Naziya Aslam,Shashank Srivastava,M. M. Gore

DOI: https://doi.org/10.1002/ett.4534

IF: 3.6

2022-05-24

Transactions on Emerging Telecommunications Technologies

Abstract:The programmable behavior of Software‐Defined Networking (SDN) enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. Unfortunately, SDN suffers from the threat of DDoS attacks. We have developed an approach to detect and mitigate these threats in SDN by creating an ONOS Flood Defender application (OFD app). This app effectively detects DDoS attacks using machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system and efficiently mitigates the attacks, preventing a tremendous amount of damage to legitimate users. Software‐Defined Networking (SDN) has made its place in the networks as new technology. SDN's programmable behavior enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. However, SDN suffers from the threat of DDoS attack. We have developed an approach to mitigate these threats by creating an ONOS Flood Defender Application (OFD App). This app effectively detects DDoS attack using supervised and ensemble machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. Our results show that ensemble machine learning techniques perform better than single machine learning algorithm to detect DDoS attack. Random Forest classifier (RFC), an ensemble technique, performs best with the highest accuracy of 99.3% in detecting DDoS attack, followed by XGBoost classifier with an accuracy of 99%. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system. Our app efficiently mitigates the attacks, thereby preventing a tremendous amount of damage to legitimate users.

telecommunications

Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Amran Mansoor,Mohammed Anbar,Abdullah Ahmed Bahashwan,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.3390/systems11060296

2023-06-09

Systems

Abstract:The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

Naziya Aslam,Shashank Srivastava,M.M. Gore

DOI: https://doi.org/10.1016/j.compeleceng.2024.109282

IF: 4.152

2024-05-17

Computers & Electrical Engineering

Abstract:Software-Defined Networking (SDN) enhances network management and efficiency and is particularly effective in defending against Distributed Denial of Service (DDoS) attack through its centralized structure. Our proposed DDoS SourceTracer Application utilizes SDN to efficiently identify and mitigate DDoS attack by employing tracebacking and clustering techniques. This application uses supervised and ensemble machine learning algorithms for attack detection, and feature selection methods like the Chi-square test, ANOVA (Analysis of Variance) F-test, Correlation matrix, and Extra tree classifier to optimize the feature set. Our results show that the clustering approach outperforms traditional methods like rate limiting and blocking and effectively mitigates the attack in just 3.5 s. We used the sFlow-RT tool on the Zoo topology to perform real-time analysis and validate our application's effectiveness during attack and normal traffic. This tool analyzes how attack traffic is impacted when using clustering and tracebacking methods to mitigate DDoS attack.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Gottapu Sankara Rao,P. Krishna Subbarao

