Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Manish Snehi,Abhinav Bhandari,Jyoti Verma

DOI: https://doi.org/10.1016/j.cose.2024.103702

IF: 5.105

2024-01-12

Computers & Security

Abstract:Introduction The convergence of the Internet of Anything (IoX), software-defined communication layer, and sophisticated cloud platform has steered the dawn of the fourth industrial revolution era (Industry 4.0). The technological leap forward has given shelter to the umbrella of cyber-physical systems such as Smart Grids, Agriculture, and Healthcare. The exponential growth of vulnerable spots (the Internet of Things) in multi-layer cyber-physical systems is involuntarily contributing to malignant IoT-generated denial-of-service attacks. The IoT devices manifest a high degree of diversity in traffic patterns, and a single dataset is insufficient to cover fiducial attack scenarios. In addition, the research community is pressing to overcome other roadblocks, such as an optimal architecture for solution efficacy, performance issues, and the need for comprehensive validation of the proposed solutions. Methods The paper offers a five-stage defense framework for building a mitigation against IoT-based DDoS attacks. The article brings forth an amalgamated dataset concocted from InSDN, BoT-IoT, and UNSW-Sydney datasets and a simulated dataset for IoT-DDoS to the research community. The paper employs a multi-stage Stack-Ensembled framework at the heart of the solution pillared on physical devices' behavioral attributes, resulting in a universal defense approach. The experiment leverages fog computing with distributed computational nodes to reduce response latency. Furthermore, the paper implements attack-detection-as-a-service on top of the Docker framework for a cost-effective, reusable, and portable framework. The novel design of the framework presents a light mitigation scheme to the SDN controller, ensuring a negligible impact on the controller's performance. Results and Discussion The hand-crafted feature selection process reduced the features by 80%, demonstrating a high accuracy of 99.99% with benchmark datasets, 98.84% accuracy in the simulation environment, and collateral damage of 1.52%. The experiment observes encouraging values for vital performance parameters that researchers often miss to discuss. Furthermore, the paper thoroughly analyzes IoT-DDoS mitigation framework performance parameters.

computer science, information systems

Muhammad Aslam,Dengpan Ye,Aqil Tariq,Muhammad Asad,Muhammad Hanif,David Ndzi,Samia Allaoua Chelloug,Mohamed Abd Elaziz,Mohammed A A Al-Qaness,Syeda Fizzah Jilani

DOI: https://doi.org/10.3390/s22072697

2022-03-31

Abstract:The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.

P. Malini,K.R. Kavitha,Dr. K.R. Kavitha

DOI: https://doi.org/10.1016/j.cose.2024.103818

IF: 5.105

2024-03-29

Computers & Security

Abstract:In recent years, the development of Internet of Things (IoT) applications has increased, resulting in higher demands for sufficient bandwidth, data rates, latency, and quality of service (QoS). In advanced communications, managing network resources for allocating IoT services and identifying the exact IoT devices connected to a network is a major concern. The existing studies have introduced various methods for classifying IoT devices in a network. However, the previous studies faced challenges like limited attributes, low efficiency, inappropriate features, and computational complexities. Also, the existing studies failed to concentrate on IoT/Non-IoT classification along with attack detection. Detecting attacks on IoT devices is critical for making network services more effective. Thus, the proposed study introduces an efficient IoT device classification and attack detection mechanism using Software Defined Networking (SDN)-enabled Fiber-Wireless Access Networks Internet of Things (FiWi IoT) architecture. Initially, an effective resource allocation process is performed to mitigate the delay constraint issues by introducing a hybrid parallel neural network-based dynamic bandwidth allocation (DBA) method. Then, the input traffic information is gathered from the resource-efficient SDN-enabled FiWi IoT network, and the input data is pre-processed to eliminate unwanted noises using min-max normalization and standardization. Next, the essential attributes are extracted to attain enhanced classification performance. To reduce the feature dimensionality problem and thereby solve complexity issues, the most optimal features are selected by a new Chaotic Seagull Optimization (CSO) approach. After that, IoT/non-IoT classification is performed using a transformer-driven deep intelligent model. Finally, the attacks are detected and classified by introducing a novel Slice Attention-based Deep Capsule Autoencoder (SA_DCAE) model. For experimentation, the Python 3.7.0 tool is used in this work, and the performance of proposed classifiers is measured by evaluating varied matrices. Also, the comparison analysis proves the superiority of the proposed techniques to other existing methods.

