| SENATE: SDN-Empowered Network Anomaly Tracker using Entropy for IoT DDoS Detection |
| Paper ID : 1027-ICEEM2025 (R1) |
| Authors |
|
Manal Gafar *1, Saied M Abd El-atty2, Mohamed S Arafa2 1Cyber Security and Networks Program, University of East London, European Universities in Egypt (EUE), The New Administrative Capital, Egypt. 2Department of Electronics and Electrical Communications Engineering, Faculty of Electronic Engineering. Menoufia University Menouf, 32952, Egypt. |
| Abstract |
| The growth in the use of Internet of Things (IoT) devices has augmented automation and connectivity while simultaneously leaving networks vulnerable to advanced security attacks, primarily Distributed Denial of Service (DDoS) attacks. This paper proposes a novel Software-Defined Networking (SDN)-enabled approach for detecting and mitigating DDoS attacks in IoT environments through real-time statistical analysis. The approach integrates entropy-based traffic analysis with mean drop rate (MDR) evaluation and dual IP/MAC address verification to accurately distinguish between malicious traffic and legitimate flash crowd events. The system operates with an optimal window size of 32 packets, achieving an MDR of 14.13% at a 20% attack rate, higher MDR signifies a more effective detection capability. This configuration yields a detection accuracy of 98.33% with a minimal false negative rate of 1.6%. The SDN controller dynamically reconfigures flow policies to block, or rate-limit detected threats without introducing significant computational overhead. Experimental validation using emulated SD-IoT networks confirms the solution’s efficiency in early attack detection, low latency, and reliable performance under varying attack scenarios. |
| Keywords |
| SD-IoT, IoT security, DDoS detection, entropy, average drop rate, IP/MAC verification, flash crowd distinction. |
| Status: Accepted |