An Innovative Framework To Detect And Mitigate High and Low-rate DDoS Attack And IP/MAC Spoofing DDoS Attacks In SDN Using Renyi Entropy

The centralized nature of Software-Defined Networking (SDN) offers flexibility but makes the controller highly vulnerable to Distributed Denial-of-Service (DDoS) attacks. This paper proposes a Rényi entropy–based detection and mitigation framework that addresses high-rate flooding, low-rate stealthy attacks, and IP/MAC spoofing threats in SDN. Unlike Shannon entropy, Rényi entropy provides adjustable sensitivity through its tunable parameter, enabling more accurate identification of abnormal traffic distributions. The framework simultaneously monitors five traffic attributes—source IP, source MAC, protocol type, packet size, and packet inter-arrival time—while dynamically updating entropy thresholds from historical values to adapt with changing traffic conditions. Spoofing detection is enhanced by identifying mismatches between IP and MAC entropies. Experimental validation in a Mininet-WiFi testbed with a Ryu controller shows that the framework consistently detects diverse attack types with ~ 80% accuracy, low false positives, and minimal computational overhead. The system uses few resources, keeping CPU use between 0.0% and 2.5%, and it detects and responds to different kinds of threats in less than 2.5 seconds.