DDOS attack Using Entropy In sFlow

376 views
Skip to first unread message

rajeev yadla

unread,
Feb 12, 2017, 11:14:32 PM2/12/17
to sFlow-RT
Hi,
I am trying to do DDOS mitigation technique in SDN using mininet.
i need to find the entropy of each host for each and every flow of packets. Based on entropy i need to find whether there is attack or not. Is it possible to implement this mechanism using sFlow.
thnQ,
 
regards
Rajiv

Peter Phaal

unread,
Feb 13, 2017, 11:45:08 AM2/13/17
to rajeev yadla, sFlow-RT
On Sun, Feb 12, 2017 at 8:14 PM, rajeev yadla <rajeev...@gmail.com> wrote:
I am trying to do DDOS mitigation technique in SDN using mininet.
i need to find the entropy of each host for each and every flow of packets. Based on entropy i need to find whether there is attack or not. Is it possible to implement this mechanism using sFlow.

How would you propose calculating entropy? There is currently no explicit support for entropy calculations in sFlow-RT, but you could probably implement an entropy calculation in a setFlowHandler() function, e.g.

A simpler method is to define flows that match attack vectors (for example, tracking ipdestination,udpsourceport). Triggering on frame rate works well in practice, e.g.

rajeev yadla

unread,
Feb 13, 2017, 11:56:51 AM2/13/17
to Peter Phaal, sFlow-RT
thank you very much sir for your reply,
i want to calculate the entropy of a particular host based on the destination IP's of hosts.. so if any host is getting the large amount of packets then i have to say DDOS attack occured and have to start MItigation technique.
regards
rajiv

rajeev yadla

unread,
Feb 14, 2017, 11:45:51 PM2/14/17
to Peter Phaal, sFlow-RT
Is it possible..????

Mehdi Moshiri

unread,
Aug 7, 2017, 9:43:44 AM8/7/17
to sFlow-RT
Hi Mr.
I am working on the DDoS detection in SDN in Sharif University.I am happy corporate together and share any info.
Thanks
M.Moshiri

anju km

unread,
Nov 7, 2019, 9:45:46 AM11/7/19
to sFlow-RT
Hai sir,
I am also work in the same area DDoS mitigation in SDN ONOS controller, do you have any code or reference link pls share with me.

Peter Phaal

unread,
Nov 7, 2019, 9:49:46 AM11/7/19
to sFlow-RT
The following article provides an example of simulating and controlling a DDoS attack using Mininet and ONOS:

anju km

unread,
Nov 17, 2019, 9:25:21 AM11/17/19
to Peter Phaal, sFlow-RT
Thank you for your response.
but when I run this command :  $env RTPROP=-Dscript.file=ddos.js ./start.sh
the output shows like this
---------------------------------------
2019-11-17T19:46:50+05:30 WARNING: ddos.js IO exception ddos.js
2019-11-17T19:46:50+05:30 INFO: ddos.js stopped
------------------------------------
how to solve this IO expection  problem?

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sflow-rt/fe1ac68e-4e7e-45df-ba3d-81d30d1722c6%40googlegroups.com.

Peter Phaal

unread,
Nov 17, 2019, 11:08:05 AM11/17/19
to sFlow-RT
The IO exception means that the HTTP request to the ONOS REST API is failing. Try using cURL to troubleshoot, i.e.



On Sunday, November 17, 2019 at 6:25:21 AM UTC-8, anju km wrote:
Thank you for your response.
but when I run this command :  $env RTPROP=-Dscript.file=ddos.js ./start.sh
the output shows like this
---------------------------------------
2019-11-17T19:46:50+05:30 WARNING: ddos.js IO exception ddos.js
2019-11-17T19:46:50+05:30 INFO: ddos.js stopped
------------------------------------
how to solve this IO expection  problem?

