Abstract
Software-Defined Network (SDN) is a network architecture that decouples the network control logic from data forwarding logic. SDN allows networking devices to be monitored and controlled by a centralized controller. Unfortunately, this opens up avenues for adversaries to launch distributed denial of service attack (DDoS) on SDN infrastructure. The DDoS attack in the SDN domain will exhaust the CPU cycles of the controller, TCAM memory in the data plane, and also implicitly degrade the bandwidth of the control-data plane. Therefore, we develop a framework to detect DDoS attacks with high accuracy, high detection, and low false positives as early as possible. We proposed a framework that periodically monitors and evaluates the behavior of all hosts within a network using a set of 30 features. The proposed framework handles the system’s false alarm to minimize the impact of the system’s response toward benign connection(s) using a scoring scheme. The system’s response will prevent an attacker from using any resources, and also frees any allocated resources. The experiment results show that our proposed system accurately detects the attacks. Also, experiment results indicate the success of the system scoring scheme in handling the false-positive cases.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang M, Bi J, Bai J, Li G (2018) FloodShield: securing the SDN infrastructure against denial-of-service attacks. In: Proceedings of the 2018 17th IEEE international conference on trust, security and privacy in computing and communications/ 12th IEEE international conference on big data science and engineering (TrustCom/BigDataSE). New York, NY
Openflow Specification https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf Accessed 10 Oct 2020
Swami R, Dave M, Ranga V Software-defined networking-based DDoS defense mechanisms. ACM Comput Surv 52(2)
Peng H, Sun Z, Zhao X, Tan S, Sun Z (2018) A detection method for anomaly flow in software defined network. IEEE Access 6:27809–27817
Lee S, Kim J, Shin S, Porras P, Yegneswaran V Athena: a framework for scalable anomaly detection in software-defined networks. In Proceedings of the 2017 47th annual IEEE/IFIP international conference on dependable systems and networks (DSN’17)
Niyaz Q, Sun W, Javaid AY A deep learning based DDoS detection system in software-defined networking (SDN). arXi: 1611.07400
Hu D, Hong P, Chen Y ADM: DDoS flooding attack detection and mitigation system in software-defined Networking. In: Proceedings of the 2017 IEEE global communications conference (GLOBECOM’17)
Santos da Silva A, Wickboldt JA, Granville LZ, Schaeffer-Filho A ATLANTIC: a framework for anomaly traffic detection, classification, and mitigation in SDN. In: Proceedings of the 2016 IEEE/IFIP network operations and management symposium (NOMS’16)
Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Sec Commun Netw
Jing Liu, Yingxu Lai, and Shixuan Zhang, FL-GUARD: A detection and defense system for DDoS attack in SDN, in Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (ICCSP’17).
Chen Z, Jiang F, Cheng Y, Gu X, Liu W, Peng J XGBoost classifier for DDoS attack detection and analysis in SDN-Based cloud. In: Proceedings of the 2018 IEEE international conference on big data and smart computing (BigComp’18). IEEE, pp 251–256
Mousavi SM, & St-Hilaire M Early detection of DDoS attacks against SDN controllers. In: Proceedings of the 2015 international conference on computing, networking and communication (ICNC’15)
Open vSwitch http://www.openvswitch.org Accessed 10 Oct 2020
Pox Wiki https://openflow.stanford.edu/display/ONL/POX+Wiki Accessed 10 Oct 2020.
CICIDS 2017 dataset https://www.unb.ca/cic/datasets/ids-2017.html Accessed 10 Oct 2020
CICDDOS 2019 dataset https://www.unb.ca/cic/datasets/ddos-2019.html
TcpReplay http://tcpreplay.synfin.net Accessed 10 Oct 2020
Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Siddiqui, G., Shukla, S.K. (2021). Supervised Machine Learning-Based DDoS Defense System for Software-Defined Network. In: Bajpai, M.K., Kumar Singh, K., Giakos, G. (eds) Machine Vision and Augmented Intelligence—Theory and Applications. Lecture Notes in Electrical Engineering, vol 796. Springer, Singapore. https://doi.org/10.1007/978-981-16-5078-9_54
Download citation
DOI: https://doi.org/10.1007/978-981-16-5078-9_54
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-5077-2
Online ISBN: 978-981-16-5078-9
eBook Packages: Computer ScienceComputer Science (R0)