Skip to main content

Advertisement

Springer Nature Link
Log in

Detection and Analysis of TCP-SYN DDoS Attack in Software-Defined Networking

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Software-defined networking (SDN) is an advanced networking technology that yields flexibility with cost-efficiency as per the business requirements. SDN breaks the vertical integration of control and data plane and promotes centralized network management. SDN allows data intensive applications to work more efficiently by making the network dynamically configurable. With the growing development of SDN technology, the issue of security becomes critical because of its architectural characteristics. Currently, Distributed denial of service (DDoS) is one of the most powerful attacks that cause the services to be unavailable for normal users. DDoS seeks to consume the resources of the SDN controller with the intention to slow down working of the network. In this paper, a detailed analysis of the effect of spoofed and non-spoofed TCP-SYN flooding attacks on the controller resources in SDN is presented. We also suggest a machine learning based intrusion detection system. Five different classification models belong to a variety of families are used to classify the traffic, and evaluated using different performance indicators. Cross-validation technique is used to validate the classification models. This work enables better features to be extracted and classify the traffic efficiently. The experimental results reveal significantly good performance with all the considered classification models.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Singh, J., & Behal, S. (2020). Detection and mitigation of ddos attacks in sdn: A comprehensive review, research challenges and future directions. Computer Science Review, 37(100), 279.

    MATH  Google Scholar 

  2. Hakiri, A., Gokhale, A., Berthou, P., Schmidt, D. C., & Gayraud, T. (2014). Software-defined networking: Challenges and research opportunities for future internet. Computer Networks, 75, 453–471.

    Article  Google Scholar 

  3. Kirkpatrick, K. (2013). Software-defined networking. Communication ACM, 56, 16–19.

    Google Scholar 

  4. Kreutz, D., Ramos, F. M. V., Veríssimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2015b). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14–76. https://doi.org/10.1109/JPROC.2014.2371999.

    Article  Google Scholar 

  5. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., et al. (2008). Openflow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.

    Article  Google Scholar 

  6. Tourrilhes, J., Sharma, P., Banerjee, S., & Pettit, J. (2014). SDN and openflow evolution: A standards perspective. Computer, 47(11), 22–29. https://doi.org/10.1109/MC.2014.326.

    Article  Google Scholar 

  7. Goransson, P., Black, C., & Culver, T. (2016). Software defined networks: A comprehensive approach. Morgan Kaufmann.

  8. Kreutz, D., Ramos, F. M., Verissimo, P., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2015a). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103, 14–76.

    Article  Google Scholar 

  9. Kim, H., & Feamster, N. (2013). Improving network management with software defined networking. IEEE Communications Magazine, 51(2), 114–119.

    Article  Google Scholar 

  10. Swami, R., Dave, M., & Ranga, V. (2019). Software-defined Networking-based DDoS Defense Mechanisms. ACM Computing Surveys (CSUR), 52(2), 28.

    Article  Google Scholar 

  11. Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44, 643–666.

    Article  Google Scholar 

  12. Specht, S. M., & Lee, R. B. (2003). Distributed Denial of Service: Taxonomies of Attacks. Tools and Countermeasures, Princeton architecture laboratory for multimedia and security: Tech. rep., technical report.

    Google Scholar 

  13. Ramachandran, S., & Shanmugam, V. (2017). Impact of dos attack in software defined network for virtual network. Wireless Personal Communications, 94(4), 2189–2202.

    Article  Google Scholar 

  14. Dayal, N., Maity, P., Srivastava, S., & Khondoker, R. (2016). Research trends in security and DDoS in SDN. Security and Communication Networks, 9(18), 6386–6411.

    Article  Google Scholar 

  15. Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2015). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.

    Article  Google Scholar 

  16. (2018) Arbor Networks.

  17. (2018) Biggest DDoS Attacks Today And What You Can Learn From Them. Retrieved from 1, November, 2018 https://www.crn.com/slide-shows/security/8-biggest-ddos-attacks-today-and-what-you-can-learn-from-them.

  18. Shieber, J. (2019). Telegram faces DDoS attack in China...again. https://techcrunch.com/2019/06/12/telegram-faces-ddos-attack-in-china-again/

  19. Kottler, S. (2018). February 28th DDoS Incident Report. https://github.blog/2018-03-01-ddos-incident-report/

  20. (2016) 2016 Dyn cyberattack. Retrieved from 10, September, 2018 https://en.wikipedia.org/wiki/2016_Dyn_cyberattack.

  21. Swami, R., Dave, M., & Ranga, V. (2020a). DDoS Attacks and Defense Mechanisms Using Machine Learning Techniques for SDN. In Security and Privacy Issues in Sensor Networks and IoT, IGI Global (pp. 193–214).

  22. Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80–84.

    Article  Google Scholar 

  23. Kambourakis, G., Kolias, C., & Stavrou, A. (2017). The mirai botnet and the iot zombie armies. In MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM) (pp. 267–272). IEEE.

  24. Michie, D., Spiegelhalter, D. J., Taylor, C., et al. (1994). Machine learning. Neural and Statistical Classification 13.

  25. Moustafa, N., Hu, J., & Slay, J. (2019). A holistic review of network anomaly detection systems: A comprehensive survey. Journal of Network and Computer Applications, 128, 33–55.

    Article  Google Scholar 

  26. (2017) NSL-KDD dataset. Retrieved from 10, September, 2018 https://www.unb.ca/cic/datasets/nsl.html/.

