Detecting DoS Attacks Based on Multi-Features in SDN

Wang, Huaiyuan; Liu, Liang; Wu, Zhijun

doi:10.1109/access.2020.2999668

Cited by 25 publications

(10 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Datasets Metrics Year BPNN [25] World Cup 1998 Dataset Precision / Recall / F1-score / Accuracy 2020 UADAIN [26] ISCX 2012 / NSL-KDD Accuracy / Detection rate / FAR 2022 OCSA-RNN [28] KDD99 Precision / Recall / F-Measure / Accuracy 2021 LSTM-GRU-SVM [29] SCADA Accuracy / Sensitivity / Specificity / Precision / F1-score Confusion matrix 2022…”

Section: Methodsmentioning

confidence: 99%

“…Although ML algorithms achieve good network traffic anomaly detection results, the rapid change of network data and the large data volume have caused more attention to be given to DL techniques. Meng Yue et al [25] combined backpropagation neural networks (BPNN) in software-defined networks (SDN) for DoS detection, achieving a detection rate. Y Shi and H Shen [26] proposed an unsupervised network anomaly traffic detection method based on an artificial immune network (UADAIN), which has a better detection effect than unsupervised methods such as K-means clustering.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Traffic Anomaly Detection in Wireless Sensor Networks Based on Principal Component Analysis and Deep Convolution Neural Network

Yao¹,

Yang²,

Yin³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

With the popularity of wireless networks, wireless sensor networks (WSNs) have advanced rapidly, and their flexibility and ease of deployment have resulted in more security concerns, making it critical to research network intrusion prevention for WSNs. Denial of service (DoS) is a common network attack, achieving its goal by bringing down the target network. A DoS attack on WSNs devices with limited resources would be fatal. This paper proposes a method based on principal component analysis (PCA) and a deep convolution neural network (DCNN) for DoS traffic anomaly detection in WSNs, based on the vulnerability of WSNs to attacks and the limited storage space of their devices. Compared with the conventional deep learning structure, the proposed model has a lightweight structure and more effective feature extraction capability, which can effectively detect network abnormal traffic in WSNs devices with limited storage capacity. To assure the effectiveness of the proposed model, receiver operating characteristic (ROC) curves, various classification metrics, and confusion matrices are used to verify the classification results of the model. Through experimental comparison, the proposed model, with small model size, outperforms other mainstream abnormal traffic detection models in terms of classification effect.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Traffic Anomaly Detection in Wireless Sensor Networks Based on Principal Component Analysis and Deep Convolution Neural Network

Yao¹,

Yang²,

Yin³

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In Reference [22], Yue et al proposed M-DoS attack and S-DoS attack, respectively, representing the DoS attack with multiple flow entries (M-DoS) to exhaust the Ternary Content-Addressable Memory resource of the switch and DoS attack with a single well-designed entry (S-DoS) to overwhelm the target link then further impacting the controller. For these two kinds of attacks, they extracted six characteristics of the flow table, and used BP neural network to construct a classifier to distinguish the attack flow from normal flow.…”

Section: Types Of Ddos Attacks Ddos Attacks Derive Numerousmentioning

confidence: 99%

Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN

Yan

Zheng

2022

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Software-Defined Networking (SDN) actualizes the separation of control and forwarding and innovates network functionalities with a logically centralized controller. Contemporary SDN infrastructure exposes the potential bottlenecks which are prone to engage in distributed denial of service attack (DDoS) thus posing an ever-increasing threat. This paper adopts the idea of “cross-plane collaboration” accomplishing DDoS attack defense and incorporates a two-phase project deploying the lightweight detection mechanism in data layer and the fine-grained filtering model in control layer. The coadjutant detection mechanism introduces a novel three-dimensional entropy consisting of five flow table features performing real-time feature detection; the defense strategy schedules an attack classification algorithm based on neural network by means of extracting four flow rule features designed to locate compromised interfaces occupied by malicious traffic. Extensive experiments are implemented to demonstrate the method we proposed brings excellent superiority. The detection rate of the classification filtering model is 99.4%, and it is real-time, with a detection time of 0.51s. In addition, the method of cross-layer defense reduces the CPU utilization of the controller.

show abstract

“…Este trabalho foi parcialmente financiado pelo CNPq, pela CAPES e pela CODATA-PB. segurança, portanto, enfrenta grandes ameaças de segurança [4] [5] [6].…”

Section: Introductionunclassified

“…Ataques DoS contra plano de dados, plano de controle ou aplicação SDN geralmente têm princípios e recursos diferentes, correspondentes a métodos de detecção especializados. Portanto, os ataques DoS devem ser estudados de acordo com diferentes planos, e os estudos existentes são comumente conduzidos dessa forma [6].…”

Section: Introductionunclassified

Usando o particionamento de switch para mitigar o problema de acoplamento

Albuquerque¹,

Pascoal²,

Nigam³

et al. 2022

Anais Do XL Simpósio Brasileiro De Telecomunicações E Processamento De Sinais

View full text Add to dashboard Cite

Resumo-A arquitetura de rede definida por software (SDN -Software Defined Nerworking) tem como principal característica centralizar o controle da rede em um único ativo, o que torna esse ativo um alvo para ataques de negação de serviço (DoS -Denial of Service). Este artigo tem como objetivo demonstrar uma maneira de mitigar ataques de negação de serviço que se concentram em explorar a segurança ao se acoplar vários switches ao mesmo controlador. Para a demonstração utilizamos um ataque dificil de ser detectado conhecido como Slow-Saturation.

show abstract

Detecting DoS Attacks Based on Multi-Features in SDN

Cited by 25 publications

References 30 publications

Traffic Anomaly Detection in Wireless Sensor Networks Based on Principal Component Analysis and Deep Convolution Neural Network

Traffic Anomaly Detection in Wireless Sensor Networks Based on Principal Component Analysis and Deep Convolution Neural Network

Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN

Usando o particionamento de switch para mitigar o problema de acoplamento

Contact Info

Product

Resources

About