DOI: https://doi.org/10.17762/ijritcc.v11i9.8340

2023-10-27

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:One of the most serious threat to network security is Denial of service (DOS) attacks. Internet and computer networks are now important parts of our businesses and daily lives. Malicious actions have become more common as our reliance on computers and communication networks has grown. Network threats are a big problem in the way people communicate today. To make sure that the networks work well and that users' information is safe, the network data must be watched and analysed to find malicious activities and attacks. Flooding may be the simplest DDoS assault. Computer networks and services are vulnerable to DoS and DDoS attacks. These assaults flood target systems with malicious traffic, making them unreachable to genuine users. The work aims to enhance the resilience of network infrastructures against these attacks and ensure uninterrupted service delivery. This research develops and evaluates enhanced DoS/DDoS detection methods. DoS attacks usually stop or slow down legal computer or network use. Denial-of-service (DoS) attacks prevent genuine users from accessing and using information systems and resources. The OSI model's layers make up the computer network. Different types of DDoS strikes target different layers. The Network Layer can be broken by using ICMP Floods or Smurf Attacks. The Transport layer can be attacked using UDP Floods, TCP Connection Exhaustion, and SYN Floods. HTTP-encrypted attacks can be used to get through to the application layer. DoS/DDoS attacks are malicious attacks. Protect network data from harm. Computer network services are increasingly threatened by DoS/DDoS attacks. Machine learning may detect prior DoS/DDoS attacks. DoS/DDoS attacks proliferate online and via social media. Network security is IT's top priority. DoS and DDoS assaults include ICMP, UDP, and the more prevalent TCP flood attacks. These strikes must be identified and stopped immediately. In this work, a stacking ensemble method is suggested for detecting DoS/DDoS attacks so that our networked data doesn't get any worse. This paper used a method called "Ensemble of classifiers," in which each class uses a different way to learn. In proposed methodology Experiment#1 , I used the Home Wifi Network Traffic Collected and generated own Dataset named it as MywifiNetwork.csv, whereas in proposed methodology Experiment#2, I used the kaggle repository “NSL-KDD benchmark dataset” to perform experiments in order to find detection accuracy of dos attack detection using python language in jupyter notebook. The system detects attack-type or legitimate-type of network traffic during detection ML classification methods are used to compare how well the suggested system works. The results show that when the ensembled stacking learning model is used, 99% of the time it is able to find the problem. In proposed methodology two Experiments are implemented for comparing detection accuracy with the existing techniques. Compared to other measuring methods, we get a big step forward in finding attacks. So, our model gives a lot of faith in securing these networks. This paper will analyse the behaviour of network traffics.

Ancy Sherin Jose,Latha R Nair,Varghese Paul

DOI: https://doi.org/10.47059/revistageintec.v11i4.2411

2021-07-29

Revista Gestão Inovação e Tecnologias

Abstract:Distributed Denial of Service Attack (DDoS) has emerged as a major threat to cyber space. A DDoS attack aims at exhausting the resources of the victim causing financial and reputational damages to it. The availability of free software make launching of DDoS attacks easy. The difficulty in differentiating a DDoS traffic from a legitimate traffic burst such as a flash crowd makes DDoS difficult to be identified. A wide range of techniques have been used in conventional networks to detect and mitigate DDoS attacks. Though the advent of Software Defined Networking (SDN) makes a network easy to be managed even SDN is vulnerable to DDoS attacks. In this case, the controller of the SDN gets overloaded with the incoming packets from the switches. In fact, a solution based on security analytics can be put in place to ward off this threat as a proactive security measure using the flow level statistics available from the SDN. Compared to the packet analysis used in traditional networks which is resource expensive the flow level statistics is relatively inexpensive. This paper focuses on the design and implementation of an attack detection system for detecting the flooding DDoS attacks TCP SYN flooding attacks, HTTP request flooding attacks, UDP flooding attacks and ICMP flooding attacks over SDN network traffic. The system uses various classification algorithms to classify a traffic into normal or attack. The feature sets for classification were arrived at using a feature selection module with ANOVA (Analysis of Variance) F-Test statistical method. Performance evaluation of each of the classifiers was carried out for the three feature sets obtained from the feature selection module using various performance measures and the results have been tabulated. The feature set which gives the best performance in detecting malicious traffic has been identified.

Nisha Ahuja,Debajyoti Mukhopadhyay,Gaurav Singal

DOI: https://doi.org/10.1007/s00779-023-01785-2

2024-01-25

Personal and Ubiquitous Computing

Abstract:Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.

computer science, information systems,telecommunications

Manish Kumar Rajak,Ravindra Tiwari

DOI: https://doi.org/10.15680/ijircce.2024.1203507

2024-03-25

International Journal of Innovative Research in Computer and Communication Engineering

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS- attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Ashfaq Ahmad Najar,S. Manohar Naik

