Skip to main content
SpringerLink
Log in

TFAD: TCP flooding attack detection in software-defined networking using proxy-based and machine learning-based mechanisms

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Software-defined networks (SDN) offer a centralized administration programming interface to govern the network infrastructure. It overtook conventional networks by creating a configurable link between the control and data planes. As the logic of the SDN environment completely depends on the control plane, the controller is vulnerable to many security attacks. To degrade the network’s performance, attackers will saturate the control plane resources. TCP flooding is a serious threat in which attackers restrict legitimate users from accessing the network resources. To handle this problem, we propose a TCP Flooding Attack Detection (TFAD) technique using proxy-based and Machine-Learning-based mechanisms (ML-TFAD). The TFAD technique contains two proxies, SYN and ACK: the former defends against TCP SYN flood attacks and the latter against TCP ACK flood attacks. The ML-TFAD module uses the C4.5 decision tree algorithm, which detects SYN flood attacks before reaching the targeted server. The CAIDA 2007 DDoS dataset is involved in training the proposed model. The proposed mechanisms help remove half-opened connections from the server queue at the earliest to accommodate TCP connection requests from legitimate users.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Data Availability

Not applicable

References

  1. Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2014)

    Article  Google Scholar 

  2. Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017)

    Article  Google Scholar 

  3. Netscout Threat report on DDoS attacks. https://www.netscout.com/threatreport. accessed 24 Feb 2022

  4. Akamai Internet Security DDoS Atatack report. https://www.akamai.com/us/en/resources/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp? accessed 24 Feb 2022

  5. Radware security solutions DDOS attckreport. https://www.radware.com/solutions/security/ accessed 02 June 2021

  6. Javadpour, A., Wang, G.: cTMvSDN: improving resource management using combination of Markov-process and TDMA in software-defined networking. J. Supercomput. 78, 3477–3499 (2022). https://doi.org/10.1007/s11227-021-03871-9

    Article  Google Scholar 

  7. Javadpour, A., Wang, G., Rezaei, S.: Resource management in a peer to peer cloud network for IoT. Wirel. Pers. Commun. 115, 2471–2488 (2020). https://doi.org/10.1007/s11277-020-07691-7

    Article  Google Scholar 

  8. Sudar, K.M., Deepalakshmi, P.: Comparative study on IDS using machine learning approaches for software defined networks. Int. J. Intell. Enterp. 7(1–3), 15–27 (2020)

    Google Scholar 

  9. Ravi, N., Shalinie, S.M., Lal, C., Conti, M.: AEGIS: detection and mitigation of TCP SYN flood on SDN controller. IEEE Trans. Netw. Serv. Manage. 18(1), 745–759 (2020)

    Article  Google Scholar 

  10. Javadpour, A.: Providing a way to create balance between reliability and delays in SDN networks by using the appropriate placement of controllers. Wirel. Pers. Commun. 110, 1057–1071 (2020). https://doi.org/10.1007/s11277-019-06773-5

    Article  Google Scholar 

  11. Mirmohseni, S.M., Tang, C., Javadpour, A.: Using Markov learning utilization model for resource allocation in cloud of thing network. Wirel. Pers. Commun. 115, 653–677 (2020). https://doi.org/10.1007/s11277-020-07591-w

    Article  Google Scholar 

  12. Sahi, A., Lai, D., Li, Y., Diykh, M.: An efficient DDoS TCP flood attack detection and prevention system in a cloud environment. IEEE Access 5, 6036–6048 (2017)

    Google Scholar 

  13. Scapy-Packet Crafting Tool. https://scapy.net/ accessed 24 Feb 2022

  14. Dang, V.T., Huong, T.T., Thanh, N.H., Nam, P.N., Thanh, N.N., Marshall, A.: SDN-based SYN Proxy-a solution to enhance performance of attack mitigation under TCP SYN flood. Comput. J. 62(4), 518–534 (2019)

    Article  Google Scholar 

  15. Kumar, P., Tripathi, M., Nehra, A., Conti, M., Lal, C.: SAFETY: early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Trans. Netw. Serv. Manage. 15(4), 1545–1559 (2018)

    Article  Google Scholar 

  16. Sudar, K.M., Deepalakshmi, P.: A two level security mechanism to detect a DDoS flooding attack in software-defined networks using entropy-based and C4.5 technique. J. High Speed Netw. 26, 1–22 (2020)

    Google Scholar 

  17. Oo, N.H., Maw, A.H.: Effective detection and mitigation of SYN flooding attack in SDN. In: 2019 19th International Symposium on Communications and Information Technologies (ISCIT) (pp. 300–305). IEEE (2019, September)

  18. Hong, K., Kim, Y., Choi, H., Park, J.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2017)

    Article  Google Scholar 

  19. Hussain, K., Syed Jawad, H., Veena, D., Muhammad, N., Muhammad Awai, A.: An adaptive SYN flooding attack mitigation in DDOS environment. Int. J. Comput. Sci. Netw. Security (IJCSNS) 16, 27–33 (2016)

    Google Scholar 

  20. Haris, S.H.C., Ahmad, R.B., Ghan, M.A.H.A.: Detecting TCP SYN flood attack based on anomaly detectin. In: Network Applications Protocols and Services (NETAPPS), 2010 Second International Conference on IEEE, pp. 240–244 (2010)

  21. Pai, K., Bha, A.: Detection and performance evaluation of DoS/DDoS attacks using SYN flooding attacks. Int. J. Comput. Appl. 975, 1–4 (2014)

