A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

Latah, Majd; Toker, Levent

doi:10.26555/ijain.v4i1.138

Cited by 28 publications

(21 citation statements)

References 20 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results, as well as the ones reported in the literature, are summarized in Table 10. It can be seen from Table 10, that the proposed machine learning model with feature selection approaches, results in better performance in comparison with the results from [10,16,18,19,21]. It should be noted that similar studies in the literature used different datasets and different models.…”

Section: Receiver Operating Characteristic (Roc) Curvementioning

confidence: 88%

See 1 more Smart Citation

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

2020

View full text Add to dashboard Cite

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.Sustainability 2020, 12, 1035 2 of 16As the control logic has been taken from local devices and become central, SDN is structured from a single spot and dynamically optimized [4]. Although certain security threats are general in computer networks, SDN has brought its own security threats. There are at least seven different threat vectors identified with SDN [5]. The most important threat vector for SDN is Distributed Denial of Service (DDoS) attacks. They can be against the controller in SDN or in the storage capacity of the flow table in the OpenFlow switch.The controller is exposed to DDoS attacks through the communication line between the controller and the data plane. DDoS attacks direct a large amount of traffic to the OpenFlow switch on the data plane. If packets arriving at the OpenFlow switch do not match with the flow input in the flow table (miss flow), packets are taken into the flow buffer. Then, they are transmitted to the controller with the Packet-In message to write a new rule. In this situation, the sources of the controller (memory, processor, bandwidth, etc.) remain incapable and the network becomes inoperative. In addition, the bandwidth of the communication line between the controller that is exposed to attack traffic and the OpenFlow switch is negatively affected. Therefore, network performance severely declines [6].The data plane is exposed to DDoS attacks through the flow table located in the net...

show abstract

Section: Receiver Operating Characteristic (Roc) Curvementioning

confidence: 88%

“…Latah and Toker [10] detected DDoS attacks by measuring the rate of the arriving packet at the moment of attack. When some packets, among the ones coming to the controller, passed the pre-determined threshold, an inspection unit that uses SVM was activated to be able to detect DDoS flooding attacks.…”

Section: Ddos Attacks Against the Openflow Switchmentioning

confidence: 99%

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

2020

View full text Add to dashboard Cite

show abstract

“…Software defined networking is regarded as a novel networking architecture for detecting a DoS attack [11]. The authors have proposed the intelligent approach for a DoS attack detecting in SDN.…”

Section: Related Workmentioning

confidence: 99%

Analysis of Features Dataset for DDoS Detection by using ASVM Method on Software Defined Networking

Oo¹,

Kamolphiwong²,

Kamolphiwong³

et al. 2020

IJNDC

View full text Add to dashboard Cite

With the continuous development of networking environment, nowadays, there are many innovative technologies in computer network researches and industries. Most businesses use various mobile devices, cloud services and virtualization techniques in network environments [1]. Their usage is becoming the strongest evolution. The network programmability will be critical for business growth. Most of the today's network types are traditional networks. The traditional network management methods are device-bydevice and system by using manual configurations [2]. All devices are controlled and managed by human. If a new network device is added to the network, the device must be first configured. As a result, the network is not flexible and cannot be easily scale.

show abstract

“…In this context, NNs [97][98][99][100][101][102][103][104][105][106], SVM [105][106][107][108][109][110][111][112][113], DTs [114][115][116][117][118][119][120][121][122][123][124][125][126][127][128], ensemble methods [129][130][131][132][133][134][135][136][137][138][139][140] and supervised deep learning [44,[141][142][143][144] approaches were the most used...…”

Section: Supervised Learning In Sdnmentioning

confidence: 99%

“…SVMs in SDN: SVM approach was mainly used for deploying intrusion detection systems in the SDN paradigm [107][108][109][110][111][112][113][114]. Kokila et al [107] proposed a method for the detection of DDoS attacks on the SDN controller.…”

Section: Supervised Learning In Sdnmentioning

confidence: 99%

Artificial intelligence enabled software‐defined networking: a comprehensive overview

2019

Self Cite

View full text Add to dashboard Cite

Software-defined networking (SDN) represents a promising networking architecture that combines central management and network programmability. SDN separates the control plane from the data plane and moves the network management to a central point, called the controller that can be programmed and used as the brain of the network. Recently, the research community has shown an increased tendency to benefit from the recent advancements in the artificial intelligence (AI) field to provide learning abilities and better decision making in SDN. In this study, the authors provide a detailed overview of the recent efforts to include AI in SDN. The study showed that the research efforts focused on three main sub-fields of AI namely: machine learning, meta-heuristics and fuzzy inference systems. Accordingly, in this work, the authors investigate their different application areas and potential use, as well as the improvements achieved by including AI-based techniques in the SDN paradigm.

show abstract

A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

Cited by 28 publications

References 20 publications

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Analysis of Features Dataset for DDoS Detection by using ASVM Method on Software Defined Networking

Artificial intelligence enabled software‐defined networking: a comprehensive overview

Contact Info

Product

Resources

About