DOI: https://doi.org/10.1016/j.cose.2024.103716

IF: 5.105

2024-01-26

Computers & Security

Abstract:Software Defined Networking (SDN) has become popular due to its flexibility and agility in network management, enabling rapid adaptation to changing business requirements, enhancing network performance, and reducing operational costs. However, the ubiquity of internet-based services has given rise to an alarming increase in cyber-attacks, posing serious threats to the security and stability of modern networks. Among these attacks, Distributed Denial of Service (DDoS) attacks have emerged as one of the most devastating, capable of disrupting critical services. Recent studies have shown that Deep Learning (DL) techniques with Software-defined networking have the potential to mitigate these threats effectively. However, existing solutions suffer from issues such as reliance on pre-defined rules and signatures, computational efficiency, low detection rates, and inefficient notification mechanisms, making them ineffective in detecting DDoS attacks. This paper proposes an efficient approach (BRS + CNN) using Balanced Random Sampling (BRS) and Convolutional Neural Networks (CNNs) to detect DDoS attacks in SDN environments. We have applied various mitigation techniques to mitigate these threats, such as filtering, rate limiting, and iptables rule for blocking spoofed IPs. In addition, we introduce a monitoring system that utilizes rate-limiting to oversee blocked IP addresses, ensuring that legitimate traffic is processed efficiently. The proposed model achieves high performance in binary and multi-classification, with an accuracy of over 99.99% for binary classification and 98.64% for multi-classification. Our proposed DDoS detection system not only detects the attack but also sends detailed contextual information to a designated email address. We compare our model with existing literature and demonstrate its superiority using Area Under The Curve (AUC) analysis. Moreover, we evaluated the efficiency and effectiveness of our proposed DDoS mitigation system by conducting a series of experiments across three distinct scenarios: Attack-Free, Attack-No Mitigation, and Attack-Mitigation. These results demonstrate the robustness of our proposed mitigation system in effectively combating DDoS attacks while also safeguarding the seamless continuity of regular network operations.

computer science, information systems

Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Ahmad Hamarshe,Huthaifa I. Ashqar,Mohammad Hamarsheh

DOI: https://doi.org/10.48550/arXiv.2303.06513

IF: 5.414

2023-03-11

Machine Learning

Abstract:The concept of Software Defined Networking (SDN) represents a modern approach to networking that separates the control plane from the data plane through network abstraction, resulting in a flexible, programmable and dynamic architecture compared to traditional networks. The separation of control and data planes has led to a high degree of network resilience, but has also given rise to new security risks, including the threat of distributed denial-of-service (DDoS) attacks, which pose a new challenge in the SDN environment. In this paper, the effectiveness of using machine learning algorithms to detect distributed denial-of-service (DDoS) attacks in software-defined networking (SDN) environments is investigated. Four algorithms, including Random Forest, Decision Tree, Support Vector Machine, and XGBoost, were tested on the CICDDoS2019 dataset, with the timestamp feature dropped among others. Performance was assessed by measures of accuracy, recall, accuracy, and F1 score, with the Random Forest algorithm having the highest accuracy, at 68.9%. The results indicate that ML-based detection is a more accurate and effective method for identifying DDoS attacks in SDN, despite the computational requirements of non-parametric algorithms.

Uakomba Mbasuva,Guy-Alain Lusilao Zodi

DOI: https://doi.org/10.1109/imcom53663.2022.9721785

2022-01-03

Abstract:Software Defined Networks (SDN) is gaining popularity in academia and the industry. This is due to SDNs ease of programmability, flexibility and centralized management. These networking features allow network administrators and programmers to easily monitor and control the entire network, at a limited cost. However, because of its centralized architecture, the controller becomes a single point of failure. This vulnerability makes it a target to cyber-attacks, but more specifically to Distributed Denial of Service (DDoS) attacks. The DDoS attack may target the SDN network controller in order to disrupt the entire network, causing network resources unavailable to legitimate users. Hence, in this work, we propose an ensemble Deep Learning (DL) Intrusion Detection System (IDS) to detect DDoS attack traffic in SDNs. Our proposed approach build an ensemble of Convolutional Neural Network (CNN), Deep Neural Network (DNN) and Recurrent Neural Network (RNN) model. To train the model, we use feature selection techniques from the literature and utilized the Canadian Institute for Cybersecurity Intrusion Detection System (CIC-IDS2017) as the evaluation dataset. The performance of the proposed model is compared with existing models, and from the results, it is observed that our proposed ensemble deep learning model performs better than ensemble CNN, ensemble RNN and ensemble voting.

