The Detection and Mitigation of Distributed Denial-of-Service (DDOS) Attacks in Software Defined Networks using Distributed Controllers

Kavitha, D.; Ramalakshmi, R.; Murugeswari, R.

doi:10.1109/incces47820.2019.9167698

Cited by 3 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The results showed great ability in maintaining the consistency of the network state view and end-to-end provisioning services. Kavitha et al [11] proposed a collaborative approach for DDoS attack detection in a distributed SDN multicontroller platform. It also analyzed DDoS attacks in distributed controllers, which differ from centralized controllers in SDNs.…”

Section: Literature Reviewmentioning

confidence: 99%

“…The proposed entropy mechanism compares the entropy flow values of source and destination IP addresses that are detected by the SDN controller to predefined entropy threshold values that change adaptively based on network dynamics [8]. In this regard, some of the entropy-based DDoS attack detection solutions are located in various studies and explained in the following section [9][10][11][12][13][14][15][16].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN

Gebremeskel

Adere

Krishna

et al. 2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN

Gebremeskel

Adere

Krishna

et al. 2023

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…The study detected attacks and provided an attack mitigation process through the implementation of a monitoring solution that used the POX controller with the Open vSwitch. Elsayed et al [23] proposed DDoSNet, against DDoS attacks in SDN environments. This method was based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder.…”

Section: Related Workmentioning

confidence: 99%

“…These neural networks are classi ed based upon types of data as LSTM, RNN, MLP, GRU, etc. Some of the DDoS attack solutions: LSTM [24], [25], [41], [19], RNN [23], MLP [20], and GRU.…”

Section: Introductionmentioning

confidence: 99%

DDoS Attack Detection and Classification Using Hybrid Model for Multi-controller SDN

Gebremeskel

Gemeda

et al. 2022

Preprint

View full text Add to dashboard Cite

Software-Defined Network (SDN) brings a lot of advantages to the world of networking through its flexibility and centralized management; however this centralized control makes it susceptible to different types of attacks. Distributed Denial of Service (DDoS) is one of the most dangerous attacks which can frequently launch DDoS attacks towards the controller in order to make it out of service. This work takes the special ability of SDN to propose a solution that an implementation running at the multi-controller to detect DDoS attack at the early stage. The method not only detect the attacks but also identify the attacking paths and start a mitigation process to provide protection for the network devices the moment an attack is detected. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using deep learning model to classify the attack into different type of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. To avoid a single point of controller failure, a multi-controller which is a logically centralized and physically distributed controller has used. The issues related to lack of detailed attack description have been addressed using categorical classification which is allowed to make specific attack descriptions by considering the traffic coming to the controller. The chi-square (x2) test feature selection algorithm has also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrate that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CIC-DDoS2019 which has the potential to detect and classify the DDoS attack traffic effectively in the multi-controller SDN environment. In this regard, it has enhanced accuracy level to 0.42% when we compared with RNN-AE model with data set CIC-DDoS2019, while it has improved up to 0.44% in comparison with CNN model with different data set ICICDDoS2017.

show abstract

“…An early detection method was proposed on a distributed SDN multi-controller [27]. The method used is entropy detection based on destination IP address and specific threshold for each controller.…”

Section: Introductionmentioning

confidence: 99%

Q-learning based distributed denial of service detection

Yaseen

Al-Saadi

2023

IJECE

View full text Add to dashboard Cite

<span lang="EN-US">Distributed denial of service (DDoS) attacks the target service providers by sending a huge amount of traffic to prevent legitimate users from getting the service. These attacks become more challenging in the software-defined network paradigm, due to the separation of the control plane from the data plane. Centralized software defined networks are more vulnerable to DDoS attacks that may cause the failure of all networks. In this work, a new approach is proposed based on q-learning to enhance the detection of DDoS attacks and reduce false positives and false negatives. The results of this work are compared with entropy detection in terms of the number of received packets to detect the attack and also the continuity of service for legitimate users. Moreover, these results indicate that the proposed system detects the DDoS attack from flash crowds and redirects the traffic to the edge of the data center. A second controller is used to redirect traffic to a honeypot server that works as a mirror server. This guarantees the continuity of service for both normal and suspected traffic until further analysis is done. The results indicate an increase of up to 50% in the throughput compared to other approaches.</span>

show abstract

The Detection and Mitigation of Distributed Denial-of-Service (DDOS) Attacks in Software Defined Networks using Distributed Controllers

Cited by 3 publications

References 18 publications

DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN

DDoS Attack Detection and Classification Using Hybrid Model for Multicontroller SDN

DDoS Attack Detection and Classification Using Hybrid Model for Multi-controller SDN

Q-learning based distributed denial of service detection

Contact Info

Product

Resources

About