This project (done during the M.Sc.) explores an entropy-based method for early detection and mitigation of DDoS attacks in Software-Defined Networks (SDN). Implemented using Mininet, POX controller, and custom packet generation via Scapy, it evaluates statistical randomness in destination IPs to identify abnormal behavior.
- Institution: TU Ilmenau – Communication Networks Group
- Author: Mamdouh Muhammad
- Supervision: Abdullah Soliman Alshra’a
- Toolset: Mininet, POX, Scapy, sFlow-RT, Iperf
- Topology: Fat-tree with 16 hosts and 4 OpenFlow switches
-
Entropy Measurement:
Computes destination IP entropy in windows of 50, 300, or 500 packets -
Three Traffic Phases:
- Benign only (entropy ≈ 1.1)
- Attack only (entropy ≈ 0.0)
- Mixed traffic (entropy ≈ 0.5)
-
Detection Logic:
A DDoS is flagged if 5 consecutive windows fall below a computed entropy threshold -
Mitigation Strategy:
Link bandwidth throttling usingTCLinkto disrupt attack traffic
Topology.py: Fat-tree topology with 80 hosts and dual controllersentropy.py: Entropy-based anomaly detector integrated with POXMamdouh Muhammad ARP Report.pdf: Technical reportFinal Presentation - Mamdouh Muhammad - ARP.pptx: Summary slides
- Entropy-based detection reliably flags concentrated traffic attacks
- Real-time flow monitoring with sFlow-RT confirms detection accuracy
- Bandwidth control mitigates attack without halting benign traffic
- Future work includes ML-based detection and differentiation from flash crowds
📩 Contact: mamdouh.eac@gmail.com