DDoS Attack Detection in Software Defined Networks by Various Metrics

Noor    Raad    Saadallah; Sahar    Abdul Aziz    Al-Talib; Fahad    Layth    Malallah

doi:10.2174/1872212115666210714143008

Abstract

Background: Software-Defined Networks (SDNs) are a new architectural approach to smart centralized control networks that were introduced alongside Open Flow in 2011. SDNs are programmed using software applications that help operators manage the network in a fully consistent and comprehensive way. Centralization in these networks is considered a weakness, especially if it is accessed by a Distributed Denial of Service (DDoS) attack - which is the process of uploading huge floods of various sorts of traffic to a website, from multiple sources, in order to make it and its services inaccessible to users.

Methods: In our current research, we will build an SDN through a Mininet virtualization simulator, and by using Python. A DDoS attack will be detected depending on two facts: firstly, Traffic State - which normally sees traffic packets sent at around 30 packets per second (DDoS packets are about 250 packets per second and will completely disrupt the network if the attack persists). Secondly, the number of IP Hits. The method used in the research appears very effective in detecting DDoS, according to the results we have achieved.

Results: The proposed performance of the system: The Precision (PREC), Recall (REC), and FMeasure (F1) metrics have been used for assessment.

Conclusion: The novelty of the current research lies in the detection of penetration in SDN networks, by calculating the number of hits by the hacker's device and the number of times they enter the main device in the network, in addition to the large amount of data sent by the hacker's device to the network. The experimental results are promising as compared with the datasets like CIC-DoS, CICIDS2017, CSE-CIC-IDS2018, and customized dataset. The results ranged between 90% and 96%.

Keywords: Software-defined networks, distributed denial of service attack, controller plane, data plane, detection software, centralized control networks.

