A Novel Distributed Denial-of-Service Attack Detection Scheme for Software Defined Networking Environments

“…In [146]- [148], for DDoS attacks, early detection solutions using entropy are presented. However, the authors of [149] argue that entropy measures for DDoS attacks work when the attack target has a fixed IP address, but when the attack is to a random IP, the mitigation measures are limited; since the thresholds do not consider the possible variances, they propose a solution with principal component analysis (PCA), which from the information collected, provides new models that allow predicting the attack. Similarly, regarding randomly targeted DDoS attacks, an early detection solution is proposed in [150].…”

“…Preconditions/ Postconditions [123] OFDP vulnerable BFD [125] Fake packet-in Switch port association with host MAC [135] Lack of packet-in message authentication Independent hardware implementation [136] DoS attacks Statistics [137] DoS attacks Protocol-independent defense framework [128] Spoofing and DoS attacks ACL / Machine learning [155] Spoofing Route and Dos attacks Traffic statistics [138] DDoS attacks Entropy [140] DoS attacks Entropy [141] DoS attacks Traffic statistics [142] DDoS attacks KPCA+GA+ Machine learning [143] DDoS attacks Blockchain [144] Lack of P2P traffic identification Machine learning [145] HTTP DDoS attacks Entropy + Hardware [149] DDoS attacks PCA [150] DDoS attacks EWMA [151] DDoS attacks Snort IDS [152] DDoS attacks Machine learning [153] DDoS attacks Deep Learning [154] DDoS attacks Entropy / Machine learning [156] Inference attacks Randomization of network attributes/ Rate-limiting + Proactive rules Rate-limiting + Proxy [160] DoS attacks (LDoS) Statistics / LRU [130] Inference attacks Routing aggregation / TCAM + SRAM [161], [162] Lack of network client access control EAP / RADIUS [163] Lack of network client access control EAPoL / RADIUS [164] DoS attacks Blockchain + Hardware [129] SYN flooding and ARP spoofing attacks SYN/ACK and ACK/FIN packets' ratio / P4 cache [165] Traffic overload / Latency App+P4 [166] Traffic overload Snort IPS + P4 [167] DDoS attacks P4+Entropy+FSM [168] Lack of link protection between stateful switches MACsec [169] States exchange between stateful switches Digital signatures [170] Link floo...…”

“…During the development of this manuscript, it has been observed that several of the solutions for attack detection contemplate the use of entropy, a widely adopted mechanism, mainly due to the ease and acceptable cost of its implementation. However, due to the constant evolution of SDN networks, some authors question this mechanism mainly regarding its effectiveness for the early detection of DoS attacks [149], arguing that rigid thresholds could discard benign traffic or worse still accept malicious flow. In this sense, This work is licensed under a Creative Commons Attribution 4.0 License.…”

A Survey of the Main Security Issues and Solutions for the SDN Architecture

“…In [146]- [148], for DDoS attacks, early detection solutions using entropy are presented. However, the authors of [149] argue that entropy measures for DDoS attacks work when the attack target has a fixed IP address, but when the attack is to a random IP, the mitigation measures are limited; since the thresholds do not consider the possible variances, they propose a solution with principal component analysis (PCA), which from the information collected, provides new models that allow predicting the attack. Similarly, regarding randomly targeted DDoS attacks, an early detection solution is proposed in [150].…”

“…Preconditions/ Postconditions [123] OFDP vulnerable BFD [125] Fake packet-in Switch port association with host MAC [135] Lack of packet-in message authentication Independent hardware implementation [136] DoS attacks Statistics [137] DoS attacks Protocol-independent defense framework [128] Spoofing and DoS attacks ACL / Machine learning [155] Spoofing Route and Dos attacks Traffic statistics [138] DDoS attacks Entropy [140] DoS attacks Entropy [141] DoS attacks Traffic statistics [142] DDoS attacks KPCA+GA+ Machine learning [143] DDoS attacks Blockchain [144] Lack of P2P traffic identification Machine learning [145] HTTP DDoS attacks Entropy + Hardware [149] DDoS attacks PCA [150] DDoS attacks EWMA [151] DDoS attacks Snort IDS [152] DDoS attacks Machine learning [153] DDoS attacks Deep Learning [154] DDoS attacks Entropy / Machine learning [156] Inference attacks Randomization of network attributes/ Rate-limiting + Proactive rules Rate-limiting + Proxy [160] DoS attacks (LDoS) Statistics / LRU [130] Inference attacks Routing aggregation / TCAM + SRAM [161], [162] Lack of network client access control EAP / RADIUS [163] Lack of network client access control EAPoL / RADIUS [164] DoS attacks Blockchain + Hardware [129] SYN flooding and ARP spoofing attacks SYN/ACK and ACK/FIN packets' ratio / P4 cache [165] Traffic overload / Latency App+P4 [166] Traffic overload Snort IPS + P4 [167] DDoS attacks P4+Entropy+FSM [168] Lack of link protection between stateful switches MACsec [169] States exchange between stateful switches Digital signatures [170] Link floo...…”

“…During the development of this manuscript, it has been observed that several of the solutions for attack detection contemplate the use of entropy, a widely adopted mechanism, mainly due to the ease and acceptable cost of its implementation. However, due to the constant evolution of SDN networks, some authors question this mechanism mainly regarding its effectiveness for the early detection of DoS attacks [149], arguing that rigid thresholds could discard benign traffic or worse still accept malicious flow. In this sense, This work is licensed under a Creative Commons Attribution 4.0 License.…”

A Survey of the Main Security Issues and Solutions for the SDN Architecture

“…When the score reaches the threshold, the alarm goes up. Wu et al [26] proposed a unique real-time DDoS detection scheme in the SDN environment by using the principal component analysis (PCA) method to analyze the traffic packet data network state and reduce the total computational cost. The problem with statistics-based methods is that they need an accurate statistical distribution.…”

Development Machine Learning Techniques to Enhance Cyber Security Algorithms. (Dept. E)

“…The continuous growth of web services and e-commerce has encouraged many criminals and phishers to develop innovative methods to exploit and deceive novice users into sending out their financial information [1][2][3][4]. Although trojans, black hat search engine optimisation, forums, Internet relay chat, instant messaging, key-loggers, and screen captures are other methods used by phishers to steal the users' information, sending emails to target users by the phisher is still the most popular way of initiating the web phishing attacks [4,16,[25][26][27][28][29][30][31][32][33].…”

Hybrid intelligent phishing website prediction using deep neural networks with genetic algorithm‐based feature selection and weighting