Real-time DDoS Detection and Mitigation in Software Defined Networks using Machine Learning Techniques

Sanjeetha R; Anita Kanavalli; Anshul Gupta; Ashutosh Pattanaik; Sashank Agarwal

doi:10.47839/ijc.21.3.2691

Authors

Sanjeetha R
Anita Kanavalli
Anshul Gupta
Ashutosh Pattanaik
Sashank Agarwal

DOI:

https://doi.org/10.47839/ijc.21.3.2691

Keywords:

SDN, Threshold, DDoS, Controller, Machine learning

Abstract

Software Defined Network (SDN) is the new era of networking technology based on a centralized controller that separates the switch hardware from its operating software. The most important challenge is the security of SDN and the most prominent attack is the Distributed Denial of Service (DDoS) attack. Some of the research work done so far detects DDoS attacks using a threshold, which is usually assumed without proper scientific reason and hence may not be always accurate. The mitigation techniques used by some researchers block the host from sending the network traffic beyond a threshold, by installing drop rules in the flow table of the switch connected to that host. Doing so will not only block the attack traffic but also the genuine ones from other applications of that host. In this paper, we propose a model that calculates the threshold limit for the type of applications sending data to a particular switch, in real-time using a machine learning (ML) model, and determines whether that application traffic is DDoS traffic. After the detection, only application type sending DDoS traffic is blocked while other genuine applications are allowed to send the network traffic without any interruption. The use of a dynamic threshold, based on the current network traffic, will help in detecting DDoS efficiently.

References

S. Murtuza, K. Asawa, “Mitigation and detection of DDoS attacks in software defined networks,” Proceedings of the 2018 Eleventh IEEE International Conference on Contemporary Computing (IC3), 2018, pp. 1-3. https://doi.org/10.1109/IC3.2018.8530514.

B. H. Lawal, A. T. Nuray, “Real-time detection and mitigation of distributed denial of service (DDoS) attacks in software defined networking (SDN),” Proceedings of the 2018 26th IEEE Signal Processing and Communications Applications Conference (SIU), 2018, pp. 1-4. https://doi.org/10.1109/SIU.2018.8404674.

A. Ahalawat, S. D. Shashank, A. Panda, K. S. Babu, “Entropy based DDoS detection and mitigation in OpenFlow enabled SDN,” Proceedings of the 2019 IEEE International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), 2019, pp. 1-5. https://doi.org/10.1109/ViTECoN.2019.8899721.

N. Dayal, S. Srivastava, “An RBF-PSO based approach for early detection of DDoS attacks in SDN,” Proceedings of the 2018 10th IEEE International Conference on Communication Systems & Networks (COMSNETS), 2018, pp. 17-24. https://doi.org/10.1109/COMSNETS.2018.8328175.

W. Queiroz, M. A. M. Capretz, and M. Dantas, “An approach for SDN traffic monitoring based on big data techniques,” Journal of Network and Computer Applications, vol. 131, pp. 28-39, 2019. https://doi.org/10.1016/j.jnca.2019.01.016.

S. Y. Mehr, B. Ramamurthy, “An SVM based DDoS attack detection method for RYU SDN controller,” Proceedings of the 15th International Conference on Emerging Networking Experiments and Technologies, 2019, pp. 72-73. https://doi.org/10.1145/3360468.3368183.

M. S. Elsayed, N.-A. Le-Khac, S. Dev, and A. D. Jurcut, “Machine-learning techniques for detecting attacks in SDN,” ArXiv preprint arXiv:1910.00817, 2019. https://doi.org/10.1109/ICCSNT47585.2019.8962519.

C. Li, Y. Wu, X. Yuan, Z. Sun, W. Wang, X. Li, and L. Gong, “Detection and defense of DDoS attack–based on deep learning in OpenFlow‐based SDN,” International Journal of Communication Systems, vol. 31, no. 5, article e3497, 2018. https://doi.org/10.1002/dac.3497.

M. J. R. Dennis, Machine-learning and Statistical Methods for DDoS Attack Detection and Defense System in Software Defined Networks, Master Thesis, Toronto, Ontario, Canada, 2018.