On Thu, Nov 7, 2019 at 8:19 PM Peter Phaal <peter...@gmail.com> wrote:
The following article provides an example of simulating and controlling a DDoS attack using Mininet and ONOS:
https://blog.sflow.com/2018/04/onos-measurement-based-control.html

On Thursday, November 7, 2019 at 6:45:46 AM UTC-8, anju km wrote:
Hai sir,
I am also work in the same area DDoS mitigation in SDN ONOS controller, do you have any code or reference link pls share with me.

On Monday, February 13, 2017 at 9:44:32 AM UTC+5:30, rajeev yadla wrote:
Hi,
I am trying to do DDOS mitigation technique in SDN using mininet.
i need to find the entropy of each host for each and every flow of packets. Based on entropy i need to find whether there is attack or not. Is it possible to implement this mechanism using sFlow.
thnQ,
 
regards
Rajiv

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+unsubscribe@googlegroups.com.

anju km

unread,
Nov 18, 2019, 4:58:07 AM11/18/19
to Peter Phaal, sFlow-RT
Sir,
if I run this command : curl http://127.0.0.1:8181/onos/v1/flows
 

the output shows like this :
-------------
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
<title>Error 401 Unauthorized</title>
</head>
<body><h2>HTTP ERROR 401</h2>
<p>Problem accessing /onos/v1/flows. Reason:
<pre>    Unauthorized</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/>                                                
<br/>                                                
<br/>                                                
<br/>                                                
<br/>           


how to solve this problem
--------------------

how to solve this problem??

To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sflow-rt/68bec289-1324-4918-9371-4a412a771cc0%40googlegroups.com.

anju km

unread,
Nov 18, 2019, 8:46:40 AM11/18/19
to Peter Phaal, sFlow-RT
Hai sir,
 In my system 
when I run: $ curl http://127.0.0.1:8181/onos/v1/flows its show authentication problem
then I tried command like curl http://127.0.0.1:8181/onos/v1/flows --user onos: rocks
then it shows all the flows 

 Is it need any modification in ddos.js code???

when I run this command :  $env RTPROP=-Dscript.file=ddos.js ./start.sh
the output shows the same problem 
---------------------------------------
2019-11-17T19:46:50+05:30 WARNING: ddos.js IO exception ddos.js
2019-11-17T19:46:50+05:30 INFO: ddos.js stopped
------------------------------

please help me to solve this problem.

 

Peter Phaal

unread,
Nov 19, 2019, 7:06:15 PM11/19/19
to sFlow-RT
Is the ddos.js script in the sflow-rt directory? Files are references relative to the sflow-rt directory.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+unsubscribe@googlegroups.com.

anju km

unread,
Nov 20, 2019, 4:10:59 AM11/20/19
to Peter Phaal, sFlow-RT
Thank you Sir.
Now it's working fine.
the result of ./start.sh show the "blocking "

but I had a doubt: The mininet-dashboard shows the same result --> when we running with ddos.js and without ddos.js ??


To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sflow-rt/a2362a0a-357c-45cb-b0f3-c02518bcb285%40googlegroups.com.
onos-ddos.png

Peter Phaal

unread,
Nov 20, 2019, 7:34:45 PM11/20/19
to sFlow-RT
The attack traffic is shown in the blue line, the ingress traffic reported by the switch port connected to the attacker host (s2-eth1). The orange line is traffic seen on the upstream switch port (s3-eth3) and can be seen to drop immediately after the attack was detected and the control was pushed to the first switch.

You can also verify the attack is being dropped if you look at the Mininet Dashboard Topology page:
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+unsubscribe@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "sFlow-RT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sflow-rt+unsubscribe@googlegroups.com.
Message has been deleted

Hanan Negm

unread,
Feb 14, 2020, 5:11:18 AM2/14/20
to sFlow-RT


Hi
MY Graduation Project in DDOS attack in SDN..,,
i need link or what steps should i know to do this project
Reply all
Reply to author
Forward
0 new messages