Distributed Dos Attacks Detection Based on Machine Learning Techniques in Software Defined Networks
Keywords:
Distributed Denial of Attacks (DDoS), Software Defined Networks (SDN), Artificial Neural Network (ANN), Machine Learning, Feature SelectionAbstract
Manageability, scaling, and enhanced efficiency are all benefits of Software Defined Networking (SDN). However, if the controller is prone to DDoS attacks, SDN presents a unique set of security challenges. DDoS attacks have resulted in massive economic losses for civilization. They have evolved into one of the most significant challenges to Internet security. In a cloud and large data world, most existing detection approaches based on a single function and defined parameter values are unable to detect early DDoS attacks. The network connectivity and integration capacity of the SDN controller are overloaded while it is vulnerable to DDoS attacks. The high amount of flow that the controller is producing for the attack packets causes the switch flow database ability to fill up, which lowers network output to a critical threshold. Artificial Neural Network (ANN) techniques were used in this paper to detect DDoS attacks in SDN. The test findings showed that the highest accuracy rate in DDoS threat detection was achieved when an ANN classification method was combined with wrapper function selection applied. The proposed system is tested against existing benchmarks on a current state-of-the-art Flow-based dataset. The results demonstrate how Feature Selection (FS) strategies and the ANN approach may both reduce processing times and reduce processing difficulties in SDN DDoS attack detection.
Downloads
References
Cheng, J., Zhang, C., Tang, X., Sheng, V. S., Dong, Z., & Li, J. (2018). Adaptive DDoS attack detection method based on multiple-kernel learning. Security and Communication Networks, 2018.
Cui, J., Zhang, Y., Cai, Z., Liu, A., & Li, Y. (2018). Securing display path for security-sensitive applications on mobile devices. Computers, Materials and Continua, 55(1), 17.
Pimpalkar, A. S., & Patil, A. B. (2015, March). Detection and defense mechanisms against DDoS attacks: A review. In 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS) (pp. 1-6). IEEE.
Zeb, K., Baig, O., & Asif, M. K. (2015, March). DDoS attacks and countermeasures in cyberspace. In 2015 2nd World Symposium on Web Applications and Networking (WSWAN) (pp. 1-6). IEEE.
Shen, J., Gui, Z., Ji, S., Shen, J., Tan, H., & Tang, Y. (2018). Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Journal of Network and Computer Applications, 106, 117-123.
Lin, W., Xu, S., He, L., & Li, J. (2017). Multi-resource scheduling and power simulation for cloud computing. Information Sciences, 397, 168-186.
Jiang, W., Wang, G., Bhuiyan, M. Z. A., & Wu, J. (2016). Understanding graph-based trust evaluation in online social networks: Methodologies and challenges. ACM Computing Surveys (CSUR), 49(1), 1-35.
Peng, T., Liu, Q., Meng, D., & Wang, G. (2017). Collaborative trajectory privacy preserving scheme in location-based services. Information Sciences, 387, 165-179.
Nunes, B. A. A., Mendonca, M., Nguyen, X. N., Obraczka, K., & Turletti, T. (2014). A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications surveys & tutorials, 16(3), 1617-1634.
Scott-Hayward, S., O'Callaghan, G., & Sezer, S. (2013, November). SDN security: A survey. In 2013 IEEE SDN For Future Networks and Services (SDN4FNS) (pp. 1-7). IEEE.
Meng, R., Rice, S. G., Wang, J., & Sun, X. (2018). A fusion steganographic algorithm based on faster R-CNN. Computers, Materials & Continua, 55(1), 1-16.
Cui, Q., Zhou, Z., Yuan, C., Sun, X., & Wu, Q. J. (2018). Fast American Sign Language Image Recognition Using CNNs with Fine-tuning. Journal of Internet Technology, 19(7), 2207-2214.
Li, Y., Wang, G., Nie, L., Wang, Q., & Tan, W. (2018). Distance metric optimization driven convolutional neural network for age invariant face recognition. Pattern Recognition, 75, 51-62.
Saied, A., Overill, R. E., & Radzik, T. (2014, June). Artificial Neural Networks in the detection of known and unknown DDoS attacks: Proof-of-Concept. In International Conference on Practical Applications of Agents and Multi-Agent Systems (pp. 309-320). Springer, Cham.
Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2015). An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognition Letters, 51, 1-7.
Tan, Z., Jamdagni, A., He, X., Nanda, P., & Liu, R. P. (2013). A system for denial-of-service attack detection based on multivariate correlation analysis. IEEE transactions on parallel and distributed systems, 25(2), 447-456.
Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., & Tang, F. (2011). Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE transactions on parallel and distributed systems, 23(6), 1073-1080.
Wang, A., Chang, W., Chen, S., & Mohaisen, A. (2018). Delving into internet DDoS attacks by botnets: characterization and analysis. IEEE/ACM Transactions on Networking, 26(6), 2843-2855.
Kumar, G. D., Rao, C. G., Singh, M. K., & Ahmad, F. (2014, June). Using jpcap api to monitor, analyze, and report network traffic for ddos attacks. In 2014 14th International Conference on Computational Science and Its Applications (pp. 35-39). IEEE.
Johnson Singh, K., Thongam, K., & De, T. (2016). Entropy-based application layer DDoS attack detection using artificial neural networks. Entropy, 18(10), 350.
Rukavitsyn, A., Borisenko, K., & Shorov, A. (2017, February). Self-learning method for DDoS detection model in cloud computing. In 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus) (pp. 544-547). IEEE.
Zhang, H., Cai, Z., Liu, Q., Xiao, Q., Li, Y., & Cheang, C. F. (2018). A survey on security-aware measurement in SDN. Security and Communication Networks, 2018.
Ashraf, J., & Latif, S. (2014, November). Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques. In 2014 National Software Engineering Conference (pp. 55-60). IEEE.
Mihai-Gabriel, I., & Victor-Valeriu, P. (2014, November). Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI) (pp. 319-324). IEEE.
Yan, Q., Gong, Q., & Yu, F. R. (2017). Effective software-defined networking controller scheduling method to mitigate DDoS attacks. Electronics Letters, 53(7), 469-471.
Chin, T., Mountrouidou, X., Li, X., & Xiong, K. (2015, June). Selective packet inspection to detect DoS flooding using software defined networking (SDN). In 2015 IEEE 35th international conference on distributed computing systems workshops (pp. 95-99). IEEE.
Dayal, N., & Srivastava, S. (2017, January). Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN. In 2017 9th International Conference on Communication Systems and Networks (COMSNETS) (pp. 274-281). IEEE.
Ye, J., Cheng, X., Zhu, J., Feng, L., & Song, L. (2018). A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks, 2018.
Kim, D. E., & Gofman, M. (2018, January). Comparison of shallow and deep neural networks for network intrusion detection. In 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC) (pp. 204-208). IEEE.
Venkatesh, B., & Anuradha, J. (2019). A review of feature selection and its methods. Cybernetics and Information Technologies, 19(1), 3-26.
Stamp, M. (2017). Introduction to machine learning with applications in information security. CRC Press.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.