Detecting flooding DDoS attacks in software defined networks using supervised learning techniques

Wang, Song; Balarezo, Juan Fernando; Chavez, Karina Gomez; Al‐Hourani, Akram; Kandeepan, Sithamparanathan; Asghar, Muhammad Rizwan; Russello, Giovanni

doi:10.1016/j.jestch.2022.101176

Cited by 24 publications

(13 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent studies demonstrated that SL techniques can effectively detect and mitigate DDoS attacks. Song et al [94] investigated the performance of various SL techniques for DDoS attack detection in software-defined networks (SDNs). The authors evaluated the following eight techniques.…”

Section: A Machine Learning-based Approaches In Sdn Networkmentioning

confidence: 99%

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Abdi,

Audah,

Salh

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is a groundbreaking technology that has transformed network management significantly. By integrating data and control, SDN offers unparalleled flexibility and responsiveness, thereby overcoming the limitations of conventional network architectures. However, a centralized controller, which is a hallmark of SDN, is a double-edged security sword that offers easy control. This also becomes a dangerous point of failure for the entire network. To the best of our knowledge, this is the first comprehensive study to explore traditional-based, artificial intelligence (AI)-based, and moving target defense (MTD) approaches to securing SDN. The study begins with a survey of traditional security solutions for SDN, encompassing authentication, authorization, encryption, security protocols, firewalls, and flow verification, by addressing security threats and vulnerabilities in both data and control planes. The study then investigates the application of AI-based security solutions in an SDN environment, focusing on how Machine Learning (ML) and Deep Learning (DL) techniques are leveraged to address advanced security threats. Additionally, the survey examines MTD mechanisms within data and control plane security. Several in-depth techniques, including the randomization of Internet Protocol (IP) and Media Access Control (MAC) addresses, port numbers, and flow tables, and delving into the relationship between security threats, MTD strategies, and the specific controllers employed in experimental implementations. We utilized the widely recognized STRIDE cybersecurity framework to systematically identify and evaluate the potential threats to SDN security. Our analysis resulted in a comprehensive list of security challenges, and we propose future research directions aimed at addressing emerging threats in both the data and control planes.

show abstract

Section: A Machine Learning-based Approaches In Sdn Networkmentioning

confidence: 99%

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Abdi,

Audah,

Salh

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Authors in [11] introduced a lightweight supervised learning model to identify DDoS attacks targeting SDN controllers using only one feature of fluctuation of flow, which is the count of packet-in messages to the controller in a fixed time slice and for many consecutive times to avoid the behavior of a normal burst. They created their own dataset for the proposed system, but for testing and training their model, they used the InSDN dataset.…”

Section: Current Research Reviewmentioning

confidence: 99%

“…Authors in [10] argue that SDN networks may be more susceptible to malicious traffic than traditional environments due to the decoupling of the control plane and data plane. A security breach in conventional networks causes only minor damage to a small portion of the network, whereas an attack on the SDN controller might have catastrophic consequences for the entire network [7][8][9][10][11]. The attacks target different parts of SDN, as depicted in Figure 1.…”

Section: Introductionmentioning

confidence: 99%

A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments

Khalid,

Aldabagh

2024

Eng. Technol. Appl. Sci. Res.

View full text Add to dashboard Cite

Software Defined Networking (SDN) threats make network components vulnerable to cyber-attacks, creating obstacles for new model development that necessitate innovative security countermeasures, like Intrusion Detection Systems (IDSs). The centralized SDN controller, which has global view and control over the whole network and the availability of processing and storing capabilities, makes the deployment of artificial intelligence-based IDS in controllers a hot topic in the research community to resolve security issues. In order to develop effective AI-based IDSs in an SDN environment, there must be a high-quality dataset for training the model to offer effective and accurate attack prediction. There are some intrusion detection datasets used by researchers, but those datasets are either outdated or incompatible with the SDN environment. In this survey, an overview of the published work was conducted using the InSDN dataset from 2020 to 2023. Also, research challenges and future work for further research on IDS issues when deployed in an SDN environment are discussed, particularly when employing machine learning and deep learning models. Moreover, possible solutions for each issue are provided to help the researchers carry out and develop new methods of secure SDN.

show abstract

“…Typically, an OpenFlow switch always sends the relevant information of any new flow it receives to the controller for instructions on how to handle it. As a result, most DDoS attacks in SDN exploit vulnerabilities in the OpenFlow protocol [11] . Firstly, since the control plane is situated between the application plane and the forwarding plane, providing a programming interface to the upper layer and controlling hardware devices to the lower layer, if the control plane is compromised, the entire SDN can be affected.…”

Section: Organizational Forms Of Ddos Attacks In Sdnmentioning

confidence: 99%

Detection and Mitigation of DDoS attacks based on Multi-dimensional Characteristics in SDN

Wang,

Fu,

Duan

et al. 2024

Preprint

View full text Add to dashboard Cite

Due to the large computational overhead, underutilization of features, and high bandwidth consumption in traditional SDN environments for DDoS attack detection and mitigation methods, this paper proposes a two-stage detection and mitigation method for DDoS attacks in SDN based on multi-dimensional characteristics. Firstly, an analysis of the traffic statistics from the SDN switch ports is performed, which aids in conducting a coarse-grained detection of DDoS attacks within the network. Subsequently, a Multi-Dimensional Deep Convolutional Classifier (MDDCC) is constructed using wavelet decomposition and convolutional neural networks to extract multi-dimensional characteristics from the traffic data passing through suspicious switches. Based on these extracted multi-dimensional characteristics, a simple classifier can be employed to accurately detect attack samples. Finally, by integrating graph theory with restrictive strategies, the source of attacks in SDN networks can be effectively traced and isolated. The experimental results indicate that the proposed method, which utilizes a minimal amount of statistical information, can quickly and accurately detect attacks within the SDN network. It demonstrates superior accuracy and generalization capabilities compared to traditional detection methods, especially when tested on both simulated and public datasets. Furthermore, by isolating the affected nodes, the method effectively mitigates the impact of the attacks, ensuring the normal transmission of legitimate traffic during network attacks. This approach not only enhances the detection capabilities but also provides a robust mechanism for containing the spread of cyber threats, thereby safeguarding the integrity and performance of the network.

show abstract

Detecting flooding DDoS attacks in software defined networks using supervised learning techniques

Cited by 24 publications

References 27 publications

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

Security Control and Data Planes of SDN: A Comprehensive Review of Traditional, AI, and MTD Approaches to Security Solutions

A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments

Detection and Mitigation of DDoS attacks based on Multi-dimensional Characteristics in SDN

Contact Info

Product

Resources

About