Computer networks become complex and dynamic structures. As a result of this fact, the configuration and the managing of this whole structure is a challenging activity. Software-Defined Networks(SDN) is a new network paradigm that, through an abstraction of network plans, seeks to separate the control plane and data plane, and tends as an objective to overcome the limitations in terms of network infrastructure configuration. As in the traditional network environment, the SDN environment is also liable to security vulnerabilities. This work presents a system of detection and mitigation of Distributed Denial of Service (DDoS) attacks and Portscan attacks in SDN environments (LSTM-FUZZY). The LSTM-FUZZY system presented in this work has three distinct phases: characterization, anomaly detection, and mitigation. The system was tested in two scenarios. In the first scenario, we applied IP flows collected from the SDN Floodlight controllers through emulation on Mininet. On the other hand, in the second scenario, the CICDDoS 2019 dataset was applied. The results gained show that the efficiency of the system to assist in network management, detect and mitigate the occurrence of the attacks.
Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. We compared our model with other deep learning techniques.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.