computer science, information systems

Usman Haruna Garba,Adel N. Toosi,Muhammad Fermi Pasha,Suleman Khan

DOI: https://doi.org/10.1016/j.comcom.2024.04.001

IF: 5.047

2024-04-06

Computer Communications

Abstract:The adoption of the Internet of Things (IoT) has proliferated across various domains, where everyday objects like refrigerators and washing machines are now equipped with sensors and connected to the internet. Undeniably, the security of such devices, which were not primarily designed for internet connectivity, is of utmost importance but has been largely neglected. In this paper, we propose a framework for real-time DDoS attack detection and mitigation in SDN-enabled smart home networks. We capture network traffic during regular operations and during DDoS attacks. This captured traffic is used to train several machine learning (ML) models, including Support Vector Machine (SVM), Logistic Regression, Decision Trees, and K-Nearest Neighbors (KNN) algorithms. These trained models are executed as SDN controller applications and subsequently employed for real-time attack detection. While we utilize ML techniques to protect IoT devices, we propose the use of SNORT, a signature-based detection technique, to secure the SDN controller itself. Real-world experiments demonstrate that without SNORT, the SDN controller goes offline shortly after an attack, resulting in a 100% packet loss. Furthermore, we show that ML algorithms can efficiently classify traffic into benign and attack traffic, with the Decision Tree algorithm outperforming others with an accuracy of 99%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kalpana Kumbhar,Prachi Mukherji

DOI: https://doi.org/10.1080/0954898x.2024.2356852

2024-06-19

Network Computation in Neural Systems

Abstract:The attacks like distributed denial-of-service (DDoS) are termed as severe defence issues in data centres, and are considered real network threat. These types of attacks can produce huge disturbances in information technologies. In addition, it is a complex task to determine and fully alleviate DDoS attacks. The new strategy is developed to identify and alleviate DDoS attacks in the Software-Defined Internet of Things (SD-IoT) model. SD-IoT simulation is executed to gather data. The data collected through nodes of SD-IoT are fed to the selection of feature phases. Here, the hybrid process is considered to select features, wherein features, like wrapper-based technique, cosine similarity-based technique, and entropy-based technique are utilized to choose the significant features. Thereafter, the attack discovery process is done with Elephant Water Cycle (EWC)-assisted deep neuro-fuzzy network (DNFN). The EWC is adapted to train DNFN, and here EWC is obtained by grouping Elephant Herd Optimization (EHO) and water cycle algorithm (WCA). Finally, attack mitigation is carried out to secure the SD-IoT. The EWC-assisted DNFN revealed the highest accuracy of 96.9%, TNR of 98%, TPR of 90%, precision of 93%, and F1-score of 91%, when compared with other related techniques.

computer science, artificial intelligence,engineering, electrical & electronic,neurosciences

Behaylu Tadele Alemu,Alemu Jorgi Muhammed,Habtamu Molla Belachew,Mulatu Yirga Beyene

DOI: https://doi.org/10.1007/s10586-024-04660-8

2024-07-20

Cluster Computing

Abstract:Software-defined networking (SDN) has emerged as a transformative technology that separates the control plane from the data plane, providing advantages such as flexibility, centralized control, and programmability. This innovation proves particularly beneficial for Internet of Vehicles (IoV) networks, which amalgamate the Internet of Things (IoT) and Vehicular Ad Hoc Network (VANET) to implement Intelligent Transportation Systems (ITS). IoV provides a safe and secured vehicular environment by supporting V2V, V2I, V2S, and V2P. By employing an SDN controller, IoV networks can leverage centralized control and enhanced manageability, leading to the emergence of Software-Defined Internet of Vehicles (SD-IoV) as a promising solution for future communications. However, the SD-IoV networks introduces a potential vulnerability in the form of a single point of failure, particularly susceptible to Distributed Denial of Service (DDoS) attacks. This is because of the centralized nature of SDN and the dynamic nature of IoV. In this context, the SDN controller becomes a prime target for attackers who flood it with massive packet-in messages. To address this security concern, we propose an efficient and lightweight attack detection and mitigation scheme within the SDN controller. The scheme includes a detection module that utilizes entropy and flow rate to identify patterns indicative of attack traffic behavior. Additionally, a mitigation module is designed to minimize the effect of attack traffic on the normal operation, this is performed through analysis of payload lengths.The mitigation flow rule is set for specific traffic type if its payload is less than the threshold value to decrease the false positive rate. An adaptive threshold computation for all parameter values enhances the scheme's effectiveness. We conducted simulations using SUMO, Mininet-WiFi, and Scapy. We evaluated the system performance by using Mininet-wifi SDN simulation tool and Ryu controller for control plane. The system detects DDoS attack traffic within a single window by checking both entropy and flow rate simultaneously. The simulation results demonstrate the efficacy of our proposed scheme in terms of detection time, accuracy, mitigation efficiency, controller load, and link bandwidth consumption, showcasing its superiority compared to existing works in the field.

