Skip to main content
SpringerLink
Log in

ONOS DDoS Defender: A Comparative Analysis of Existing DDoS Attack Datasets using Ensemble Approach

  • Research
  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Software-Defined Networking (SDN) outperforms conventional networks in terms of programmability, management, flexibility, and efficiency. This is because SDN separates the control and data planes. The centralised control of devices aids in the prevention of Distributed Denial of Service (DDoS) attacks. The controller has a larger network perspective and has the ability to filter network traffic in order to detect harmful flows. The separation of the control and data planes provided benefits, but it is vulnerable to DDoS attacks. DDoS assaults are difficult to detect and resist in real-time. This is only possible if appropriate features for attack detection are chosen. We intend to employ feature selection methods such as BORUTA, IRelief, Random Forest, Information Gain and Chi-Square Test to obtain the most relevant features for DDoS detection. Moreover, we have devised a strategy to detect and mitigate DDoS attack using tracebacking approach through ONOS Flood Defender (OFD) Application. The application effectively detects different DDoS attack traffic using XGBoost and Multilayer Perceptron algorithms with 99% accuracy and least testing times without adding unnecessary load to the system and mitigates the attack in approximately 3.2 s using tracebacking approach. We have performed our experiment on four benchmark datasets CIC-DoS 2017, CIC-DDoS 2019, CIC-IDS 2018 and InSDN. We have evaluated the trade-off between detection accuracy and testing time in order to determine the most effective detection model for addressing DDoS attacks on SDN networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Availability of Data and Materials

This article contains all of the data examined during this research work.

References

  1. Alomari, Z., Zhani, M. F., Aloqaily, M., & Bouachir, O. (2020). On minimizing synchronization cost in nfv-based environments. In 2020 16th International Conference on Network and Service Management (CNSM) (pp. 1–9). IEEE.

    Google Scholar 

  2. Aslam, N., Srivastava, S., & Gore, M. (2022) ONOS flood defender: An intelligent approach to mitigate DDoS attack in SDN. Transactions on Emerging Telecommunications Technologies (p e4534)

  3. Aslam, N., Srivastava, S., & Gore, M. (2023) A comprehensive analysis of machine learning-and deep learning-based solutions for DDoS attack detection in SDN. Arabian Journal for Science and Engineering (pp. 1–41).

  4. Assis, M. V., Carvalho, L. F., Lloret, J., & Proença, M. L, Jr. (2021). A GRU deep learning system against attacks in software defined networks. Journal of Network and Computer Applications, 177,

    Article  Google Scholar 

  5. Bindra, N., & Sood, M. (2019). Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset. Automatic Control and Computer Sciences, 53(5), 419–428.

    Article  Google Scholar 

  6. Botta, A., Dainotti, A., & Pescapè, A. (2012). A tool for the generation of realistic network workload for emerging networking scenarios. Computer Networks, 56(15), 3531–3547.

    Article  Google Scholar 

  7. Dotfighter (2021) Torshammer. https://github.com/dotfighter/torshammer, [Online]

  8. Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., & Ghorbani, A. A. (2016, February). Characterization of encrypted and vpn traffic using time-related. In Proceedings of the 2nd international conference on information systems security and privacy (ICISSP) (pp. 407–414).

  9. El Sayed, M. S., Le-Khac, N. A., Azer, M. A., & Jurcut, A. D. (2022). A flow-based anomaly detection approach with feature selection method against ddos attacks in sdns. IEEE Transactions on Cognitive Communications and Networking, 8(4), 1862–1880.

    Article  Google Scholar 

  10. Elsayed, M. S., Le-Khac, N. A., & Jurcut, A. D. (2020). Insdn: A novel SDN intrusion dataset. IEEE Access, 8, 165263–165284.

    Article  Google Scholar 

  11. Grafov (2021) Hulk (http unbearable load king) tool. https://github.com/grafov/hulk, [Online]

  12. Haas, H. (2021) Mausezahn(8) - Linux manual page. https://man7.org/linux/man-pages/man8/mausezahn.8.html. [Online]

  13. Idhammad, M., Afdel, K., & Belouch, M. (2018). Semi-supervised machine learning approach for DDoS detection. Applied Intelligence, 48, 3193–3208.

    Article  Google Scholar 

  14. Jazi, H. H., Gonzalez, H., Stakhanova, N., & Ghorbani, A. A. (2017). Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121, 25–36.

    Article  Google Scholar 

  15. Jiang, Y., Zhang, X., Zhou, Q., & Cheng, Z. (2018). An entropy-based DDoS defense mechanism in software defined networks. In Communications and Networking: 11th EAI International Conference, ChinaCom 2016, Chongqing, China, September 24–26, 2016, Proceedings, Part I 11 (pp. 169–178). Springer International Publishing.

  16. Jose, T., & Kurian, J. (2015). Survey on SDN security mechanisms. International Journal of Computer Applications, 132(14), 0975–8887.

    Article  Google Scholar 

  17. Kachavimath, AV., & Narayan, D. (2021) A deep learning-based framework for distributed denial-of-service attacks detection in cloud environment. In Advances in Computing and Network Communications: Proceedings of CoCoNet 2020 (Vol. 1, pp. 605–618). Springer

  18. Krishnan, P., Duttagupta, S., & Achuthan, K. (2019). Varman: Multi-plane security framework for software defined networks. Computer Communications, 148, 215–239.

