Abstract
This research presents the detection and mitigation of distributed denial of service (DDoS) in software defined networks (SDN). The proposed method consists of three modules: classifier module, mitigation module, and collaborative module. An ensemble classifier called V-NKDE is capable of detecting DDoS attacks accurately. The mitigation module blocks malicious traffics and purges entries of malicious traffic from the switch flow table. The collaborative module shares DDoS detection and mitigation rules among multiple SDN controllers using Redis Simple Message Queue mechanism. The proposed classifier performance validation on InSDN2020, CICIDS2017, NSL-KDD and UNSW-NB15 datasets. Furthermore we evaluated our proposed classifier in real traffic on an SDN simulation tested. The results show that the proposed method can detect DDoS attacks with high accuracy using an ensemble classifier, which performs better than single classifiers. More importantly, the false positive rate is greatly reduced, showing detection and mitigation of DDoS attacks across multi-controller domains with low controller overhead.
Similar content being viewed by others
References
Kim H, Benson T, Akella A, Feamster N (2011) The evolution of network configuration: a tale of two campuses. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 499–514
Yu Y, Guo L, Liu Y, Zheng J, Zong Y (2018) An efficient sdn-based ddos attack detection and rapid response platform in vehicular networks. IEEE Access 6:44570–44579
Wang Y, Hu T, Tang G, Xie J, Lu J (2019) Sgs: Safe-guard scheme for protecting control plane against ddos attacks in software-defined networking. IEEE Access 7:34699–34710
Fonseca P, Bennesby R, Mota E, Passito A (2012) A replication component for resilient openflow-based networking. In: 2012 IEEE Network operations and management symposium, pp. 933–939. IEEE
Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A ddos attack detection method based on svm in software defined network. Security and Communication Networks 2018
Cui J, Wang M, Luo Y, Zhong H (2019) Ddos detection and defense mechanism based on cognitive-inspired computing in sdn. Future Gener Comput Syst 97:275–283
Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Comput Netw 62:122–136
Wang B, Zheng Y, Lou W, Hou YT (2015) Ddos attack protection in the era of cloud computing and software-defined networking. Comput Netw 81:308–319
Rodrigues B, Bocek T, Lareida A, Hausheer D, Rafati S, Stiller B (2017) A blockchain-based architecture for collaborative ddos mitigation with smart contracts. IFIP International Conference on Autonomous Infrastructure, Management and Security. Springer, Cham, pp 16–29
Tayfour OE, Marsono MN (2020) Collaborative detection and mitigation of distributed denial-of-service attacks on software-defined network. ACM/Springer Mob Netw Appl SI Green Comput Commun 25:1338–1347
Alshamrani A, Chowdhary A, Pisharody S, Lu D, Huang D (2017) A defense system for defeating ddos attacks in sdn based networks. In: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, pp. 83–92
Meti N, Narayan D, Baligar V (2017) Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In: 2017 international conference on advances in computing, communications and informatics (ICACCI), pp. 1366–1371. IEEE
Li C, Wu Y, Yuan X, Sun Z, Wang W, Li X, Gong L (2018) Detection and defense of ddos attack-based on deep learning in openflow-based sdn. Int J Commun Syst 31(5):3497
Mohammed SS, Hussain R, Senko O, Bimaganbetov B, Lee J, Hussain F, Kerrache CA, Barka E, Bhuiyan MZA (2018) A new machine learning-based collaborative ddos mitigation mechanism in software-defined network. In: 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 1–8. IEEE
Das S, Mahfouz AM, Venugopal D, Shiva S (2019) Ddos intrusion detection through machine learning ensemble. In: 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 471–477. IEEE
Yin C, Zhu Y, Fei J, He X (2017) A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5:21954–21961
Bansal A, Kaur S (2018) Extreme gradient boosting based tuning for classification in intrusion detection systems. In: International Conference on Advances in Computing and Data Sciences, pp. 372–380. Springer
Swami R, Dave M, Ranga V (2020) Voting-based intrusion detection framework for securing software-defined networks. Concur Comput Pract Exp 32(24):5927
Haider S, Akhunzada A, Mustafa I, Patel TB, Fernandez A, Choo KKR, Iqbal J (2020) A deep cnn ensemble framework for efficient ddos attack detection in software defined networks. IEEE Access 8:53972–53983
Elsayed MS, Le-Khac NA, Dev S, Jurcut AD (2020) Ddosnet: A deep-learning model for detecting network attacks. arXiv preprint arXiv:2006.13981
Polat H, Polat O, Cetin A (2020) Detecting ddos attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3):1035
Nanda S, Zafari F, DeCusatis C, Wedaa E, Yang B (2016) Predicting network attack patterns in sdn using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172. IEEE
Jankowski D, Amanowicz M (2016) On efficiency of selected machine learning algorithms for intrusion detection in software defined networks. Int J Electron Telecommun 62(3):247–252
François J, Aib I, Boutaba R (2012) Firecol: a collaborative protection network for the detection of flooding ddos attacks. IEEE/ACM Trans Netw 20(6):1828–1841
Hameed S, Ahmed Khan H (2018) Sdn based collaborative scheme for mitigation of ddos attacks. Future Internet 10(3):23
MANGALE S https://medium.com/@sanchitamangale12/voting-classifier-1be10db6d7a5. In: voting-classifier
https://medium.com/@anvannguyen/redis-message-queue-rpoplpush-vs-pub-sub e8a19a3c071b:
Elsayed MS, Le-Khac NA, Jurcut AD (2020) Insdn: A novel sdn intrusion dataset. IEEE Access 8:165263–165284
dataset 2018, C.: https://www.unb.ca/cic/datasets/ids-2017.html. (Accessed January 2,2019)
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP, pp. 108–116
dataset 2017, N.K.: https://www.unb.ca/cic/datasets/nsl.html. (Accessed September 10,2018)
dataset 2017, U.N.: https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/adfa-nb15-datasets. (Accessed October 19,2018)
Singh R, Kumar H, Singla R (2015) An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst Appl 42(22):8609–8624
Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: Statistical analysis of the unsw-nb15 data set and the comparison with the kdd99 data set. Inf Secur J Glob Perspect 25(1–3):18–31
Author information
Authors and Affiliations
Corresponding authors
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Tayfour, O.E., Marsono, M.N. Collaborative detection and mitigation of DDoS in software-defined networks. J Supercomput 77, 13166–13190 (2021). https://doi.org/10.1007/s11227-021-03782-9
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-021-03782-9