computer science, information systems, theory & methods

Mamatha Maddu,Yamarthi Narasimha Rao

DOI: https://doi.org/10.1007/s10586-024-04581-6

2024-06-19

Cluster Computing

Abstract:Software-defined networking (SDN) is known for its enhanced network programmability and adaptability, but maintaining strong safety precautions to protect against emerging cyber-attacks remains a constant issue. Since SDN has logically centralized control, an attack on the controller might paralyze the entire network. For this reason, intrusion detection is very crucial. Many academics have embraced state-of-the-art techniques to assess and identify these assaults. However, the majority of these approaches lack scalability and accuracy. Moreover, they had difficulties with restricted features, low efficiency, incorrect characteristics, and computing complexity. Therefore, to detect network vulnerabilities in SDN-based IoT networks, we developed a practical deep learning approach based on Res2Net and Elman Recurrent Neural Networks (ERNN) technique as a defense solution to detect security issues in SDN. This framework consists of multiple steps and starts by addressing the dataset's class imbalance issue with a Data Augmentation Generative Adversarial Network (DAGAN). Next, the Res2net and Enhanced Honey Badger Algorithm (EHBA) are used to extract and select features. This lowers the computational expense and lessens the possibility that the model would be misled by unsuitable and negative characteristics. Finally, an ERNN-based technique is used to detect and classify the intrusions in SDN. After seeing the network assaults, a practical mitigation framework is implemented to mitigate the network attacks. Three SDN IoT-focused datasets, InSDN, IoT-23 and ToN-IoT, are used in an experimental investigation to analyze the proposed framework's performance. The results of numerous trials show that the proposed method outperforms existing techniques regarding several constraints.

computer science, information systems, theory & methods

DOI: https://doi.org/10.1007/s13042-024-02147-x

2024-05-14

International Journal of Machine Learning and Cybernetics

Abstract:The Internet of Things (IoT) connects billions of devices. However, because of its heterogeneous system and broad connectivity, it is vulnerable to various intrusion challenges, resulting in data and financial loss. The IoT environment must be secured from such threats. This research proposes an SDN-enabled Deep-Learning-Driven System for IoT intrusion detection. Intrusion detection can detect unknown threats from network traffic and is a good network security measure. Most current network anomaly detection approaches use standard machine learning models like KNN and SVM. These approaches have some significant advantages, but they are not very accurate and rely on manual traffic design, which is outmoded in the age of big data. Our proposed Hybrid Deep Learning-based Intrusion Detection System (HDLIDS) addresses low accuracy and feature engineering issues. HDLIDS uses a novel Modified Hybrid Deep Belief Network with Weights (MHDBN-W) algorithm to detect existing and new cyberattacks. The MHDBN-W method consists of an MCL, a layer combining the MGBRBM and DNN-W algorithms, and an aggregator layer. The MHDBN-W technique has two phases: UL and SL of traffic features into normal and abnormal classes. The HDLIDS model is evaluated on the CICIDS2018 dataset compared to other conventional learning methods. It outperforms all other models in all performance criteria.

computer science, artificial intelligence

Parmod Kumar,Anupam Baliyan,K. Ramalingeswara Prasad,N. Sreekanth,Parag Jawarkar,Vandana Roy,Enoch Tetteh Amoatey

