Abstract
Software-defined networking (SDN) is considered a next-generation networking model. Several networking components are managed through a centralized controller that enables efficiency and flexibility in configuring network devices, implementing policy decisions, and managing the underlying network infrastructure through a programmable unit. Despite its default security protocols, SDN is considered to be contradictory towards DDoS attacks. It is observed from state-of-art studies that intrusion in SDN is possible at various layers of its core architecture. Addressing this problem, this article presents a novel ensemble mechanism inspired by quantum cryptography to secure various layers of SDN. This paper presents a two-fold mechanism to secure communications at the SDN architecture's data plane and control plane. It was firstly addressing the secured communication at the data plane, a novel quantum protocol devised. Further, a machine learning-inspired ensemble classifier is devised to detect DDoS attack-prone traffic at the control plane. Simulation studies presented in this article evidenced that the proposed mechanism outperforms the state of art mechanisms in terms of Accuracy and rate of prediction.
Similar content being viewed by others
References
Shin, S., & Gu, G. (2013). Attacking software-defined networks: A first feasibility study. In Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking (pp. 165–166).
Fonseca, P., Bennesby, R., Mota, E., & Passito, A. (2012). A replication component for resilient OpenFlow-based networking. In 2012 IEEE Network operations and management symposium (pp. 933–939).
Scott-Hayward, S., Natarajan, S., & Sezer, S. (2015). A survey of security in software defined networks. IEEE Communications Surveys & Tutorials., 18(1), 623–654.
Ali, S. T., Sivaraman, V., Radford, A., & Jha, S. (2015). A survey of securing networks using software defined networking. IEEE Transactions on Reliability, 64(3), 1086–1097.
Bhushan, K., & Gupta, B. B. (2019). Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1985–1997.
Koponen, T., Casado, M., Gude, N., Stribling, J., inventors; Nicira Inc, assignee (2014) Distributed control platform for large-scale production networks. United States patent US 8,830,823.
Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G. (2012) A security enforcement kernel for OpenFlow networks. In Proceedings of the first workshop on Hot topics in software defined networks (pp. 121–126).
Shin, S. W., Porras, P., Yegneswara, V., Fong, M., Gu, G., Tyson, M. (2013). Fresco: Modular composable security services for software-defined networks. In 20th annual network & distributed system security symposium.
Kerner, S. M. (2018). Is SDN Secure?.
Sorensen, S. (2012). Security implications of software-defined networks.
Kerner, S. M. (2019) Is SDN Secure?.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.
Alsmadi, I., & Xu, D. (2015). Security of software defined networks: A survey. Computers & Security., 53, 79–108.
Gong, Y., Huang, W., Wang, W., & Lei, Y. (2015). A survey on software defined networking and its applications. Frontiers of Computer Science., 9(6), 827–845.
Silva, S. S., Silva, R. M., Pinto, R. C., & Salles, R. M. (2013). Botnets: A survey. Computer Networks, 57(2), 378–403.
Xie, J., Yu, F. R., Huang, T., Xie, R., Liu, J., Wang, C., & Liu, Y. (2018). A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges. IEEE Communications Surveys & Tutorials, 21(1), 393–430.
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., & Turner, J. (2008). OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.
OpenFlow. https://www.opennetworking.org/sdn-resources/technical-library.
Cisco Application Centric Infrastructure: Use ACI as a Technology-Based Catalyst for IT Transformation Whitw Paper. http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-734501.html.View.
Benton, K., Camp, L. J., Small, C. (2013). OpenFlow vulnerability assessment. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (pp. 151–152).
Ryu. (2020). https://osrg.github.io/ryu/. Accessed on 11 March 2020.
Khan, S., Gani, A., Wahab, A. W., Abdelaziz, A., & Bagiwa, M. A. (2016). FML: A novel forensics management layer for software defined networks. In 2016 6th international conference-cloud system and big data engineering (confluence) (pp. 619–623).
Voellmy, A., Kim, H., & Feamster, N. (2012). Procera: a language for high-level reactive network control. In Proceedings of the first workshop on Hot topics in software defined networks (pp. 43–48).