Tewelde Gebremedhin Gebremeskel,Ketema Adere Gemeda,T. Gopi Krishna,Perumalla Janaki Ramulu

DOI: https://doi.org/10.1155/2023/9965945

2023-06-24

Wireless Communications and Mobile Computing

Abstract:A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

computer science, information systems,telecommunications,engineering, electrical & electronic

P. Arun Raj Kumar,S. Selvakumar

DOI: https://doi.org/10.1016/j.comcom.2012.09.010

IF: 5.047

2013-02-01

Computer Communications

Abstract:A DDoS attack is the most prevalent threat, viz., flooding the computing and communication resources in order to make the service unavailable for legitimate users, since a decade and continues to be threatening till date. Therefore, these critical resources must be protected against the DDoS attacks. The detection of DDoS attacks requires adaptive and incremental learning classifier, less computational complexity, and accurate decision making from uncertain information. Hence, the DDoS attacks could be detected using existing soft computing techniques such as fuzzy logic, neural networks, and genetic algorithms. Fuzzy logic has the advantage of interpreting the rules well but it suffers from the disadvantage of not able to acquire the rules automatically. The neural networks generalize the network well but they cannot interpret the rules. Genetic algorithm provides optimal solutions but the time complexity is high. Hybrid methods, Neuro-fuzzy and genetic fuzzy have been proposed to overcome the drawbacks of interpretability and manual rules acquisition. In this paper, adaptive and hybrid neuro-fuzzy systems were proposed as subsystems of the ensemble. Sugeno type Adaptive Neuro-Fuzzy Inference System (ANFIS) has been chosen as a base classifier for our research as Mamdani type ANFIS is not suitable for real time due to its high computational complexity and non-adaptiveness to extract exact knowledge from the dataset. Single classifier makes error on different training samples. So, by creating an ensemble of classifiers and combining their outputs, the total error can be reduced and the detection accuracy can be increased. Improvement in the performance of ANFIS ensemble is the focus of this paper. Our proposed DDoS classification algorithm, NFBoost, differs from the existing methods in weight update distribution strategy, error cost minimization, and ensemble output combination method, but resembles similar in classifier weight assignment and error computation. Our proposed NFBoost algorithm is achieved by combining ensemble of classifier outputs and Neyman Pearson cost minimization strategy, for final classification decision. Publicly available datasets such as KDD Cup, CAIDA DDOS Attack 2007, CONFICKER worm, UNINA traffic traces, and UCI Datasets were used for the simulation experiments. NFBoost was trained and tested with the publicly available datasets and our own SSE Lab1All hosts in SSE Lab are connected through a backbone bandwidth of 1Gbps and to different sites through a 2Mbps MPLS VPN cloud.1 SSENET 2011 datasets. Detection accuracy and Cost per sample were the two metrics used to analyze the performance of the NFBoost classification algorithm and were compared with bagging, boosting, and AdaBoost algorithms. From the simulation results, it is evident that NFBoost algorithm achieves high detection accuracy (99.2%) with fewer false alarms. Cost per instance is also very less for the NFBoost algorithm compared to the existing algorithms. NFBoost algorithm outperforms the existing ensemble algorithms with a maximum gain of 8.4% and a minimum gain of 1.1%.

computer science, information systems,telecommunications,engineering, electrical & electronic