DOI: https://doi.org/10.1155/2022/5713092

2022-04-13

Wireless Communications and Mobile Computing

Abstract:A number of disadvantages of traditional networks may be attributed to the close relationship that exists between the control plane and the data plane inside proprietary hardware designs, as described above. The problem of security is one of the most difficult to deal with. There are a plethora of network hazards and attacks that might be encountered these days. DDoS attacks are one of the most popular and disruptive attacks on the internet today, and they affect a wide range of organisations. Despite a large number of traditional mitigation solutions now available, the frequency, volume, and intensity of distributed denial-of-service (DDoS) attacks continue to rise. According to the findings of this paper, a new network paradigm is necessary to satisfy the requirements of today’s complex security concerns. It was necessary to develop a software-defined network (SDN) in order to meet the real-time needs of the massive network that was expanding at an exponential rate. Many advantages of SDN exist, including simplicity of administration, scalability, and agility, but one of the most critical is security, which is one of the most important considerations when implementing SDN. SDS may be seen as a paradigm in which the implementation of new security regulations in the computer environment is performed via the use of protected software, which is described further below. The goal is to provide a flexible and extensible architecture for DDoS detection and prevention that is both flexible and extendable; the suggested clustering approach, which is based on the Open Day Light (ODL) Controller, is employed to carry out the experimental findings. In this section, we emphasise DDoS penetration techniques from a range of tools, and we evaluate the vulnerability against various tactics. It is necessary to use a Mininet emulation tool to construct a detection and prevention system against distributed denial of service (DDoS) attacks in order to achieve success. There is a range of other simulation tools that are utilised in conjunction with this research in order to bring it to a conclusion. Integration of industry standards such as SNORT and Flow has been accomplished in a variety of situations and parameter settings. During the creation of a framework capable of detecting and mitigating DDoS attacks at an early stage in both the control and application levels, the implementation of this framework has been shown to be crucial in the development of a framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Pedro Manso,Jose Moura,Carlos Serrao

DOI: https://doi.org/10.3390/info10030106

2021-04-15

Abstract:The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the normal operation of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

Cryptography and Security,Networking and Internet Architecture

Wajid Rafique,Maqbool Khan,Nadeem Sarwar,Wanchun Dou

DOI: https://doi.org/10.1007/978-3-030-30146-0_6

2019-01-01

Abstract:Managing the huge IoT infrastructure poses a vital challenge to the network community. Software Defined Networking (SDN), due to its characteristics of centralized network management has been considered as an optimal choice to manage IoT. Edge computing brings cloud recourses near the IoT to localize the cloud demands. Consequently, SDN, IoT, and edge computing can be combined into a framework to create a resourceful SDIoT-Edge architecture to efficiently orchestrate cloud services and utilize resource-limited IoT devices in a flexible way. Besides a wide adoption of IoT, the vulnerabilities present in this less secure infrastructure can be exploited by the adversaries to attack the OpenFlow channel using Distributed Denial of Service (DDoS) attacks. DDoS on OpenFlow channel have the ability to disrupt the whole network hence, providing security for the OpenFlow channel is a key challenge in SDIoT-Edge. We propose a security framework called SDIoT-Edge Security (SIESec) against the security vulnerabilities present in this architecture. SIESec prototype employs machine learning-based classification strategy, blacklist integration, and contextual network flow filtering to efficiently defend against the DDoS attacks. We perform extensive simulations using Floodlight controller and Mininet network emulator. Our results proclaim that SIESec provides extensive security against OpenFlow channel DDoS attacks and pose a very less overhead on the network.

Naziya Aslam,Shashank Srivastava,M. M. Gore

DOI: https://doi.org/10.1002/ett.4534

IF: 3.6

2022-05-24

Transactions on Emerging Telecommunications Technologies

Abstract:The programmable behavior of Software‐Defined Networking (SDN) enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. Unfortunately, SDN suffers from the threat of DDoS attacks. We have developed an approach to detect and mitigate these threats in SDN by creating an ONOS Flood Defender application (OFD app). This app effectively detects DDoS attacks using machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system and efficiently mitigates the attacks, preventing a tremendous amount of damage to legitimate users. Software‐Defined Networking (SDN) has made its place in the networks as new technology. SDN's programmable behavior enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. However, SDN suffers from the threat of DDoS attack. We have developed an approach to mitigate these threats by creating an ONOS Flood Defender Application (OFD App). This app effectively detects DDoS attack using supervised and ensemble machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. Our results show that ensemble machine learning techniques perform better than single machine learning algorithm to detect DDoS attack. Random Forest classifier (RFC), an ensemble technique, performs best with the highest accuracy of 99.3% in detecting DDoS attack, followed by XGBoost classifier with an accuracy of 99%. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system. Our app efficiently mitigates the attacks, thereby preventing a tremendous amount of damage to legitimate users.

