Strategies for detecting and mitigating DDoS attacks in SDN: A survey

Joëlle, Misenga Mumpela; Park, Young-Hoon

doi:10.3233/jifs-169833

Cited by 15 publications

(8 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Initial specifications were published by Stanford's clean slate initiative; the open network foundation (ONF) now maintains them. The third layer of SDN is the application layer, which contains application program that communicate with the SDN controller to support the operation of forwarding process [20]. An application can aggregate information from the controller to create an abstract network view for decision-making.…”

Section: Software Defined Networkmentioning

confidence: 99%

“…The impact of successful DDoS attacks is a result of the growing need for the internet. Multiple workstations launch DDoS attacks against a single server by flooding its IP address with a lot of traffic [20]. Using the internet principle, this attack attempts to disrupt the targeted system thus overwhelming legitimate users by denying them access to the system resources.…”

Section: Distributed Denial Of Service Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Simulation of SDN in mininet and detection of DDoS attack using machine learning

Karthika

Karmel

2023

Bulletin EEI

View full text Add to dashboard Cite

Most contemporary businesses are embracing software defined networking (SDN), a developing architecture that enables an aerial-like perspective of the entire network. SDN operates by virtualizing the network and provides advantages including improved performance, visibility, speed, and scalability. SDN attempts to divide the network control plane from the forwarding plane. The control plane, which includes one or more controllers and incorporates complete intelligence, is thought of as the brain of the SDN. However, SDN has challenges with controller vulnerability, flexibility, and hardware security. But distributed denial of service (DDoS) assaults constitutes a serious threat to the SDN. Transmission control protocol-synchronized (TCP-SYN) floods, a common cyberattack that can harm SDNs, can deplete network resources by opening an excessive number of illegitimate TCP connections. In this research, we provide an OpenFlow port statistic-based architecture for machine learning (ML) enabled TCP-SYN flood detection. This research showed that ML models like support vector machine (SVM), Navie Bayes, and multi-layered perceptron can distinguish between regular traffic and SYN flood traffic and can mitigate the impacts of the attacking node on the network. Results showed that the multilayered perceptron can classify the traffic with highest accuracy of 99.75% for the simulation dataset.

show abstract

Section: Software Defined Networkmentioning

confidence: 99%

Section: Distributed Denial Of Service Attacksmentioning

confidence: 99%

Simulation of SDN in mininet and detection of DDoS attack using machine learning

Karthika

Karmel

2023

Bulletin EEI

View full text Add to dashboard Cite

show abstract

“…The proposed entropy mechanism compared the entropy ow values of source and destination IP addresses that are detected by the SDN controller to prede ned entropy threshold values that change adaptively based on network dynamics [26]. In this regard, some of the entropy-based DDoS attack detection solutions are located at [17], [21], [22], [29][30][31][32][33].…”

Section: Introductionmentioning

confidence: 99%

DDoS Attack Detection and Classification Using Hybrid Model for Multi-controller SDN

Gebremeskel

Gemeda

et al. 2022

Preprint

View full text Add to dashboard Cite

Software-Defined Network (SDN) brings a lot of advantages to the world of networking through its flexibility and centralized management; however this centralized control makes it susceptible to different types of attacks. Distributed Denial of Service (DDoS) is one of the most dangerous attacks which can frequently launch DDoS attacks towards the controller in order to make it out of service. This work takes the special ability of SDN to propose a solution that an implementation running at the multi-controller to detect DDoS attack at the early stage. The method not only detect the attacks but also identify the attacking paths and start a mitigation process to provide protection for the network devices the moment an attack is detected. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using deep learning model to classify the attack into different type of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. To avoid a single point of controller failure, a multi-controller which is a logically centralized and physically distributed controller has used. The issues related to lack of detailed attack description have been addressed using categorical classification which is allowed to make specific attack descriptions by considering the traffic coming to the controller. The chi-square (x2) test feature selection algorithm has also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrate that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CIC-DDoS2019 which has the potential to detect and classify the DDoS attack traffic effectively in the multi-controller SDN environment. In this regard, it has enhanced accuracy level to 0.42% when we compared with RNN-AE model with data set CIC-DDoS2019, while it has improved up to 0.44% in comparison with CNN model with different data set ICICDDoS2017.

show abstract

“…Several review papers are available in the literature, 3,12‐29 but no one has specifically addressed distributed processing framework‐based DDoS attack detection mechanisms. In this paper, we presented a comprehensive study with the review of distributed processing frameworks‐based mechanisms, taxonomy, characterization of various distributed processing frameworks, set of evaluation metrics, discussion on available datasets, etc.…”

Section: Introductionmentioning

confidence: 99%

Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

Patil

Krishna

Kumar

2021

Concurrency and Computation

View full text Add to dashboard Cite

A distributed denial of service (DDoS) attack is a significant threat to web‐based applications and hindering legitimate traffic (denies access to benign users) by overwhelming the victim system or its infrastructure (service, bandwidth, networking devices, etc.) with a large volume of attack traffic. It leads to a delay in responses or sometimes a crash victim system. Even a few moments of pause in web‐based applications lead to a huge monetary loss and a bad reputation in the market. Several approaches available in the literature to protect websites from different types of DDoS attacks. However, incidents and volume sizes of DDoS attacks are growing quarter by quarter. Further, various challenges in the traditional framework based defense mechanisms: itself becoming a victim of attacks while analyzing a massive amount of traffic, require more time for detection process, no coordination among the modules, etc. This paper presents a comprehensive DDoS defense deployment taxonomy and critically reviewed existing distributed frameworks based DDoS attack detection systems. Further, characterized several existing distributed processing frameworks to select an appropriate one for deploying DDoS attack detection mechanisms. Finally, several evaluation metrics, open issues, discussion on available datasets including their limitations, and future directions are presented.

show abstract

Strategies for detecting and mitigating DDoS attacks in SDN: A survey

Cited by 15 publications

References 62 publications

Simulation of SDN in mininet and detection of DDoS attack using machine learning

Simulation of SDN in mininet and detection of DDoS attack using machine learning

DDoS Attack Detection and Classification Using Hybrid Model for Multi-controller SDN

Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directions

Contact Info

Product

Resources

About