A New Framework for DDoS Attack Detection and Defense in SDN Environment

Tan, Liang; Pan, Y.; Wu, Jing; Zhou, Jianguo; Jiang, Hao; Deng, Yuchuan

doi:10.1109/access.2020.3021435

Cited by 116 publications

(49 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SDN can be enhanced to fog computing and it is programmable. It is used as a framework for flow-based anomaly detection but still, it needs intelligence to avoid attacks presented by Tan et al [1]. e attack packet is classified by the use of Machine Learning (ML) in SDN environment by Santos et al [2].…”

Section: Introductionmentioning

confidence: 99%

Software Defined Network Enabled Fog-to-Things Hybrid Deep Learning Driven Cyber Threat Detection System

Ullah

Raza

Ali

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Software Defined Network (SDN) is a next-generation networking architecture and its power lies in centralized control intelligence. The control plane of SDN can be extended to many underlying networks such as fog to Internet of Things (IoT). The fog-to-IoT is currently a promising architecture to manage a real-time large amount of data. However, most of the fog-to-IoT devices are resource-constrained and devices are widespread that can be potentially targeted with cyber-attacks. The evolving cyber-attacks are still an arresting challenge in the fog-to-IoT environment such as Denial of Service (DoS), Distributed Denial of Service (DDoS), Infiltration, malware, and botnets attacks. They can target varied fog-to-IoT agents and the whole network of organizations. The authors propose a deep learning (DL) driven SDN-enabled architecture for sophisticated cyber-attacks detection in fog-to-IoT environment to identify new attacks targeting IoT devices as well as other threats. The extensive simulations have been carried out using various DL algorithms and current state-of-the-art Coburg Intrusion Detection Data Set (CIDDS-001) flow-based dataset. For better analysis five DL models are compared including constructed hybrid DL models to distinguish the DL model with the best performance. The results show that proposed Long Short-Term Memory (LSTM) hybrid model outperforms other DL models in terms of detection accuracy and response time. To show unbiased results 10-fold cross-validation is performed. The proposed framework is so effective that it can detect several types of cyber-attacks with 99.92% accuracy rate in multiclass classification.

show abstract

Section: Introductionmentioning

confidence: 99%

Software Defined Network Enabled Fog-to-Things Hybrid Deep Learning Driven Cyber Threat Detection System

Ullah

Raza

Ali

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Tan et al [234] suggest a hybrid DDoS detection trigger mechanism by merging K-Means and KNN on the SDN data plane. This technique counts the rate at which packet_in messages are sent on switches by utilizing the CPU resources of the switches.…”

Section: Hybrid Models Based Ids In Sdnmentioning

confidence: 99%

“…As a result, another open issue is using multiple physical computers to evaluate suggested security measures in the SDN paradigm. The Mininet emulator was used to replicate and test the majority of the reviewed ML-DL-based IDS solutions, such as [167], [171], [189], [191], [234], [246]. On the one hand, a Mininet simulator makes prototyping an SDN easier and may be used to illustrate the concept of the proposed system.…”

Section: Bottleneck Creation Due To Lack Of Scalability Evaluation and Testingmentioning

confidence: 99%

“…Most of the datasets used by the researchers do not adequately represent the actual flow-based architecture of SDN. Although some studies performed feature selection and discussed about its significance in the development of ML-DL-based IDS [181], [234], [281], to enhance the effectiveness and scalability of IDS, dynamic selection and continuous updating of SDN-based features are still a necessity.…”

Section: Scarcity Of Proper Model Selection Studymentioning

confidence: 99%

See 1 more Smart Citation

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Rayhan¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Cite

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

show abstract

“…Other papers have addressed attacks detection in the specific context of SDN, such as [22][23][24][25][26][27][28][29][30][31][32][33], and [34].…”

Section: Related Workmentioning

confidence: 99%

Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks represent a major concern in modern Software Defined Networking (SDN), as SDN controllers are sensitive points of failures in the whole SDN architecture. Recently, research on DDoS attacks detection in SDN has focused on investigation of how to leverage data plane programmability, enabled by P4 language, to detect attacks directly in network switches, with marginal involvement of SDN controllers. In order to effectively address cybersecurity management in SDN architectures, we investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks. We compare two different DAD architectures, called Standalone and Correlated DAD, where traffic features collection and attack detection are performed locally at network switches or in a single entity (e.g., in SDN controller), respectively. We combine the capability of ML and P4-enabled data planes to implement real-time DAD. Illustrative numerical results show that, for all tested ML algorithms, accuracy, precision, recall and F1-score are above 98% in most cases, and classification time is in the order of few hundreds of $$\upmu \text {s}$$ μ s in the worst case. Considering real-time DAD implementation, significant latency reduction is obtained when features are extracted at the data plane by using P4 language. Graphic Abstract

show abstract

A New Framework for DDoS Attack Detection and Defense in SDN Environment

Cited by 116 publications

References 38 publications

Software Defined Network Enabled Fog-to-Things Hybrid Deep Learning Driven Cyber Threat Detection System

Software Defined Network Enabled Fog-to-Things Hybrid Deep Learning Driven Cyber Threat Detection System

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

Contact Info

Product

Resources

About