telecommunications

Walid I. Khedr,Ameer E. Gouda,Ehab R. Mohamed

DOI: https://doi.org/10.3390/math11163552

IF: 2.4

2023-08-18

Mathematics

Abstract:Distributed Denial of Service (DDoS) and Address Resolution Protocol (ARP) attacks pose significant threats to the security of Software-Defined Internet of Things (SD-IoT) networks. The standard Software-Defined Networking (SDN) architecture faces challenges in effectively detecting, preventing, and mitigating these attacks due to its centralized control and limited intelligence. In this paper, we present P4-HLDMC, a novel collaborative secure framework that combines machine learning (ML), stateful P4, and a hierarchical logically distributed multi-controller architecture. P4-HLDMC overcomes the limitations of the standard SDN architecture, ensuring scalability, performance, and an efficient response to attacks. It comprises four modules: the multi-controller dedicated interface (MCDI) for real-time attack detection through a distributed alert channel (DAC), the MSMPF, a P4-enabled stateful multi-state matching pipeline function for analyzing IoT network traffic using nine state tables, the modified ensemble voting (MEV) algorithm with six classifiers for enhanced detection of anomalies in P4-extracted traffic patterns, and an attack mitigation process distributed among multiple controllers to effectively handle larger-scale attacks. We validate our framework using diverse test cases and real-world IoT network traffic datasets, demonstrating high detection rates, low false-alarm rates, low latency, and short detection times compared to existing methods. Our work introduces the first integrated framework combining ML, stateful P4, and SDN-based multi-controller architecture for DDoS and ARP detection in IoT networks.

mathematics

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

Neder Karmous,Mohamed Ould-Elhassen Aoueileyine,Manel Abdelkader,Lamia Romdhani,Neji Youssef

DOI: https://doi.org/10.3390/s24155022

2024-08-03

Abstract:The number of connected devices or Internet of Things (IoT) devices has rapidly increased. According to the latest available statistics, in 2023, there were approximately 17.2 billion connected IoT devices; this is expected to reach 25.4 billion IoT devices by 2030 and grow year over year for the foreseeable future. IoT devices share, collect, and exchange data via the internet, wireless networks, or other networks with one another. IoT interconnection technology improves and facilitates people's lives but, at the same time, poses a real threat to their security. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are considered the most common and threatening attacks that strike IoT devices' security. These are considered to be an increasing trend, and it will be a major challenge to reduce risk, especially in the future. In this context, this paper presents an improved framework (SDN-ML-IoT) that works as an Intrusion and Prevention Detection System (IDPS) that could help to detect DDoS attacks with more efficiency and mitigate them in real time. This SDN-ML-IoT uses a Machine Learning (ML) method in a Software-Defined Networking (SDN) environment in order to protect smart home IoT devices from DDoS attacks. We employed an ML method based on Random Forest (RF), Logistic Regression (LR), k-Nearest Neighbors (kNN), and Naive Bayes (NB) with a One-versus-Rest (OvR) strategy and then compared our work to other related works. Based on the performance metrics, such as confusion matrix, training time, prediction time, accuracy, and Area Under the Receiver Operating Characteristic curve (AUC-ROC), it was established that SDN-ML-IoT, when applied to RF, outperforms other ML algorithms, as well as similar approaches related to our work. It had an impressive accuracy of 99.99%, and it could mitigate DDoS attacks in less than 3 s. We conducted a comparative analysis of various models and algorithms used in the related works. The results indicated that our proposed approach outperforms others, showcasing its effectiveness in both detecting and mitigating DDoS attacks within SDNs. Based on these promising results, we have opted to deploy SDN-ML-IoT within the SDN. This implementation ensures the safeguarding of IoT devices in smart homes against DDoS attacks within the network traffic.