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

Anupama Mishra,Neena Gupta,Brij B. Gupta

DOI: https://doi.org/10.1007/s11235-022-00981-4

2022-12-15

Telecommunication Systems

Abstract:Distributed denial of service attacks are common and very severe threat to various computing technology like Cloud, IoT and Blockchain because of the disruption they cause to the services that are provided. Many different types of DDoS attacks are there, each with a unique action, making it difficult for network monitoring and control systems to identify and prevent them. The objective of this research work is to explore and select a set of data to represent DDoS attack events and attack traffic information. A pre-processing phase is used to clean and transform the data, and afterwards the generation of a model of machine learning for multi-class classification is done. This is carried out to identify the various classification of different types of DDoS attacks. We have used CIC dataset for the experiment which contains all types of DDoS attack and huge in number of records. Random Forest, Support Vector Machine, Naive Bayes, Decision Tree, XGBoost, and AdaBoost are six different types of machine learning algorithms employed in this research. FRom the results, AdaBoost achieves the best accuracy of 99.87% in 27.4 s of computation time. Naive Bayes has the fastest computing time (3.2 s) with 94.15% accuracy, where as Support Vector Machine has the slowest time, a lazy learner (229m26s for training and 0.2 s for prediction) and has the low accuracy (95.73%).

telecommunications

Huseyin Polat,Onur Polat,Aydin Cetin

DOI: https://doi.org/10.3390/su12031035

IF: 3.9

2020-02-01

Sustainability

Abstract:Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

environmental sciences,environmental studies,green & sustainable science & technology

Yonghong Wang,Xiaofeng Wang,Mazeyanti Mohd Ariffin,Masoumeh Abolfathi,Abdulmajeed Alqhatani,Laila Almutairi

DOI: https://doi.org/10.1016/j.compeleceng.2023.108655

2023-05-01

Abstract:The Software-Defined Network (SDN) provides a more flexible and effectively managed network design for next-generation networking. Network managers can easily manage and regulate the entire network using its programmable central controller architecture. This central controller serves as the focal point for numerous attack vectors due to its centralized structure. However, Distributed Denial of Service (DDoS) attacks against the SDN is the most prominent. The goal of this project is to use a machine learning method to categorize SDN traffic as either attack or normal traffic. Next, the Feature Selection method, such as the Filter-based Fisher score method, Wrapper-based method, and analysis of variables (ANOVA) f-test, is used for finely-granulated detection. Then, a rule-based detection method using the Renyi joint entropy algorithm is employed to detect DDoS attacks on SDN controllers. We manage a public "DDoS attack SDN Dataset" with 23 attributes overall. The dataset includes normal and attack traffic for the Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), and Transmission Control Protocol (TCP). Except for attributes that specify the target and source machines, the dataset, which contains more than 100,000 recordings, has statistical features such as byte count, duration sec, packet rate, and packet per flow. In the classification process, many classifiers such as Artificial Neural Network (ANN), XGBoost (XGB), Support Vector Machine (SVM), and k-Nearest Neighbor (k-NN) were used. The test results demonstrated the efficacy and efficiency of the suggested strategy using the analysis of variables (ANOVA), which performed better than competing methods across a range of evaluation parameters.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Zhenpeng Liu,Yihang Wang,Fan Feng,Yifan Liu,Zelin Li,Yawei Shan

DOI: https://doi.org/10.3390/s23136176

IF: 3.9

2023-07-06

Sensors

Abstract:Distributed denial-of-service (DDoS) attacks pose a significant cybersecurity threat to software-defined networks (SDNs). This paper proposes a feature-engineering- and machine-learning-based approach to detect DDoS attacks in SDNs. First, the CSE-CIC-IDS2018 dataset was cleaned and normalized, and the optimal feature subset was found using an improved binary grey wolf optimization algorithm. Next, the optimal feature subset was trained and tested in Random Forest (RF), Support Vector Machine (SVM), K-Nearest Neighbor (k-NN), Decision Tree, and XGBoost machine learning algorithms, from which the best classifier was selected for DDoS attack detection and deployed in the SDN controller. The results show that RF performs best when compared across several performance metrics (e.g., accuracy, precision, recall, F1 and AUC values). We also explore the comparison between different models and algorithms. The results show that our proposed method performed the best and can effectively detect and identify DDoS attacks in SDNs, providing a new idea and solution for the security of SDNs.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation