Abstract
Software-defined networks (SDN) are no more a new technology as many industries are adopting it in a hybrid or full stack mode. SDN has already proved its technological advantages compared to the traditional networking technologies. The proposed work RADS leverages the architectural advantages of SDN and employs a flexible dynamic threshold approach to detect the anomalies in near real time using machine learning algorithms (ARIMA), and within 150 ms, the user is alerted about the attack so that necessary actions can be taken. A proof of concept for RADS is developed using mininet to create the SDN topology, Elasticsearch as the database to store the packet information and result of machine learning model. ARIMA, linear regression and Prophet models are considered for detecting anomalies, and the resulting graphs show the time taken to detect the attack is achieved in near real time.
Similar content being viewed by others
Data availability
This article does not use any dataset from any repository, as we are using simulations and generating real-time data for testing for drawing results. However, we have collected the simulation data used for drawing the graphs and table values mentioned in the paper, which can be made available.
References
India: number of internet users 2040 | Statista. (n.d.). Retrieved January 17, (2023), from https://www.statista.com/statistics/255146/number-of-internet-users-in-india/
Mantis - the most powerful botnet to date. (n.d.). Retrieved January 17, (2023), from https://blog.cloudflare.com/mantis-botnet/
Liu, S., Jiang, H., Li, S., Yang, Y., Shen, L.: A feature compression technique for anomaly detection using convolutional neural networks. In: Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID, 2020-October, pp. 39–42 (2020). https://doi.org/10.1109/ASID50160.2020.9271685
Chun-Hui, X., Chen, S., Cong-Xiao, B., Xing, L.: anomaly detection in network management system based on isolation forest. In: Proceedings—2018 4th Annual International Conference on Network and Information Systems for Computers, ICNISC 2018, pp. 56–60 (2018). https://doi.org/10.1109/ICNISC.2018.00019
Phan, T.V., Nguyen, T.G., Dao, N.N., Huong, T.T., Thanh, N.H., Bauschert, T.: DeepGuard: efficient anomaly detection in SDN with fine-grained traffic flow monitoring. IEEE Trans. Netw. Serv. Manag. 17(3), 1349–1362 (2020). https://doi.org/10.1109/TNSM.2020.3004415
Kromkowski, P., Li, S., Zhao, W., Abraham, B., Osborne, A., Brown, D.E.: Evaluating statistical models for network traffic anomaly detection. In: 2019 Systems and Information Engineering Design Symposium, SIEDS (2019). https://doi.org/10.1109/SIEDS.2019.8735594
Zhou, Y., Li, J.: Research of network traffic anomaly detection model based on multilevel autoregression. In: Proceedings of IEEE 7th International Conference on Computer Science and Network Technology, ICCSNT 2019, pp. 380–384 (2019). https://doi.org/10.1109/ICCSNT47585.2019.8962517
Pwint, P. H., Shwe, T.: Network traffic anomaly detection based on apache spark. In: 2019 International Conference on Advanced Information Technologies, ICAIT 2019, pp. 222–226 (2019). https://doi.org/10.1109/AITC.2019.8920897
Qin, G., Chen, Y., Lin, Y.X.: Anomaly detection using LSTM in IP networks. In: Proceedings—2018 6th International Conference on Advanced Cloud and Big Data, CBD 2018, pp. 334–337 (2018). https://doi.org/10.1109/CBD.2018.00066
Shi, Z., Li, J., Wu, C., Li, J.: DeepWindow: an efficient method for online network traffic anomaly detection. In: Proceedings—21st IEEE International Conference on High Performance Computing and Communications, 17th IEEE International Conference on Smart City and 5th IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2019, pp. 2403–2408 (2019). https://doi.org/10.1109/HPCC/SMARTCITY/DSS.2019.00335
Sun, Y., Ochiai, H., Esaki, H.: Multi-type anomaly detection based on raw network traffic. In: 2021 IEEE 18th Annual Consumer Communications and Networking Conference, CCNC 2021 (2021). https://doi.org/10.1109/CCNC49032.2021.9369654
Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8, 155859–155872 (2020). https://doi.org/10.1109/ACCESS.2020.3019330
Jia, K., Liu, C., Liu, Q., Wang, J., Liu, J., Liu, F.: A lightweight DDoS detection scheme under SDN context. Cybersecurity 5(1), 1–15 (2022). https://doi.org/10.1186/S42400-022-00128-7/TABLES/5
Yu, S., Zhang, J., Liu, J., Zhang, X., Li, Y., Xu, T.: A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN. Eurasip J. Wirel. Commun. Netw. 2021(1), 1–21 (2021). https://doi.org/10.1186/S13638-021-01957-9/FIGURES/12
Gao, C., Chen, Y., Wang, Z., Xia, H., Lv, N.: Anomaly detection frameworks for outlier and pattern anomaly of time series in wireless sensor networks. In: Proceedings—2020 International Conference on Networking and Network Applications, NaNA 2020, pp. 229–232 (2020). https://doi.org/10.1109/NANA51271.2020.00046