    Article  Google Scholar 

  19. Masolo, C. (2023) Cloudflare detects a record 71 million request-per-second DDoS attack. https://www.infoq.com/news/2023/02/cloudflare-ddos-attack/. Accessed: 10 May 2023

  20. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., et al. (2008). OpenFlow: enabling innovation in campus networks. ACM SIGCOMM computer communication review, 38(2), 69–74.

    Article  Google Scholar 

  21. Meitei, IL., Singh, KJ., & De, T. (2016) Detection of ddos dns amplification attack using classification algorithm. In Proceedings of the international conference on informatics and analytics. ACM (pp. 1–6).

  22. Nygren, A. (2021) Openflow switch specification. https://www.opennetworking.org/wp- content/uploads/2014/10/openflow-switch-v1.5.1.pdf, [Online]

  23. de Oliveira, G. W., Nogueira, M., dos Santos, A. L., & Batista, D. M. (2023). Intelligent VNF Placement to Mitigate DDoS Attacks on Industrial IoT. IEEE Transactions on Network and Service Management.

    Article  Google Scholar 

  24. Pitropakis, N., Panaousis, E., Giannetsos, T., Anastasiadis, E., & Loukas, G. (2019). A taxonomy and survey of attacks against machine learning. Computer Science Review, 34, 100199.

    MathSciNet  Google Scholar 

  25. Polat, H., Polat, O., & Cetin, A. (2020). Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability, 12(3), 1035.

    Article  Google Scholar 

  26. Priyadarshini, R., & Barik, R. K. (2019). A deep learning based intelligent framework to mitigate DDoS attack in fog environment. Journal of King Saud University-Computer and Information Sciences, 34, 825–831.

    Article  Google Scholar 

  27. Sanfilippo, S .(2021). hping3(8)-linux man page. https://linux.die.net/man/8/hping3, [Online]

  28. Sharafaldin, I., Gharib, A., Lashkari, A. H., & Ghorbani, A. A. (2018). Towards a reliable intrusion detection benchmark dataset. Software Networking, 2018(1), 177–200.

    Google Scholar 

  29. Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1, 108–116.

    Google Scholar 

  30. Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. (2019, October). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST) (pp. 1–8). IEEE.

  31. Tang, D., Yan, Y., Gao, C., Liang, W., & Jin, W. (2023). LtRFT: Mitigate the Low-Rate Data Plane DDoS Attack with Learning-To-Rank Enabled Flow Tables. IEEE Transactions on Information Forensics and Security.

    Article  Google Scholar 

  32. Tuan, N. N., Hung, P. H., Nghia, N. D., Tho, N. V., Phan, T. V., & Thanh, N. H. (2020). A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN. Electronics, 9(3), 413.

    Article  Google Scholar 

  33. Turner, J. (2017) 2017: The year of widespread SDN adoption and DDoS attack mitigation. https://www.networkworld.com/article/3156344/2017-widespread-sdn-adoption-and-ddos-attack-mitigation.html. Accessed: 2022-09-11

  34. Wang, J., & Wang, L. (2022). SDN-defend: A lightweight online attack detection and mitigation system for DDoS attacks in SDN. Sensors, 22(21), 8287.

    Article  ADS  PubMed  PubMed Central  Google Scholar 

  35. Xu, Z., Wang, X., & Zhang, Y. (2022). Towards persistent detection of DDoS attacks in NDN: A sketch-based approach. IEEE Transactions on Dependable and Secure Computing, 20, 3449–3465.

    Article  Google Scholar 

  36. Yue, M., Wang, M., & Wu, Z. (2019). Low-high burst: A double potency varying-RTT based full-buffer shrew attack model. IEEE Transactions on Dependable and Secure Computing, 18(5), 2285–2300.

    Google Scholar 

  37. Yue, M., Li, J., Wu, Z., & Wang, M. (2021). High-potency models of ldos attack against cubic+ red. IEEE Transactions on Information Forensics and Security, 16, 4950–4965.

    Article  Google Scholar 

  38. Yungaicela-Naula, N. M., Vargas-Rosales, C., & Perez-Diaz, J. A. (2021). SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning. IEEE Access, 9, 108495–108512.

    Article  Google Scholar 

Download references

Funding

The Department of Science and Technology (DST) - Interdisciplinary Cyber-Physical Systems (ICPS) has funded this research, with the research grant number DST/ICPS/CPS-Individual/2018-490 (G).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Motilal Nehru National Institute of Technology Allahabad, Prayagraj, 211004, India

    Naziya Aslam, Shashank Srivastava & M. M. Gore

Authors
  1. Naziya Aslam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shashank Srivastava
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. M. Gore
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Naziya Aslam.

Ethics declarations

Ethical Approval

Not Applicable

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aslam, N., Srivastava, S. & Gore, M.M. ONOS DDoS Defender: A Comparative Analysis of Existing DDoS Attack Datasets using Ensemble Approach. Wireless Pers Commun 133, 1805–1827 (2023). https://doi.org/10.1007/s11277-023-10848-9

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-023-10848-9

Keywords

Search

Navigation