P. Verma, S. Tapaswi, and W. W. Godfrey, “An adaptive threshold-based attribute selection to classify requests under DDoS attack in cloud-based systems,” Arabian Journal for Science and Engineering, vol. 45, no. 4, pp. 2813-2834, 2020. https://doi.org/10.1007/s13369-019-04178-x.

A. M. Sukhov, E. S. Sagatov, and A. V. Baskakov, “Rank distribution for determining the threshold values of network variables and the analysis of DDoS attacks,” Procedia Engineering, vol. 201, pp. 417-427, 2017. https://doi.org/10.1016/j.proeng.2017.09.666.

P. Verma, S. Tapaswi, and W. W. Godfrey, “An adaptive threshold-based attribute selection to classify requests under DDoS attack in cloud-based systems,” Arabian Journal for Science and Engineering, vol. 45, no. 4, pp. 2813-2834, 2020. https://doi.org/10.1007/s13369-019-04178-x.

Y. Chen, K. Hwang, and W.-S. Ku, “Collaborative detection of DDoS attacks over multiple network domains,” IEEE Transactions on Parallel and Distributed Systems, vol. 18, no. 12, pp. 1649-1662, 2007. https://doi.org/10.1109/TPDS.2007.1111.

S. M. Mousavi, and M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” Proceedings of the 2015 IEEE International Conference on Computing, Networking and Communications (ICNC), 2015, pp. 77-81. https://doi.org/10.1109/ICCNC.2015.7069319.

M. Sachdeva, K. Kumar, and G. Singh, “A comprehensive approach to discriminate DDoS attacks from flash events,” Journal of Information Security and Applications, vol. 26, pp. 8-22, 2016. https://doi.org/10.1016/j.jisa.2015.11.001.

D. Kshirsagar, and S. Kumar, “A feature reduction based reflected and exploited DDoS attacks detection system,” Journal of Ambient Intelligence and Humanized Computing, pp. 1-13, 2021. https://doi.org/10.1007/s12652-021-02907-5.

D.-T. Truong, K.-D. Tran, Q.-B. Nguyen, and D.-T. Tran, “Detection of DoS, DDoS attacks in software-defined networking,” In: Research in Intelligent and Computing in Engineering, Springer, Singapore, 2021, pp. 25-35. https://doi.org/10.1007/978-981-15-7527-3_3.

R. M. A. Ujjan, Z. Pervez, K. Dahal, W. A. Khan, A. M. Khattak, and B. Hayat, “Entropy based features distribution for Anti-DDoS model in SDN,” Sustainability, vol. 13, no. 3, pp. 15-22, 2021. https://doi.org/10.3390/su13031522.

S. Saharan, and V. Gupta, “DDoS prevention: Review and issues,” Advances in Machine Learning and Computational Intelligence, pp. 579-586, 2021. https://doi.org/10.1007/978-981-15-5243-4_53.

K. F. Xylogiannopoulos, P. Karampelas, and R. Alhajj, “Advanced network data analytics for large-scale DDoS attack detection,” In: Research Anthology on Combating Denial-of-Service Attacks, IGI Global, pp. 358-370, 2021. https://doi.org/10.4018/978-1-7998-5348-0.ch019.

G. Megala, S. Prabu, and B. C. Liyanapathirana, “Detecting DDoS attack: A machine-learning-based approach,” In: Applications of Artificial Intelligence for Smart Technology, IGI Global, pp. 55-66, 2021. https://doi.org/10.4018/978-1-7998-3335-2.ch004

Kaggle DDoS Dataset by Devendra. [Online]. Available at: https://www.kaggle.com/devendra416/ddos-datasets/data#

P. Biondi, “Scapy documentation(!),” 2010. [Online]. Available at: https://scapy.net/

M. Idhammad, K. Afdel, M. Belouch, “Detection system of HTTP DDoS attacks in a cloud environment based on information theoretic entropy and random forest,” Security and Communication Networks, vol. 2018, Article ID 1263123, 13 pages, 2018. https://doi.org/10.1155/2018/1263123.

International Journal of Computing

Real-time DDoS Detection and Mitigation in Software Defined Networks using Machine Learning Techniques

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Information