. 46-49, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Jisi Chandroth, Byeong-Hee Roh, and Jehad Ali, “Performance Analysis of Python Based SDN Controllers over Real Internet Topology,” 2022 Thirteenth International Conference on Ubiquitous and Future Networks, Barcelona, Spain, pp. 283-288, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Jin Wang, and Liping Wang, “SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN,” Sensors, vol. 22, no. 21, pp. 1-21, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Faisal Jamil, Harun Jamil, and Abid Ali, “Spoofing Attack Mitigation in Address Resolution Protocol (ARP) and DDoS in Software-Defined Networking,” Journal of Information Security and Cybercrimes Research, vol. 5, no. 1, pp. 31-42, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Diego S.M. Gonçalves, Rodrigo S. Couto, and Marcelo G. Rubinstein, “A Protection System Against HTTP Flood Attacks Using Software Defined Networking,” Journal of Network and Systems Management, vol. 31, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[27] Jisa David, and Ciza Thomas, “DDoS Attack Detection Using Fast Entropy Approach on Flow- Based Network Traffic,” Procedia Computer Science, vol. 50, pp. 30-36, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Amit Kumar Jaiswal, “DOS Attack Network Traffic Monitoring in Software Defined Networking Using Mininet and RYU Controller,” Research Square, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[29] Yuyang Zhou et al., “Resource-Efficient Low-Rate DDoS Mitigation with Moving Target Defense in Edge Clouds,” IEEE Transactions on Network and Service Management, vol. 22, no. 1, pp. 168-186, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[30] Mitali Sinha et al., “SynFloWatch: An Entropy-Based Live Defense System against SYN Spoofing DDoS Attacks in Hybrid SDN,” Journal of Network and Systems Management, vol. 33, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[31] Dan Tang et al., “A Low-Rate DoS Attack Mitigation Scheme Based on Port and Traffic State in SDN,” IEEE Transactions on Computers, vol. 74, no. 5, pp. 1758-1770, 2025.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Thangavel Yuvaraja et al., “Detecting and Mitigating Low-Rate DoS and DDoS Attacks: Multimodal Fusion of Time-Frequency Analysis and Deep Learning Model,” Technical Bulletin, vol. 31, no. 2, pp. 495-501, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Abdullah Ahmed Bahashwan et al., “HLD-DDoSDN: High and Low-Rates Dataset-Based DDoS Attacks against SDN,” PLoS One, vol. 19, no. 2, 2024.
[CrossRef] [Google Scholar] [Publisher Link]