Lightweight Statistical Approach towards TCP SYN Flood DDoS Attack Detection and Mitigation in SDN Environment

Batool, Sehrish; Khan, Farrukh Zeeshan; Shah, Syed Qaiser Ali; Ahmed, Muneer; Alroobaea, Roobaea; Baqasah, Abdullah M.; Ali, Ihsan; Raza, Muhammad Ahsan

doi:10.1155/2022/2593672

Cited by 20 publications

(8 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the popular sFlow and OpenFlow protocols, it is a fabric controller with an open, standards-based JavaScript development environment. Mitigation script logs (Batool et al, 2022) are once the attack has been stopped. When the attack is stopped and the mitigation block is activated, it resumes its normal course.…”

Section: Methodsmentioning

confidence: 99%

Efficiency Assessment of Software-Defined Networking for Real-Time Network Systems

Gupta,

Tanwar,

Badotra

2024

Journal of Computer Science

View full text Add to dashboard Cite

Software Networking (SDN) is growing in popularity due to its benefits, which include portability, mobility, analytics, and ease of creation. But it needs to be adequately shielded from security risks. One of the main vulnerabilities to the SDN network is the Distributed Denial-of-Service (DDoS) attack. To fulfill the demands of the complex and demanding security concerns of today, a new network philosophy is needed. Because SDN relies on a central controller, it has a single point of attack and failure. The present research monitors and analyses network traffic coming from switches, host computers, emulators, and wireless access points using a multi-vendor packet sampling technique using sFlow. In the process, we have clarified the usefulness and efficiency of the recommended strategy, which makes use of SDN controllers for the detection and mitigation of DDoS flooding attacks. The outcomes also demonstrate that the ODL controller outperforms the other remaining controllers in terms of load-shedding efficiency and flow setup latency. According to TCP bandwidth measurements, the ODL controller performs better in terms of processing power and jitter than the remaining controllers due to its higher computational complexity. These test results indicate that the jitter performance of all controllers is comparable. Overall analysis indicates that ODL is more reliable than other controllers in our scenario.

show abstract

Section: Methodsmentioning

confidence: 99%

Efficiency Assessment of Software-Defined Networking for Real-Time Network Systems

Gupta,

Tanwar,

Badotra

2024

Journal of Computer Science

View full text Add to dashboard Cite

show abstract

“…This process is known as the connection establishment method of TCP protocol or three-way handshaking. The Server listens for client connection requests before a connection is established [ 28 ]. In an SDN network, for example, the OpenFlow switch must request the controller forwarding rules for each new connection it receives from the clients.…”

Section: Hld-ddosdn Generationmentioning

confidence: 99%

HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN

Bahashwan,

Anbar,

Manickam

et al. 2024

PLoS ONE

View full text Add to dashboard Cite

Software Defined Network (SDN) has alleviated traditional network limitations but faces a significant challenge due to the risk of Distributed Denial of Service (DDoS) attacks against an SDN controller, with current detection methods lacking evaluation on unrealistic SDN datasets and standard DDoS attacks (i.e., high-rate DDoS attack). Therefore, a realistic dataset called HLD-DDoSDN is introduced, encompassing prevalent DDoS attacks specifically aimed at an SDN controller, such as User Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). This SDN dataset also incorporates diverse levels of traffic fluctuations, representing different traffic variation rates (i.e., high and low rates) in DDoS attacks. It is qualitatively compared to existing SDN datasets and quantitatively evaluated across all eight scenarios to ensure its superiority. Furthermore, it fulfils the requirements of a benchmark dataset in terms of size, variety of attacks and scenarios, with significant features that highly contribute to detecting realistic SDN attacks. The features of HLD-DDoSDN are evaluated using a Deep Multilayer Perception (D-MLP) based detection approach. Experimental findings indicate that the employed features exhibit high performance in the detection accuracy, recall, and precision of detecting high and low-rate DDoS flooding attacks.

show abstract

“…Secondly, there is no identi cation of the path followed by the attack, which could be necessary for the mitigation process later. In [26] entropybased solution is used for mitigating TCP-syn ood attacks in three steps, i.e., entropy, standard deviation, and weighted moving average. This work has shown the signi cance of entropy-based solutions due to their lightweight properties in SDN controllers.…”

Section: Literature Reviewmentioning

confidence: 99%

Detection and Mitigation of Malicious DDoS Floods in Software Defined Networks

Ahmad

Rehman

Saleem

2023

Preprint

View full text Add to dashboard Cite

Software-defined networking (SDN) has revolutionized network management by providing modular control and data plane attributes for flexible network management. It implies the concept of separating the control and data plane attributes for flexible network management. However, centralized management due to control plane separation in SDN also exposes it to cyber threats such as Distributed Denial-of-service (DDoS) attacks that can compromise the SDN controllers. In recent research, entropy-based attack detection approaches showed much significance among other detection methods but relying on entropy itself can neglect detection in several variables such as variations in flow specification. Based on these limitations, in this work, we have designed a DDoS attack detection framework inside the SDN control plane by integrating the packet flow initiation and its specifications properties with entropy-based algorithm to ensure correct measures of attack detection. The simulation is performed on Mininet network simulator, for implementing SDN architecture and the testbed is created on UDP flood attacks on commonly used data-centric tree topologies. Based on experimentation, this lightweight framework is designed to mitigate DDoS attacks by detecting its effects in the early stages to prevent SDN controller being hijacked due to immense packet flooding Based on the results, the proposed solution assures the SDN-based DDoS attack detection and mitigation under 150 packets maintaining significantly low detection time and high accuracy.accuracy.

show abstract

Lightweight Statistical Approach towards TCP SYN Flood DDoS Attack Detection and Mitigation in SDN Environment

Cited by 20 publications

References 41 publications

Efficiency Assessment of Software-Defined Networking for Real-Time Network Systems

Efficiency Assessment of Software-Defined Networking for Real-Time Network Systems

HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN

Detection and Mitigation of Malicious DDoS Floods in Software Defined Networks

Contact Info

Product

Resources

About