Zhan, P., Xu, H., Luo, W., Li, X.: A novel network traffic anomaly detection approach using the optimal varphi-DTW. In: Proceedings of the IEEE International Conference on Software Engineering and Service Sciences, ICSESS, 2020-October, pp. 48–51 (2020). https://doi.org/10.1109/ICSESS49938.2020.9237659
Chae, Y., Katenka, N., Dipippo, L.: An adaptive threshold method for anomaly-based intrusion detection systems. In: 2019 IEEE 18th International Symposium on Network Computing and Applications, NCA 2019 (2019). https://doi.org/10.1109/NCA.2019.8935045
Provotar, O. I., Linder, Y. M., Veres, M.M.: Unsupervised anomaly detection in time series using LSTM-based autoencoders. In: 2019 IEEE International Conference on Advanced Trends in Information Theory, ATIT 2019—Proceedings, pp. 513–517 (2019). https://doi.org/10.1109/ATIT49449.2019.9030505
Das, S., Venugopal, D., Shiva, S.: A holistic approach for detecting DDoS attacks by using ensemble unsupervised machine learning. In: Advances in Intelligent Systems and Computing, vol. 1130, pp. 721–738. AISC (2020). https://doi.org/10.1007/978-3-030-39442-4_53/COVER
Vikram, A., Mohana: Anomaly detection in network traffic using unsupervised machine learning approach. 476–479 (2020). https://doi.org/10.1109/ICCES48766.2020.9137987
Kasim, Ö.: An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks. Comput. Netw. 180, 107390 (2020). https://doi.org/10.1016/J.COMNET.2020.107390
Hwang, R.H., Peng, M.C., Huang, C.W., Lin, P.C., Nguyen, V.L.: An unsupervised deep learning model for early network traffic anomaly detection. IEEE Access 8, 30387–30399 (2020). https://doi.org/10.1109/ACCESS.2020.2973023
Usha, G., Narang, M., Kumar, A.: Detection and classification of distributed DoS attacks using machine learning. Lect. Notes Data Eng. Commun. Technol. 58, 985–1000 (2021). https://doi.org/10.1007/978-981-15-9647-6_78/COVER
Xu, W., Jang-Jaccard, J., Singh, A., Wei, Y., Sabrina, F.: Improving performance of autoencoder-based network anomaly detection on NSL-KDD dataset. IEEE Access 9, 140136–140146 (2021). https://doi.org/10.1109/ACCESS.2021.3116612
Ahuja, N., Singal, G., Mukhopadhyay, D., Kumar, N.: Automated DDOS attack detection in software defined networking. J. Netw. Comput. Appl. 187, 103108 (2021). https://doi.org/10.1016/J.JNCA.2021.103108
Samom, P.S., Taggu, A.: Distributed denial of service (DDoS) attacks detection: a machine learning approach. Lect. Notes Netw. Syst. 187, 75–87 (2021). https://doi.org/10.1007/978-981-33-6173-7_6/COVER
Khashab, F., Moubarak, J., Feghali, A., Bassil, C.: DDoS attack detection and mitigation in SDN using machine learning. In: Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021, pp. 395–401 (2021). https://doi.org/10.1109/NETSOFT51509.2021.9492558
Abou El Houda, Z., Senhaji Hafid, A., Khoukhi, L.: A novel unsupervised learning method for intrusion detection in software-defined networks. In: EAI/Springer Innovations in Communication and Computing, pp. 103–117(2022). https://doi.org/10.1007/978-3-030-77185-0_7/COVER
Tan, L., Pan, Y., Wu, J., Zhou, J., Jiang, H., Deng, Y.: A new framework for DDoS attack detection and defense in SDN environment. IEEE Access 8, 161908–161919 (2020). https://doi.org/10.1109/ACCESS.2020.3021435
ARIMA Model - Complete Guide to Time Series Forecasting in Python | ML+. (n.d.). Retrieved January 17, (2023), from https://www.machinelearningplus.com/time-series/arima-model-time-series-forecasting-python/
Mininet: An Instant Virtual Network on Your Laptop (or Other PC) - Mininet. (n.d.). Retrieved January 17, (2023), from http://mininet.org/
Scapy. (n.d.). Retrieved January 17, (2023), from https://scapy.net/
Mushtaq, R.: Augmented dickey fuller test. SSRN Electron. J. (2011). https://doi.org/10.2139/SSRN.1911068
Flores, J.H.F., Engel, P.M., Pinto, R.C.: Autocorrelation and partial autocorrelation functions to improve neural networks models on univariate time series forecasting. In: Proceedings of the International Joint Conference on Neural Networks (2012). https://doi.org/10.1109/IJCNN.2012.6252470
Author information
Authors and Affiliations
Contributions
All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Conflict of interest
None of the authors have received any research grants. None of the authors have received a speaker honorarium from any company. All authors declare that none of them has any conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sneha, M., Kumar, A.K., Hegde, N.V. et al. RADS: a real-time anomaly detection model for software-defined networks using machine learning. Int. J. Inf. Secur. 22, 1881–1891 (2023). https://doi.org/10.1007/s10207-023-00724-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00724-9