Graphical Abstract

[1] 
William Stallings  ,  Foundations of modern networking SDN, NFV, QoE, IoT, and cloud.Pearson Education, Inc., 2016.
[2] 
N. Ahuja,  and G. Singal, DDOS attack detection & prevention in sdn using openflow statistics, IEEE 9th International Conference  on Advanced Computing (IACC), Tiruchirappalli, India , 2019, pp. 147-152.
[http://dx.doi.org/10.1109/IACC48062.2019.8971596] 
[3] 
J.A. Wickboldt, W.P. De Jesus, P.H. Isolani, C.B. Both, J. Rochol,  and L.Z. Granville, "Software-defined networking: management requirements and challenges", IEEE Communications Magazine, vol. 53, no. 1, pp. 278-285, 2016.
[4] 
H. Isolani Pedro, A. Wickboldt Juliano,  and B. Cristiano, Rochol  Juergen, and Granville Lisandro Z., ""Interactive monitoring, visualization,  and configuration of OpenFlow-based SDN IFIP/IEEE  International Symposium on Integrated Network Management  (IM), Lisbon, Portugal,, 2015, pp. 207-215.
[5] 
M.S. Nishtha, Software defined network – Architectures  International  Conference Distributed and Grid Computing (PDGC), Parallel,  Solan, India,, 2014, pp. 451-456.
[http://dx.doi.org/10.1109/PDGC.2014.7030788] 
[6] 
Haleplidis Evangelos &, Pentikousis Kostas &, Denazis Spyros &, Salim Jamal &, Meyer David &,  and Koufopavlou Odysseas &, RFC 7426: Software-Defined Networking (SDN)., Layers and Architecture Terminology. IRTF, 2015.
[7] 
B. Lantz, B. Heller,  and Mc. Keown, A network in a laptop: rapid prototyping for software-defined networksProceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks NewYork, USA, 2010, p. 19.
[http://dx.doi.org/10.1145/1868447.1868466] 
[8] 
K. Saravanan,  and R. Asokan, "Distributed Denial of Service (DDOS) attacks detection mechanism", Int. J. Comput. Sci. Eng.  Info. Technol. (IJCSEIT), vol. 1, no. No.5, 2011.
[9] 
S. Behal, K. Kumar,  and M. Sachdeva, "D-face: an anomaly based distributed approach for early detection of DDoS attacks and flash events", J. Netw. Comput. Appl., vol. 111, pp. 49-63, 2018.
[http://dx.doi.org/10.1016/j.jnca.2018.03.024] 
[10] 
 de Lima Filho Francisco Sales A.F., "Silveira Frederico, de Medeiros Brito Junior Agostinho, Vargas-Solar Genoveva, and F. Silveira Luiz, “Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning””, Secur. Commun. Netw", In: Hindawi, vol. 2019. 2019., 1574749.
[11] 
J. Pei, Y. Chen,  and W. Ji, "A DDOS attack detection method based on machine learning", , IOP  Conf. Series J. Phy.: Conf. Series,, vol.  1237  no.3, 2019.
[http://dx.doi.org/10.1088/1742-6596/1237/3/032040] 
[12] 
D. Yuan, X. Chang, P-Y. Huang, Q. Liu,  and Z. He, "Self-supervised deep correlation tracking", IEEE Trans. Image Process., vol. 30, pp. 976-985, 2021.
[http://dx.doi.org/10.1109/TIP.2020.3037518] [PMID:  33259298] 
[13] 
W.K. Di Yuan,  and Z. He, "Robust visual tracking with correlation filters and metric learning", Knowl. Base. Syst, vol. 195, 2020.
[http://dx.doi.org/10.1016/j.knosys.2020.105697] 
[14] 
N.F. Di Yuan,  and Z. He, "“Learning target-focusing convolutional regression model for visual object tracking”, Knowl.-", Based Sys., vol. 194, 2020., e105526.
[http://dx.doi.org/10.1016/j.knosys.2020.105526] 
[15] 
D. Yuan, "TRBACF: Learning temporal regularized correlation filters for high performance online visual object tracking", J. Vis. Commun. Image Represent., vol. 72, 2020., e102882.
[http://dx.doi.org/10.1016/j.jvcir.2020.102882] 
[16] 
Q. Zheng, M. Yang, J. Yang, Q. Zhang,  and X. Zhang, "Improvement of generalization ability of deep cnn via implicit regularization in two-stage training process", IEEE Access, vol. 6, pp. 15844-15869, 2018.
[http://dx.doi.org/10.1109/ACCESS.2018.2810849] 
[17] 
Q. Zheng, Layer-wise Learning Based Stochastic Gradient Descent Method for the Optimization of Deep Convolutional Neural Network, vol. 1, no. 4, pp. 5641-5654, 2019.
[18] 
Q. Zheng, X. Tian,  and M. Yang, "PAC-Bayesian framework based drop-path method for 2D discriminative convolutional network prun-ing", Multidimens. Syst. Signal Process., vol. 31, pp. 793-827, 2020.
[http://dx.doi.org/10.1007/s11045-019-00686-z] 
[19] 
Z. Qinghe, Y. Mingqiang, T. Xinyu, J. Nan,  and W. Deqiang, "A full stage data augmentation method in deep convolutional neural network for natural image classification", Discrete Dyn. Nat. Soc., pp. 1-11, 2020.
[http://dx.doi.org/10.1155/2020/4706576] 
[20] 
Z. Qinghe, Z. Penghui, L. Yang,  Wang Hongjun ,  and Yang. Yang, "Spectrum interference-based two-level data augmentation method in deep learning for automatic modulation classification", Neural Proces. Appl, 2020.
[http://dx.doi.org/10.1007/s00521-020-05514-1] 
[21] 
H. Polat, P. Onur,  and C. Aydin, "“Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models”, Sustain. —", Open Acc. J., vol. 12, p. 1035, 2020.
[22] 
B. Abubakar,  and O. Yahya, "Modelling and simulation of DDOS Attack using SimEvents", Int. J. Sci. Res. Netw. Secur. Commun., vol. 1, no. 2, pp. 5-14, 2013.
[23] 
M. Jelena, M. Janice,  and R. Peter, A taxonomy of DDoS attack and DDoS Defense mechanisms ACM SIGCOMM Comput.  Commun. Rev., 2004.
[24] 
W.A.N.G. Wendong, H.U. Yannan, Q.U.E. Xirong,  and G.O.N.G. Xiangyang, "Autonomicity design in openflow based software defined networking ",  GC'12 Workshop: The 4th IEEE International Workshop on Management of Emerging Networks and Services 2012 IEEE, 2012.
[http://dx.doi.org/10.1109/GLOCOMW.2012.6477681] 
[25] 
B. Lantz, B. Heller,  and N. McKeown, "A network in a laptop: rapidprototyping for software-defined networks", Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks California, USA, 2010.
[26] 
"The Openflow Switch", openflowswitch.org 2010", 
[27] 
J. Shah, " Implementation and Performance Analysis of Firewall on Open vSwitch"", M.Sc. Thesis, Faculty of Computer Science, ", Technical University at Munich,, 2015.
[28] 
H. Wang, C. Jin,  and G. Shin Kang, "Defense against spoofed ip traffic using hop-count filtering", Ieee/acm transactions on networking,, vol. 15, no. 1, 2007.
[29] 
M. Fernandez, Evaluating OpenFlow controller paradigms ICN 2013, The Twelfth International Conference on Networks Seville, Spain, 2013, pp. 151-157.

Rights & Permissions Print Cite

Article Metrics

12

1

Journal Information

For Authors

For Editors

For Reviewers

Explore Articles

Open Access

Open Access Articles

For Visitors

DOI https://dx.doi.org/10.2174/1872212115666210714143008	Print ISSN 1872-2121
Publisher Name Bentham Science Publisher	Online ISSN 2212-4047

Recent Patents on Engineering

DDoS Attack Detection in Software Defined Networks by Various Metrics

Abstract Play Pause

Graphical Abstract

Related Journals

Related Books

Abstract