    Google Scholar 

  22. Divakaran, D.M., Murthy, H.A., Gonsalves, T.A.: Detection of SYN flooding attacks using linear prediction analysis. In 2006 14th IEEE International Conference on Networks (Vol. 1, pp. 1–6). IEEE (2006, September)

  23. Mohammadi, R., Javidan, R., Conti, M.: Slicots: an SDN-based lightweight countermeasure for TCPSYN flooding attacks. IEEE Trans. Netw. Serv. Manage. 14(2), 487–497 (2017)

    Article  Google Scholar 

  24. Chen, K.Y., Junuthula, A.R., Siddhrau, I.K., Xu, Y., Chao, H.J.: SDNShield: towards more comprehensive defense against DDoS attacks on SDN control plane. In: IEEE Conference on Communications and Network Security (CNS), pp. 28–36 (2016)

  25. Tuan, N.N., Hung, P.H., Nghia, N.D., Tho, N.V., Phan, T.V., Thanh, N.H.: A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN. Electronics 9(3), 413 (2020)

    Article  Google Scholar 

  26. Swami, R., Dave, M., Ranga, V.: Detection and analysis of TCP-SYN DDoS attack in software-defined networking. Wirel. Pers. Commun. 84, 1–23 (2021)

    Google Scholar 

  27. Cui, J., Wang, M., Luo, Y., Zhong, H.: DDoS detection and defense mechanism based on cognitive-inspired computing in SDN. Futur. Gener. Comput. Syst. 97, 275–283 (2019)

    Article  Google Scholar 

  28. Mininet Team Mininet: An instant virtual network on your laptop (or other PC). http://mininet.org/ accessed 24 Feb 2022

  29. Sikos, L.F.: Packet analysis for network forensics: a comprehensive survey. Forensic Sci. Int. 32, 200892 (2020). https://doi.org/10.1016/j.fsidi.2019.200892

    Article  Google Scholar 

  30. BONESI A Network Stress Testing Application. https://github.com/Markus-Go/bonesi/ accessed 24 Feb 2022

  31. Wireshark-Network Packet Analyzer tool. https://www.wireshark.org/ accessed 24 Feb 2022

  32. CAIDA 2007 Dataset. https://www.caida.org/data/passive/ddos-20070804_dataset.xmlaccessed 24 Feb 2022

  33. Sreeram, I., Vuppala, V.P.K.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inf. 15(1), 59–66 (2019)

    Google Scholar 

  34. Sharma, V.K., Kumar, M.: Adaptive congestion control scheme in mobile ad-hoc networks. Peer-to-Peer Netw. Appl. 10(3), 633–657 (2017)

    Article  Google Scholar 

  35. Hu, D., Hong, P., Chen, Y.: FADM: DDoS flooding attack detection and mitigation system in software-defined networking. In GLOBECOM 2017-2017 IEEE Global Communications Conference (pp. 1–7). IEEE (2017)

  36. Sharma, V.K., Verma, L.P., Kumar, M.: CL-ADSP: cross-Layer adaptive data scheduling policy in mobile ad-hoc networks. Futur. Gener. Comput. Syst. 97, 530–563 (2019)

    Article  Google Scholar 

  37. Sharma, V.K., Verma, L.P., Kumar, M., Naha, R.K., Mahanti, A.: A-CAFDSP: an adaptive-congestion aware Fibonacci sequence based data scheduling policy. Comput. Commun. 158, 141–165 (2020)

    Article  Google Scholar 

  38. Hsu, F.H., Lee, C.H., Wang, C.Y., Hung, R.Y., Zhuang, Y.: DDoS flood and destination service changing sensor. Sensors 21(6), 1980 (2021)

    Article  Google Scholar 

  39. Srinivasu, P.N., Bhoi, A.K., Nayak, S.R., Bhutta, M.R., Woźniak, M.: Blockchain technology for secured healthcare data communication among the non-terminal nodes in IoT architecture in 5G network. Electronics 10(12), 1437 (2021)

    Article  Google Scholar 

Download references

Funding

The authors did not receive support from any organization for the submitted work.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Mepco Schlenk Engineering College, Sivakasi, Tamil Nadu, 626005, India

    K. Muthamil Sudar

  2. Department of Computer Science and Engineering, School of Computing, Kalasalingam Academy of Research and Education, Krishnankoil, Tamil Nadu, 626126, India

    P. Deepalakshmi

  3. School of Computer Engineering, Kalinga Institute of Industrial Technology (KIIT) Deemed to be University (An Institute of Eminence), Bhubhaneswar, Odisha, 751024, India

    Ashish Singh

  4. Department of Computer Science and Engineering, Prasad V Potluri Siddhartha Institute of Technology, Vijayawada, 520007, India

    Parvathaneni Naga Srinivasu

Authors
  1. K. Muthamil Sudar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. Deepalakshmi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ashish Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Parvathaneni Naga Srinivasu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ashish Singh.

Ethics declarations

Conflict of Interest.

There is no conflict of interest.

Ethical approval

We did not use animals and Human participants in the study reported in this work

Informed consent

For this type of study informed consent is not required.

Consent for publication

For this type of study consent for publication is not required.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sudar, K.M., Deepalakshmi, P., Singh, A. et al. TFAD: TCP flooding attack detection in software-defined networking using proxy-based and machine learning-based mechanisms. Cluster Comput 26, 1461–1477 (2023). https://doi.org/10.1007/s10586-022-03666-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-022-03666-4

Keywords

Search

Navigation