Anderson, C. J., Foster, N., Guha, A., Jeannin, J. B., Kozen, D., Schlesinger, C., & Walker, D. (2014). NetKAT: Semantic foundations for networks. Acm Sigplan Notices, 49(1), 113–126.
Foster, N., Harrison, R., Freedman, M. J., Monsanto, C., Rexford, J., Story, A., & Walker, D. (2011). Frenetic: A network programming language. ACM SIGPLAN Notices, 46(9), 279–291.
TOOTOOCIAN A (2010). A distributed control plane for OpenFlow. In Proceedings of NSDI internet network management workshop/workshop on research on enterprise networking (INM/WREN).
Opendaylight user guide (2020). Accessed on 11 March 2020.
Uppal, H., & Brandon, D. (2010). OpenFlow based load balancing. CSE561: Networking project report, University of Washington.
Wen, X., Chen, Y., Hu, C., Shi, C., & Wang, Y. (2013). Towards a secure controller platform for openflow applications. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (pp. 171–172)
Gurbani, V. K., Scharf, M., Lakshman, T. V., Hilt, V., & Marocco, E. (2012). Abstracting network state in Software Defined Networks (SDN) for rendezvous services. In 2012 IEEE international conference on communications (ICC) (pp. 6627–6632).
Eronen, P., Tschofenig, H. (2005) Pre-shared key ciphersuites for transport layer security (TLS). RFC 4279.
Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J. A., Dukhovni, V., & Käsper, E. (2016). {DROWN}: Breaking {TLS} Using SSLv2. In 25th {USENIX} Security Symposium ({USENIX} Security 16) (pp. 689–706).
Dierks, T., & Rescorla, E. (2008) The Transport Layer Security (TLS) Protocol, Version 1.2. RFC 5246.
Bhargavan, K., & Leurent, G. Transcript collision attacks: Breaking authentication in TLS, IKE, and SSH.
Van Meter, R. (2014). Quantum networking. Wiley.
Elboukhari, M., Azizi, M., & Azizi, A. (2010). Improving TLS security by quantum cryptography. International Journal of Network Security & Its Applications (IJNSA), 2(3), 87–100.
Wang, H., Zhao, Y., & Nag, A. (2019). Quantum-key-distribution (QKD) networks enabled by software-defined networks (SDN). Applied Sciences, 9(10), 2081.
Prasad, K. M., Reddy, A. R., & Rao, K. V. (2017). BIFAD: Bio-inspired anomaly based HTTP-flood attack detection. Wireless Personal Communications, 97(1), 281–308.
Cacciapuoti, A. S., Caleffi, M., Van Meter, R., & Hanzo, L. (2020). When entanglement meets classical communications: Quantum teleportation for the quantum Internet. IEEE Transactions on Communications, 68(6), 3808–3833.
Wehner, S. (2007). Analyzing worms and network traffic using compression. Journal of Computer Security, 15(3), 303–320.
Fischer, A., & Paler, A. (2019). On the analogy between quantum circuit design automation and virtual network embedding. In Proceedings of the 34th ACM/SIGAPP symposium on applied computing (pp. 1378–1383).
KDD data set (1999).
The CAIDA, "DDoS Attack 2007", Dataset Paul Hick, Emile Aben, kc claffy, Josh Polterock.
CAIDA U. Network telescope, "Three days of conficker’’–November 2008, Paul Hick, Emile Aben, Dan Andersen, kcclaffy.
Liaw, A., & Wiener, M. (2002). Classification and regression by random Forest. R News, 2(3), 18–22.
Ye, J., Cheng, X., Zhu, J., Feng, L., & Song, L. (2018). A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks.
Kumar, P. A., & Selvakumar, S. (2013). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications., 36(3), 303–319.
Funding
Not applicable.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Saritha, A., Reddy, B.R. & Babu, A.S. QEMDD: Quantum Inspired Ensemble Model to Detect and Mitigate DDoS Attacks at Various Layers of SDN Architecture. Wireless Pers Commun 127, 2365–2390 (2022). https://doi.org/10.1007/s11277-021-08805-5
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-08805-5