Detection and Mitigation of Distributed Denial of Service Attacks on Network Architecture Software Defined Networking Using the Naive Bayes Algorithm (original) (raw)
Related papers
International Journal of Electrical and Computer Engineering (IJECE), 2025
Software-defined networking (SDN) is a network architecture that enables the separation of the control plane and data plane, facilitating centralized management of the network. While centralized control offers numerous benefits, it also comes with certain drawbacks. Flooding distributed denial of service (DDoS) attacks pose a significant threat in SDN environments. These attacks involve overwhelming a target system with a large volume of packets, aiming to disrupt its functionality. In this paper, we propose a new approach for detecting DDoS attacks based on multiple k-means models and the naive Bayes algorithm. Our methodology involves training multiple k-means models to cluster each data point within every column of the dataset, where each column represents a feature. This process results in a new dataset with the same shape, containing only clusters, except the column containing the target variable (labels). These clusters are then used as input by naïve Bayes to perform binary classification. We assessed our approach using the InSDN and CIC-DDoS2017 datasets. The results underscore the impressive accuracy of our model, achieving 99.9839% on the InSDN dataset and 99.7030% on the CIC-DDoS2017 dataset. This performance was achieved by optimizing the desired number of clusters.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN environment
International Journal of Electrical and Computer Engineering (IJECE), 2020
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack. 1. INTRODUCTION Software-Defined Networking (SDN) has been evolved to cater up to the exponentially increasing demands of the clients [1, 2]. These rises of the demands are arising from the usage of future internet architecture, which is very different from existing networking schemes [3]. The capability of the centralized architecture used in the network is furthermore enhanced as it can now segregate the control plane to forwarding plane and can further offer more extensive programming capability to the network [4, 5]. Irrespective of immense advantage, there are various security issues associated with the SDN [6-10]. Apart from the problem associated with the failure of a centralized point in the legacy centralized architecture, the SDN offers a mechanism using its controller system in order to study the security. However, there is a long way to go as SDN is comparatively a new networking concept which will require more prototyping, more exhaustive investigation, and more validation in order to claim its success factor. There is various review work on SDN environment to claim that it is inflicted with potential security problems [11-13]. As SDN uses the software as the core part; therefore, the risk of intrusion is quite more over the network, and various changes of security breaches can be expected. In this regard, Distributed Denial-of-Service (DDoS) acts as a single point of attack which also invites various other security breaches too. This is possible as a DDoS attack paralyze the entire system on the target network by illegitimately capturing the complete availability of such a system. Such attacks are quite easier to be launched in SDN owing to the presence of a centralized controller system that controls the entire network and formulates a decision of a server to be victimized. Normally, when a switch receives a data packet from various traffic flow that is found to be quite unmatched with each other than the data packet is forwarded to the SDN controller. A traffic flow rule is then forwarded by the SDN controller that is constructed on the basis of the application running on the network.
Comparative Analysis of DDoS Attacks Detection Systems in Software defined Networks
Soft Computing Research Society eBooks, 2022
The software-Defined Network (SDN) is the pre-eminent network framework in the recent decades as it ensures more authority over the recent network architecture. The Controller, which is characterized as the system software of the SDN is liable for running different organization applications and conserving a few organization administrations and functionalities. In spite of all its potentials, the establishment of numerous constructive organization of SDN creates numerous security dangers and possible targets. The Distributed Denial of Services (DDoS) is one of the major security threats that deteriorate the performance of the SDN organization. More researchers are concentrated to restrain the DDoS attack as the control layer in the SDN is the most exposed to DDoS attacks.These days, in the field of SDN, different AI (ML) procedures are being conveyed to recognize DDoS attack. Hence in this paper, 15 papers related to the DDoS attacks detection are analyzed. The evaluation of the research is implemented with respect to the various factors such as performance metrics, achievement of the existing methods, classifier or the methods utilized and so on. Finally, this report elucidates the future direction of the research.
An investigation of different DDOS attack detection methods in software-defined networks
International journal of health sciences, 2022
Software-Defined Network is more vulnerable to more frequent and severe security attacks. Distributed Denial of service (DDoS) spasms corrupt network along with hinder efficiency and performance significantly. DDoS spasms lead to exhaustion of network means, thereby stopping the controller and impeding normal activities. Detection of DDoS attacks requires different classification techniques that provide accurate and efficient decision-making. Various techniques to detect the attacks are proposed in the existing literature. However, analysis of various works reveals various shortcomings of different techniques. In this paper, the existing techniques are analyzed in terms of their accuracy and MSE, and seven methods are compared with regards to suitability to counter DDoS attacks efficiently. Analysis of the results shows limitations and sets the tone for future studies on the topic. Overall, it is suggested to continue looking for better techniques to improve upon the existing learni...
