Skip to main content
SpringerLink
Log in

QEMDD: Quantum Inspired Ensemble Model to Detect and Mitigate DDoS Attacks at Various Layers of SDN Architecture

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Software-defined networking (SDN) is considered a next-generation networking model. Several networking components are managed through a centralized controller that enables efficiency and flexibility in configuring network devices, implementing policy decisions, and managing the underlying network infrastructure through a programmable unit. Despite its default security protocols, SDN is considered to be contradictory towards DDoS attacks. It is observed from state-of-art studies that intrusion in SDN is possible at various layers of its core architecture. Addressing this problem, this article presents a novel ensemble mechanism inspired by quantum cryptography to secure various layers of SDN. This paper presents a two-fold mechanism to secure communications at the SDN architecture's data plane and control plane. It was firstly addressing the secured communication at the data plane, a novel quantum protocol devised. Further, a machine learning-inspired ensemble classifier is devised to detect DDoS attack-prone traffic at the control plane. Simulation studies presented in this article evidenced that the proposed mechanism outperforms the state of art mechanisms in terms of Accuracy and rate of prediction.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Shin, S., & Gu, G. (2013). Attacking software-defined networks: A first feasibility study. In Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking (pp. 165–166).

  2. Fonseca, P., Bennesby, R., Mota, E., & Passito, A. (2012). A replication component for resilient OpenFlow-based networking. In 2012 IEEE Network operations and management symposium (pp. 933–939).

  3. Scott-Hayward, S., Natarajan, S., & Sezer, S. (2015). A survey of security in software defined networks. IEEE Communications Surveys & Tutorials., 18(1), 623–654.

    Article  Google Scholar 

  4. Ali, S. T., Sivaraman, V., Radford, A., & Jha, S. (2015). A survey of securing networks using software defined networking. IEEE Transactions on Reliability, 64(3), 1086–1097.

    Article  Google Scholar 

  5. Bhushan, K., & Gupta, B. B. (2019). Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1985–1997.

    Article  Google Scholar 

  6. Koponen, T., Casado, M., Gude, N., Stribling, J., inventors; Nicira Inc, assignee (2014) Distributed control platform for large-scale production networks. United States patent US 8,830,823.

  7. Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G. (2012) A security enforcement kernel for OpenFlow networks. In Proceedings of the first workshop on Hot topics in software defined networks (pp. 121–126).

  8. Shin, S. W., Porras, P., Yegneswara, V., Fong, M., Gu, G., Tyson, M. (2013). Fresco: Modular composable security services for software-defined networks. In 20th annual network & distributed system security symposium.

  9. Kerner, S. M. (2018). Is SDN Secure?.

  10. Sorensen, S. (2012). Security implications of software-defined networks.

  11. Kerner, S. M. (2019) Is SDN Secure?.

  12. Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.

    Article  Google Scholar 

  13. Alsmadi, I., & Xu, D. (2015). Security of software defined networks: A survey. Computers & Security., 53, 79–108.

    Article  Google Scholar 

  14. Gong, Y., Huang, W., Wang, W., & Lei, Y. (2015). A survey on software defined networking and its applications. Frontiers of Computer Science., 9(6), 827–845.

    Article  Google Scholar 

  15. Silva, S. S., Silva, R. M., Pinto, R. C., & Salles, R. M. (2013). Botnets: A survey. Computer Networks, 57(2), 378–403.

    Article  Google Scholar 

  16. Xie, J., Yu, F. R., Huang, T., Xie, R., Liu, J., Wang, C., & Liu, Y. (2018). A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges. IEEE Communications Surveys & Tutorials, 21(1), 393–430.

    Article  Google Scholar 

  17. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., & Turner, J. (2008). OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.

    Article  Google Scholar 

  18. OpenFlow. https://www.opennetworking.org/sdn-resources/technical-library.

  19. Cisco Application Centric Infrastructure: Use ACI as a Technology-Based Catalyst for IT Transformation Whitw Paper. http://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-734501.html.View.

  20. Benton, K., Camp, L. J., Small, C. (2013). OpenFlow vulnerability assessment. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (pp. 151–152).

  21. Ryu. (2020). https://osrg.github.io/ryu/. Accessed on 11 March 2020.

  22. Khan, S., Gani, A., Wahab, A. W., Abdelaziz, A., & Bagiwa, M. A. (2016). FML: A novel forensics management layer for software defined networks. In 2016 6th international conference-cloud system and big data engineering (confluence) (pp. 619–623).

  23. Voellmy, A., Kim, H., & Feamster, N. (2012). Procera: a language for high-level reactive network control. In Proceedings of the first workshop on Hot topics in software defined networks (pp. 43–48).

  24. Anderson, C. J., Foster, N., Guha, A., Jeannin, J. B., Kozen, D., Schlesinger, C., & Walker, D. (2014). NetKAT: Semantic foundations for networks. Acm Sigplan Notices, 49(1), 113–126.

