Skip to main content
SpringerLink
Log in

Collaborative detection and mitigation of DDoS in software-defined networks

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

This research presents the detection and mitigation of distributed denial of service (DDoS) in software defined networks (SDN). The proposed method consists of three modules: classifier module, mitigation module, and collaborative module. An ensemble classifier called V-NKDE is capable of detecting DDoS attacks accurately. The mitigation module blocks malicious traffics and purges entries of malicious traffic from the switch flow table. The collaborative module shares DDoS detection and mitigation rules among multiple SDN controllers using Redis Simple Message Queue mechanism. The proposed classifier performance validation on InSDN2020, CICIDS2017, NSL-KDD and UNSW-NB15 datasets. Furthermore we evaluated our proposed classifier in real traffic on an SDN simulation tested. The results show that the proposed method can detect DDoS attacks with high accuracy using an ensemble classifier, which performs better than single classifiers. More importantly, the false positive rate is greatly reduced, showing detection and mitigation of DDoS attacks across multi-controller domains with low controller overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Kim H, Benson T, Akella A, Feamster N (2011) The evolution of network configuration: a tale of two campuses. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 499–514

  2. Yu Y, Guo L, Liu Y, Zheng J, Zong Y (2018) An efficient sdn-based ddos attack detection and rapid response platform in vehicular networks. IEEE Access 6:44570–44579

    Article  Google Scholar 

  3. Wang Y, Hu T, Tang G, Xie J, Lu J (2019) Sgs: Safe-guard scheme for protecting control plane against ddos attacks in software-defined networking. IEEE Access 7:34699–34710

    Article  Google Scholar 

  4. Fonseca P, Bennesby R, Mota E, Passito A (2012) A replication component for resilient openflow-based networking. In: 2012 IEEE Network operations and management symposium, pp. 933–939. IEEE

  5. Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A ddos attack detection method based on svm in software defined network. Security and Communication Networks 2018

  6. Cui J, Wang M, Luo Y, Zhong H (2019) Ddos detection and defense mechanism based on cognitive-inspired computing in sdn. Future Gener Comput Syst 97:275–283

    Article  Google Scholar 

  7. Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Comput Netw 62:122–136

    Article  Google Scholar 

  8. Wang B, Zheng Y, Lou W, Hou YT (2015) Ddos attack protection in the era of cloud computing and software-defined networking. Comput Netw 81:308–319

    Article  Google Scholar 

  9. Rodrigues B, Bocek T, Lareida A, Hausheer D, Rafati S, Stiller B (2017) A blockchain-based architecture for collaborative ddos mitigation with smart contracts. IFIP International Conference on Autonomous Infrastructure, Management and Security. Springer, Cham, pp 16–29

  10. Tayfour OE, Marsono MN (2020) Collaborative detection and mitigation of distributed denial-of-service attacks on software-defined network. ACM/Springer Mob Netw Appl SI Green Comput Commun 25:1338–1347

    Google Scholar 

  11. Alshamrani A, Chowdhary A, Pisharody S, Lu D, Huang D (2017) A defense system for defeating ddos attacks in sdn based networks. In: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, pp. 83–92

  12. Meti N, Narayan D, Baligar V (2017) Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In: 2017 international conference on advances in computing, communications and informatics (ICACCI), pp. 1366–1371. IEEE

  13. Li C, Wu Y, Yuan X, Sun Z, Wang W, Li X, Gong L (2018) Detection and defense of ddos attack-based on deep learning in openflow-based sdn. Int J Commun Syst 31(5):3497

    Article  Google Scholar 

  14. Mohammed SS, Hussain R, Senko O, Bimaganbetov B, Lee J, Hussain F, Kerrache CA, Barka E, Bhuiyan MZA (2018) A new machine learning-based collaborative ddos mitigation mechanism in software-defined network. In: 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 1–8. IEEE

  15. Das S, Mahfouz AM, Venugopal D, Shiva S (2019) Ddos intrusion detection through machine learning ensemble. In: 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 471–477. IEEE

  16. Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961

    Article  Google Scholar 

  17. Bansal A, Kaur S (2018) Extreme gradient boosting based tuning for classification in intrusion detection systems. In: International Conference on Advances in Computing and Data Sciences, pp. 372–380. Springer

  18. Swami R, Dave M, Ranga V (2020) Voting-based intrusion detection framework for securing software-defined networks. Concur Comput Pract Exp 32(24):5927

    Article  Google Scholar 

  19. Haider S, Akhunzada A, Mustafa I, Patel TB, Fernandez A, Choo KKR, Iqbal J (2020) A deep cnn ensemble framework for efficient ddos attack detection in software defined networks. IEEE Access 8:53972–53983

    Article  Google Scholar 

  20. Elsayed MS, Le-Khac NA, Dev S, Jurcut AD (2020) Ddosnet: A deep-learning model for detecting network attacks. arXiv preprint arXiv:2006.13981

  21. Polat H, Polat O, Cetin A (2020) Detecting ddos attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3):1035

    Article  Google Scholar 

  22. Nanda S, Zafari F, DeCusatis C, Wedaa E, Yang B (2016) Predicting network attack patterns in sdn using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172. IEEE

  23. Jankowski D, Amanowicz M (2016) On efficiency of selected machine learning algorithms for intrusion detection in software defined networks. Int J Electron Telecommun 62(3):247–252

    Article  Google Scholar 

  24. François J, Aib I, Boutaba R (2012) Firecol: a collaborative protection network for the detection of flooding ddos attacks. IEEE/ACM Trans Netw 20(6):1828–1841

    Article  Google Scholar 

  25. Hameed S, Ahmed Khan H (2018) Sdn based collaborative scheme for mitigation of ddos attacks. Future Internet 10(3):23

    Article  Google Scholar 

  26. MANGALE S https://medium.com/@sanchitamangale12/voting-classifier-1be10db6d7a5. In: voting-classifier

  27. https://medium.com/@anvannguyen/redis-message-queue-rpoplpush-vs-pub-sub e8a19a3c071b:

  28. Elsayed MS, Le-Khac NA, Jurcut AD (2020) Insdn: A novel sdn intrusion dataset. IEEE Access 8:165263–165284

    Article  Google Scholar 

  29. dataset 2018, C.: https://www.unb.ca/cic/datasets/ids-2017.html. (Accessed January 2,2019)

  30. Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116

  31. dataset 2017, N.K.: https://www.unb.ca/cic/datasets/nsl.html. (Accessed September 10,2018)

  32. dataset 2017, U.N.: https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/adfa-nb15-datasets. (Accessed October 19,2018)

  33. Singh R, Kumar H, Singla R (2015) An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst Appl 42(22):8609–8624

    Article  Google Scholar 

  34. Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set. Inf Secur J Glob Perspect 25(1–3):18–31

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical Engineering, Universiti Teknologi Malaysia, 81310, Johor Bahru, Malaysia

    Omer Elsier Tayfour & Muhammad Nadzir Marsono

Authors
  1. Omer Elsier Tayfour
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Nadzir Marsono
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Omer Elsier Tayfour or Muhammad Nadzir Marsono.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tayfour, O.E., Marsono, M.N. Collaborative detection and mitigation of DDoS in software-defined networks. J Supercomput 77, 13166–13190 (2021). https://doi.org/10.1007/s11227-021-03782-9

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-021-03782-9

Keywords

Search

Navigation