Detection of DDoS Attacks in Software Defined Networks
2018
Software Defined Networking (SDN) is an emerging networking paradigm which makes network agile, flexible and programmable. The important feature of SDN is its centralized control plane which manages the entire network. Distributed Denial of Service (DDoS) is the most popular cyber attack which results in exhaustion of the system resources, thus resulting in non-availability of the services to serve legitimate requests. SDN controller is highly vulnerable to DDoS attacks due to its centralized nature. Thus, detection of the DDoS attacks in the controller at the earliest is an important research issue. Many techniques are proposed to detect DDoS attacks. However, very few studies have been carried out in the context of SDN. In this work, we propose DDoS attack detection system for SDN using two levels of security. We first detect signature based attacks using Snort. Further, we use machine learning algorithms to detect anomaly based attacks. We use two algorithms namely Support Vector...
Detection of Distributed Denial of Service Attack in SDN using a Machine Learning Technique
International Journal of Advanced Research in Science, Communication and Technology
Software-defined network (SDN) is a network architecture that is used to build, and design the hardware components virtually. We can dynamically change the settings of network connections. In the traditional network, it's not possible to change dynamically, because it's a fixed connection. SDN is a good approach but still is vulnerable to DDoS attacks. The DDoS attack is managed on the internet. To prevent the DDoS attack, the machine learning algorithm can be used. The DDoS attack is the multiple collaborated systems that are used to target a particular server at the same time. In SDN control layer is in the center that links with the application and infrastructure layer, where the devices in the infrastructure layer are controlled by the software. In this paper, we propose a machine learning technique namely a Decision Tree to detect malicious traffic. Our test outcome shows that the Decision Tree detects whether the attack is safe or not.
Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds ...
Nanotechnology Perceptions, 2024
Software-Defined Networking (SDN) offers a paradigm shift in network management, providing increased flexibility and centralized control. However, this centralized architecture introduces unique security challenges. The centralized controller becomes a prime target for attackers, exposing the network to various threats such as direct attacks, unauthorized access, data manipulation, Denial-of-Service (DoS) attacks, and switch vulnerabilities. Furthermore, existing DDoS detection methods in SDN face limitations due to reliance on network topology, incomplete attack type coverage, outdated datasets, and expensive hardware requirements. This dependence on outdated data hinders adaptability to new threats and slows down detection. This research addresses these challenges by proposing a sophisticated hybrid approach integrated within the ONOS controller. This approach combines entropy-based analysis and a machine learning algorithm to enhance the identification of both high-volume and low-volume DDoS attacks through a binary classification task. By leveraging the capabilities of the ONOS controller, the study advances intrusion detection, offering a deeper understanding of network patterns and strengthening resilience against evolving cyber threats. Notably, the results demonstrate outstanding accuracy of up to 97% in detecting and mitigating these threats, underscoring the effectiveness of the proposed methodology. This research contributes significantly to the ongoing discourse on securing SDN environments by proposing a highly effective and adaptable DDoS detection and mitigation approach. This approach addresses the inherent vulnerabilities of SDN while capitalizing on its inherent advantages in flexibility and centralized control.
Detection and mitigation of DDoS attacks in SDN based intrusion detection system
Bulletin of Electrical Engineering and Informatics, 2024
Software defined networks (SDN) have completely revolutionized the management and operation of networks. This novel technology entails a distinctive approach to management. Amidst the advancements, a notable security concern arises in the form of distributed denial of service (DDoS) attacks. To counteract this attack, the deployment of intrusion detection systems (IDS) assumes paramount importance. IDS plays a critical role in monitoring network traffic, promptly detecting irregularities that may signify a potential denial of service (DoS) assault. This study delves into a comprehensive exploration of a DDoS attack on an SDN network using the OpenDaylight controller and the Mininet emulator. Furthermore, the assessment extends to evaluating the DDoS attack's repercussions and the effectiveness of IDS in mitigating such risks. Various performance metrics, including throughput according to delay time, are monitored to gauge network performance under duress. The difference in throughput curves when comparing scenarios with and without IDS highlights the significant impact of intrusion detection. When the IDS was absent, there was a noticeable increase in oscillations, indicating greater network susceptibility. On the other hand, the presence of an IDS created a more regulated environment, reducing variances and promoting a more stable network.
Security and Communication Networks
Distributed Denial of Service (DDoS) attack is known to be one of the most lethal attacks in traditional network architecture. In this attack, the attacker uses botnets to overwhelm network resources. Botnets can be randomly compromised computers or IoT devices that are used to generate excessive traffic towards the victim, and as a result, legitimate users cannot access the services. In this research, software-defined networking (SDN) has been suggested as a solution to fight DDoS attacks. SDN uses the idea of centralized control and segregation of the data plane from the control plane. SDN is more flexible, and policy implementation on the centralized controller is easy. SDN is now being widely used in modern network paradigms because it has enhanced security. In this work, an entropy-based statistical approach has been suggested to detect and mitigate TCP SYN flood DDoS attacks. The proposed algorithm uses a three-phased detection scheme to minimize the false-positive rate. Entro...