    Article  MATH  Google Scholar 

  25. Foster, N., Harrison, R., Freedman, M. J., Monsanto, C., Rexford, J., Story, A., & Walker, D. (2011). Frenetic: A network programming language. ACM SIGPLAN Notices, 46(9), 279–291.

    Article  MATH  Google Scholar 

  26. TOOTOOCIAN A (2010). A distributed control plane for OpenFlow. In Proceedings of NSDI internet network management workshop/workshop on research on enterprise networking (INM/WREN).

  27. Opendaylight user guide (2020). Accessed on 11 March 2020.

  28. Uppal, H., & Brandon, D. (2010). OpenFlow based load balancing. CSE561: Networking project report, University of Washington.

  29. Wen, X., Chen, Y., Hu, C., Shi, C., & Wang, Y. (2013). Towards a secure controller platform for openflow applications. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking (pp. 171–172)

  30. Gurbani, V. K., Scharf, M., Lakshman, T. V., Hilt, V., & Marocco, E. (2012). Abstracting network state in Software Defined Networks (SDN) for rendezvous services. In 2012 IEEE international conference on communications (ICC) (pp. 6627–6632).

  31. Eronen, P., Tschofenig, H. (2005) Pre-shared key ciphersuites for transport layer security (TLS). RFC 4279.

  32. Aviram, N., Schinzel, S., Somorovsky, J., Heninger, N., Dankel, M., Steube, J., Valenta, L., Adrian, D., Halderman, J. A., Dukhovni, V., & Käsper, E. (2016). {DROWN}: Breaking {TLS} Using SSLv2. In 25th {USENIX} Security Symposium ({USENIX} Security 16) (pp. 689–706).

  33. Dierks, T., & Rescorla, E. (2008) The Transport Layer Security (TLS) Protocol, Version 1.2. RFC 5246.

  34. Bhargavan, K., & Leurent, G. Transcript collision attacks: Breaking authentication in TLS, IKE, and SSH.

  35. Van Meter, R. (2014). Quantum networking. Wiley.

    Book  MATH  Google Scholar 

  36. Elboukhari, M., Azizi, M., & Azizi, A. (2010). Improving TLS security by quantum cryptography. International Journal of Network Security & Its Applications (IJNSA), 2(3), 87–100.

    Article  MATH  Google Scholar 

  37. Wang, H., Zhao, Y., & Nag, A. (2019). Quantum-key-distribution (QKD) networks enabled by software-defined networks (SDN). Applied Sciences, 9(10), 2081.

    Article  Google Scholar 

  38. Prasad, K. M., Reddy, A. R., & Rao, K. V. (2017). BIFAD: Bio-inspired anomaly based HTTP-flood attack detection. Wireless Personal Communications, 97(1), 281–308.

    Article  Google Scholar 

  39. Cacciapuoti, A. S., Caleffi, M., Van Meter, R., & Hanzo, L. (2020). When entanglement meets classical communications: Quantum teleportation for the quantum Internet. IEEE Transactions on Communications, 68(6), 3808–3833.

  40. Wehner, S. (2007). Analyzing worms and network traffic using compression. Journal of Computer Security, 15(3), 303–320.

    Article  Google Scholar 

  41. Fischer, A., & Paler, A. (2019). On the analogy between quantum circuit design automation and virtual network embedding. In Proceedings of the 34th ACM/SIGAPP symposium on applied computing (pp. 1378–1383).

  42. KDD data set (1999).

  43. The CAIDA, "DDoS Attack 2007", Dataset Paul Hick, Emile Aben, kc claffy, Josh Polterock.

  44. CAIDA U. Network telescope, "Three days of conficker’’–November 2008, Paul Hick, Emile Aben, Dan Andersen, kcclaffy.

  45. Liaw, A., & Wiener, M. (2002). Classification and regression by random Forest. R News, 2(3), 18–22.

    Google Scholar 

  46. Ye, J., Cheng, X., Zhu, J., Feng, L., & Song, L. (2018). A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks.

  47. Kumar, P. A., & Selvakumar, S. (2013). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications., 36(3), 303–319.

    Article  Google Scholar 

Download references

Funding

Not applicable.

Author information

Authors and Affiliations

  1. CSE, JNTUA, Anantapuram, Andhra Pradesh, India

    A. Saritha

  2. CSE, S V Engineering College, Tirupathi, India

    B. Ramasubba Reddy

  3. CSE, JNTUA College of Engineering, Anantapuram, India

    A. Suresh Babu

Authors
  1. A. Saritha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. Ramasubba Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Suresh Babu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. Saritha.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Saritha, A., Reddy, B.R. & Babu, A.S. QEMDD: Quantum Inspired Ensemble Model to Detect and Mitigate DDoS Attacks at Various Layers of SDN Architecture. Wireless Pers Commun 127, 2365–2390 (2022). https://doi.org/10.1007/s11277-021-08805-5

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08805-5

Keywords

Search

Navigation