Software defined networks (SDNs) in a combination of cloud computing are the best amalgamation for the researchers and industry. Though, these unique networking paradigms have been accepted world widely, they are hampered by various security threats. Among all the threats, the attack, Distributed Denial-of-Service (DDoS) is the most severe attack into the SDN-Cloud. In spite of, so many developments in tools and technology, it is still hard to detect the DDoS attack. Therefore, till now there is no efficient solution to cope up with this problem. In our research work, we proposed a defensive mechanism for DDoS attacks that is based on variations in entropy between DDoS attack and a normal traffic with a low computational overhead. We also proposed a mitigation technique to reduce the severity of the attack. On comparing with the existing DDoS mechanisms, our proposed method holds three advantages as (i) detection rate is high, (ii) false positive rate is low and (iii) the mitigation ability. Simulations are carried out in mininet emulator with POX controller and open flow switches at different attack strength. Our proposed mechanism has achieved a high detection rate with 98.2% over variable attack rate along with 0.04% false positive rate.

结合了云计算的软件定义网络（SDN）是研究人员和行业的最佳组合。尽管这些独特的网络范例已被世界广泛接受，但它们受到各种安全威胁的阻碍。在所有威胁中，分布式拒绝服务（DDoS）攻击是对SDN云的最严重攻击。尽管在工具和技术上进行了如此多的开发，但仍然很难检测到DDoS攻击。因此，到目前为止，还没有有效的解决方案来解决这个问题。在我们的研究工作中，我们提出了一种针对DDoS攻击的防御机制，该机制基于DDoS攻击与正常流量之间的熵变而具有较低的计算开销。我们还提出了缓解技术以降低攻击的严重性。与现有的DDoS机制相比，我们提出的方法具有三个优点：（i）检测率高，（ii）假阳性率低和（iii）缓解能力。在带有POX控制器和开放式流量开关的mininet仿真器中以不同的攻击强度进行仿真。我们提出的机制实现了很高的检测率，超过了98.2％的可变攻击率以及0.04％的误报率。