Abstract
In Software-Defined Networking (SDN), the controller plane is an essential component in managing network traffic because of its global knowledge of the network and its management applications. However, an attacker might attempt to direct malicious traffic towards the controller, paralyzing the entire network. In this work, a One-Dimensional Convolutional Neural Network (1D-CNN) is used to protect the controller evaluating entropy information. Therefore, the CICDDoS2019 dataset is used to investigate the proposed approach to train and evaluate the performance of the model and then examine the effectiveness of the proposal in the SDN environment. The experimental results manifest that the proposed approach achieves very high enhancements in terms of accuracy, precision, recall, F1 score, and Receiver Operating Characteristic (ROC) for the detection of Distributed Denial of Service (DDoS) attacks compared to one of the benchmarking state of the art approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Canadian Institute for Cybersecurity. https://www.unb.ca/cic/. Accessed 01 June 2021
CICFlowMeter V3 Python Implementation. https://pypi.org/project/cicflowmeter/. Accessed 01 June 2021
Component-Based Software Defined Networking Framework - Build SDN Agilely. https://ryu-sdn.org/. Accessed 01 June 2021
Keras Framework. https://keras.io/. Accessed 01 June 2021
Packet crafting for Python2 and Python3. https://scapy.net/. Accessed 01 June 2021
Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). https://arxiv.org/abs/1603.04467
Ahuja, N., Singal, G., Mukhopadhyay, D.: DLSDN: deep learning for DDOS attack detection in software defined networking. In: 2021 11th International Conference on Cloud Computing, Data Science & Engineering (Confluence), pp. 683–688. IEEE (2021)
Al-Qatf, M., Lasheng, Y., Al-Habib, M., Al-Sabahi, K.: Deep learning approach combining sparse autoencoder with SVM for network intrusion detection. IEEE Access 6, 52843–52856 (2018)
Alkasassbeh, M., Almseidin, M.: Machine learning methods for network intrusion detection. arXiv preprint arXiv:1809.02610 (2018)
Althubiti, S.A., Jones, E.M., Roy, K.: LSTM for anomaly-based network intrusion detection. In: 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), pp. 1–3. IEEE (2018)
Assis, M.V., Carvalho, L.F., Lloret, J., Proença, M.L., Jr.: A GRU deep learning system against attacks in software defined networks. J. Netw. Comput. Appl. 177, 102942 (2021)
Conti, M., Lal, C., Mohammadi, R., Rawat, U.: Lightweight solutions to counter DDoS attacks in software defined networking. Wireless Netw. 25(5), 2751–2768 (2019)
Dehkordi, A.B., Soltanaghaei, M., Boroujeni, F.Z.: The DDoS attacks detection through machine learning and statistical methods in SDN. J. Supercomput. 77(3), 2383–2415 (2021)
Deng, S., Gao, X., Lu, Z., Gao, X.: Packet injection attack and its defense in software-defined networks. IEEE Trans. Inf. Forensics Secur. 13(3), 695–705 (2017)
Elsayed, M.S., Jahromi, H.Z., Nazir, M.M., Jurcut, A.D.: The role of CNN for intrusion detection systems: an improved CNN learning approach for SDNs. In: Perakovic, D., Knapcikova, L. (eds.) FABULOUS 2021. LNICSSITE, vol. 382, pp. 91–104. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78459-1_7
Elsayed, M.S., Le-Khac, N.A., Jurcut, A.D.: InSDN: a novel SDN intrusion dataset. IEEE Access 8, 165263–165284 (2020)
Hu, Z., Wang, L., Qi, L., Li, Y., Yang, W.: A novel wireless network intrusion detection method based on adaptive synthetic sampling and an improved convolutional neural network. IEEE Access 8, 195741–195751 (2020)
Karan, B., Narayan, D., Hiremath, P.: Detection of DDoS attacks in software defined networks. In: 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS), pp. 265–270. IEEE (2018)
Krishnan, P., Duttagupta, S., Achuthan, K.: VARMAN: multi-plane security framework for software defined networks. Comput. Commun. 148, 215–239 (2019)
Lashkari, A.H., Draper-Gil, G., Mamun, M.S.I., Ghorbani, A.A.: Characterization of tor traffic using time based features. In: International Conference on Information Systems Security and Privacy (ICISSP 2017), pp. 253–262 (2017)
Prasath, M.K., Perumal, B.: A meta-heuristic Bayesian network classification for intrusion detection. Int. J. Network Manage 29(3), e2047 (2019)
Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–8. IEEE (2019)
Swami, R., Dave, M., Ranga, V.: Defending DDoS against software defined networks using entropy. In: 2019 4th International Conference on Internet of Things: Smart Innovation and Usages (IoT-SIU), pp. 1–5. IEEE (2019)
Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep recurrent neural network for intrusion detection in SDN-based networks. In: 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), pp. 202–206. IEEE (2018)
Wang, L., Liu, Y.: A DDoS attack detection method based on information entropy and deep learning in SDN. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp. 1084–1088. IEEE (2020)
Xiao, Y., Xing, C., Zhang, T., Zhao, Z.: An intrusion detection model based on feature reduction and convolutional neural networks. IEEE Access 7, 42210–42219 (2019)
Xu, J., Wang, L., Xu, Z.: An enhanced saturation attack and its mitigation mechanism in software-defined networking. Comput. Netw. 169, 107092 (2020)
Yamashita, R., Nishio, M., Do, R.K.G., Togashi, K.: Convolutional neural networks: an overview and application in radiology. Insights Imaging 9(4), 611–629 (2018)
Ye, J., Cheng, X., Zhu, J., Feng, L., Song, L.: A DDoS attack detection method based on SVM in software defined network. Secur. Commun. Netw. 2018 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Alshra’a, A., Jochen, S. (2022). One-Dimensional Convolutional Neural Network for Detection and Mitigation of DDoS Attacks in SDN. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds) Machine Learning for Networking. MLN 2021. Lecture Notes in Computer Science, vol 13175. Springer, Cham. https://doi.org/10.1007/978-3-030-98978-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-98978-1_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98977-4
Online ISBN: 978-3-030-98978-1
eBook Packages: Computer ScienceComputer Science (R0)