Jin Wang,Liping Wang

DOI: https://doi.org/10.3390/s22218287

IF: 3.9

2022-10-29

Sensors

Abstract:With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of service (DDoS) attacks, which will cause the memory of controllers and switches to be occupied, network bandwidth and server resources to be exhausted, affecting the use of normal users. To solve this problem, this paper designs and implements an online attack detection and mitigation SDN defense system. The SDN defense system consists of two modules: anomaly detection module and mitigation module. The anomaly detection model uses a lightweight hybrid deep learning method—Convolutional Neural Network and Extreme Learning Machine (CNN-ELM) for anomaly detection of traffic. The mitigation model uses IP traceback to locate the attacker and effectively filters out abnormal traffic by sending flow rule commands from the controller. Finally, we evaluate the SDN defense system. The experimental results show that the SDN defense system can accurately identify and effectively mitigate DDoS attack flows in real-time.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kuan-Yin Chen,Sen Liu,Yang Xu,Ishant Kumar Siddhrau,Siyu Zhou,Zehua Guo,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2021.3105187

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:Software-defined networking (SDN) is increasingly popular in today's information technology industry, but existing SDN control plane is insufficiently scalable to support on-demand, high-frequency flow requests. Weaknesses along SDN control paths can be exploited by malicious third parties to launch distributed denial-of-service (DDoS) attacks against the SDN control plane. Recently proposed solutions only partially solve the problem, by protecting either the SDN network edges or the centralized controller. We propose SDNShield, a solution based on emerging network function virtualization (NFV) technologies, which enforces more comprehensive defense against potential DDoS attacks on SDN control plane. SDNShield incorporates a three-stage overload control scheme. The first stage statistically identifies legitimate flows with low complexity and performance overhead. The second stage further performs in-depth TCP handshake verification to ensure good flows are eventually served. The third stage intellectually salvages the misclassified legitimate flows that are falsely dropped from the first two stages. Prototype tests and real data-driven simulation results show that SDNShield can achieve high resilience against brute-force attacks, and maintain good flow-level service quality at the same time.

Yawar Abbas Abid,Jinsong Wu,Guangquan Xu,Shihui Fu,Muhammad Waqas

DOI: https://doi.org/10.1109/jiot.2024.3376578

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the increasing rates of interconnected Internet of Things (IoT) devices within Software-Defined Networking (SDN) environments, distributed denial of service (DDoS) attacks have become increasingly common. As a result of this challenge, novel detection and classification methods must be developed based on the unique characteristics of SDN-supported IoT networks. This paper proposes a novel approach to detecting and categorizing DDoS attacks that has been optimized specifically for such environments. As part of our methodology, we integrate convolutional neural networks (CNN) and long-short-term memory (LSTM) models into a multilevel deep neural network architecture. With this hybrid architecture, complex spatial and temporal patterns can be automatically extracted from raw network traffic data to facilitate comprehensive analysis and accurate identification of DDoS attacks. We validate the efficacy and superiority of our proposed approach over traditional machine learning algorithms by conducting rigorous experiments on real-world datasets. Our findings underscore the potential of the multi-level deep neural network approach as a robust and scalable solution for mitigating DDoS attacks in SDN-supported IoT networks. By improving network security and resilience to evolving threats, our methodology contributes to safeguarding critical infrastructures in the era of interconnected IoT ecosystems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Baswaraju Swathi,Soma Sekhar Kolisetty,G Venkata Sivanarayana,Srinivasa Rao Battula

DOI: https://doi.org/10.1007/s10586-024-04498-0

2024-05-11

Cluster Computing

Abstract:Traditional network administration required manual programming of routing policies and related parameters on specific routers and switches, which was expensive. Therefore, software-defined networking (SDN) technology has been introduced, which has boosted flexibility and decreased hardware development costs by centralizing network management. Since intrusion detection is vital in the SDN environment, this centralized architecture makes information security vulnerable to network threats. To evaluate and recognize these attacks, many researchers have recently adopted cutting-edge approaches like machine learning. However, most of these methods are not very accurate and scalable. To address this issue, this paper proposes an EfficientNetV2-RegNet-based effective deep learning technique. It effectively extracted the network features and classified the intrusions in SDN-based IoT (Internet of Things). Afterwards, an effective mitigation process was performed by a remote SDN controller to mitigate the assaults and reconfigure the network resources for trusted network hosts. Furthermore, the Conditional Generative Adversarial Network (CGAN) based data augmentation approach efficiently tackles the data imbalance issue. The most recent realistic datasets, named InSDN and IoT-23, were utilized to train and assess the presented framework to validate its efficiency. The results of the experiments demonstrated that the suggested system surpassed competitors in identifying various attack types and achieved 99.53 and 99.56% accuracy for IoT-23 and InSDN datasets, correspondingly.

computer science, information systems, theory & methods