A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

Yu, Shanshan; Zhang, Jicheng; Ju, Liu; Zhang, Xiaoqing; Li, Yafeng; Xu, Tianfeng

doi:10.1186/s13638-021-01957-9

Cited by 23 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An in-depth study about scalability in a real large-scale environment will be necessary. We do not believe that running part of the algorithm on the endpoints is a solution as proposed by Yu et al (2021). One possibility is to consider a distributed SDN controller architectures as indicated in Oktian et al (2017).…”

Section: Discussionmentioning

confidence: 99%

“…One possibility is to consider a distributed SDN controller architectures as indicated in Oktian et al (2017). We can use distributed SDN controller architecture and use Commercial off-the-shelf (COTS) SDN switches and its standard functions, instead of Yu et al (2021) proposal to calculate the entropy on edge nodes to easy central controller. Besides the scalability, the distributed controller approach provides a fault-tolerant architecture Obadia et al (2014), which would be the optimal solution for large complex network infrastructures.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)

Linhares

Patel

Barros

et al. 2022

Preprint

View full text Add to dashboard Cite

Software-Defined Networks (SDN) are becoming a trending technology in the modern Internet by splitting control and data planes and using a central controller. A SDN controller provides flexible flows management at wire-speed packet forwarding. The centralized control gives an opportunity to implement detection and mitigation security attacks inside the SDN controller. Typically, Distributed Denial of Service (DDoS) attacks poses an immense threat to the Internet security. However, the prediction and prevention of DDoS attacks in SDN environments are a huge challenge. In this paper, we introduce a mechanism to mitigate DDoS attacks in SDN using statistical analysis and traffic entropy. To validate the proposal, a prototype was built in Mininet tool. The accuracy and training time were compared against different Machine Learning algorithms. Finally, we expound about the effectiveness and limitation of the proposed solution as well indicate further research opportunities.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)

Linhares

Patel

Barros

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…SAFETY uses an entropy-based detection mechanism to mitigate TCP SYN flooding attacks in SDN [ 8 ]. The ensemble learning techniques are introduced to cooperatively detect DoS attacks in SDN [ 9 ]. A generalized entropy (GE) is introduced to detect the low-rate DDoS attacks on the control plane [ 10 ].…”

Section: Related Workmentioning

confidence: 99%

DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking

Wang,

Zhao,

Zhi

et al. 2023

Sensors

View full text Add to dashboard Cite

The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaust the resources of the control plane and overload the infrastructure of SDN networks. To mitigate TCP DoS attacks, DoSDefender is proposed as an efficient kernel-mode TCP DoS prevention framework in the data plane for SDN. It can prevent TCP DoS attacks from entering SDN by verifying the validity of the attempts to establish a TCP connection from the source, migrating the connection, and relaying the packets between the source and the destination in kernel space. DoSDefender conforms to the de facto standard SDN protocol, the OpenFlow policy, which requires no additional devices and no modifications in the control plane. Experimental results show that DoSDefender can effectively prevent TCP DoS attacks in low computing consumption while maintaining low connection delay and high packet forwarding throughput.

show abstract

“…The proposed entropy mechanism compares the entropy flow values of source and destination IP addresses that are detected by the SDN controller to predefined entropy threshold values that change adaptively based on network dynamics [8]. In this regard, some of the entropy-based DDoS attack detection solutions are located in various studies and explained in the following section [9][10][11][12][13][14][15][16].…”

Section: Introductionmentioning

confidence: 99%

DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN

Gebremeskel

Adere

Krishna

et al. 2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

show abstract

A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

Cited by 23 publications

References 28 publications

SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)

SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)

DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking

DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN

Contact Info

Product

Resources

About