  27. (2017) UNSW-NB15 dataset. Retrieved from 19, October, 2018 https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/.

  28. (2018) CICIDS2017 dataset. Retrieved from 2, January, 2019 https://www.unb.ca/cic/datasets/ids-2017.html.

  29. Swami, R., Dave, M., & Ranga, V. (2020b). Voting-based intrusion detection framework for securing software-defined networks. Concurrency and Computation: Practice and Experience p e5927.

  30. Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.

    Article  Google Scholar 

  31. Niyaz, Q., Sun, W., & Javaid, A. Y. (2016). A deep learning based DDoS detection system in software-defined networking (SDN). CoRR. http://arxiv.org/abs/1611.07400arXiv:1611.07400).

  32. Liu, J., Lai, Y., & Zhang, S. (2017). FL-GUARD: A Detection and Defense System for DDoS Attack in SDN. In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, ACM, New York, NY, USA, ICCSP ’17 (pp. 107–111). https://doi.org/10.1145/3058060.3058074, http://doi.acm.org/10.1145/3058060.3058074.

  33. Yu, Y., Guo, L., Liu, Y., Zheng, J., & Zong, Y. (2018). An efficient SDN-based DDoS attack detection and rapid response platform in vehicular networks. IEEE Access, 6, 44570–44579.

    Article  Google Scholar 

  34. Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., & Peng, J. (2018). XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud. In IEEE, 2018 IEEE International Conference on Big Data and Smart Computing (BigComp) (pp. 251–256).

  35. Ye, J., Cheng, X., Zhu, J., Feng, L., & Song, L. (2018). A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks, 2018, 1–8.

    Google Scholar 

  36. Mohammadi, R., Javidan, R., & Conti, M. (2017). SLICOTS: An SDN-Based lightweight countermeasure for TCP SYN flooding attacks. IEEE Transactions on Network and Service Management, 14(2), 487–497. https://doi.org/10.1109/TNSM.2017.2701549.

    Article  Google Scholar 

  37. Han, B., Yang, X., Sun, Z., Huang, J., & Su, J. (2018). OverWatch: A cross-plane DDoS attack defense framework with collaborative intelligence in SDN. Security and Communication Networks 2018.

  38. Zhu, L., Karim, M. M., Sharif, K., Li, F., Du, X., & Guizani, M. (2019). Sdn controllers: Benchmarking & performance evaluation. arXiv preprint arXiv:190204491.

  39. Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE symposium on security and privacy (pp. 305–316). IEEE.

  40. Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2019). Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications, 12(2), 493–501.

    Article  Google Scholar 

  41. (1988). Tcpdump. https://www.tcpdump.org/.

  42. Breiman, L. (2001). Random forests. Machine learning, 45, 5–32.

    Article  Google Scholar 

  43. Safavian, S. R., & Landgrebe, D. (1991). A survey of decision tree classifier methodology. IEEE Transactions on Systems, Man, and Cybernetics, 21(3), 660–674.

    Article  MathSciNet  Google Scholar 

  44. Ying, C., Qi-Guang, M., Jia-Chen, L., & Lin, G. (2013). Advance and prospects of AdaBoost algorithm. Acta Automatica Sinica, 39(6), 745–758.

    Article  Google Scholar 

  45. Kleinbaum, D. G., Dietz, K., Gail, M., Klein, M., & Klein, M. (2002). Logistic regression. Berlin: Springer.

    Google Scholar 

  46. Kubat, M. (1999). Neural networks: A comprehensive foundation by Simon Haykin, Macmillan. The Knowledge Engineering Review, 13, 409–412.

    Article  Google Scholar 

  47. (2008). Scapy. https://scapy.readthedocs.io/en/latest/.

  48. (2006). Wireshark. https://www.wireshark.org/.

  49. (2019) Mininet. http://mininet.org/.

  50. Kalkan, K., Altay, L., Gür, G., & Alagöz, F. (2018). JESS: Joint Entropy-Based DDoS Defense Scheme in SDN. IEEE Journal on Selected Areas in Communications, 36(10), 2358–2372. https://doi.org/10.1109/JSAC.2018.2869997.

    Article  Google Scholar 

  51. (2016) Open vSwitch. Retrieved from December 2018 https://www.openvswitch.org//.

  52. Shalimov, A., Zuikov, D., Zimarina, D., Pashkov, V., & Smeliansky, R. (2013). Advanced study of SDN/OpenFlow controllers. In Proceedings of the 9th central & eastern european software engineering conference (p. 1). ACM.

  53. (2017) Ryu. https://www.osrg.github.io/ryu/.

  54. Kohavi, R., et al. (1995). A study of cross-validation and bootstrap for accuracy estimation and model selection. Ijcai, 14, 1137–1145.

    Google Scholar 

  55. Panda, M., Abraham, A., & Patra, M. R. (2012). A hybrid intelligent approach for network intrusion detection. Procedia Engineering, 30, 1–9.

    Article  Google Scholar 

  56. Shenfield, A., Day, D., & Ayesh, A. (2018). Intelligent intrusion detection systems using artificial neural networks. ICT Express, 4(2), 95–99.

    Article  Google Scholar 

  57. Bhavsar, Y. B., & Waghmare, K. C. (2013). Intrusion detection system using data mining technique: Support vector machine. International Journal of Emerging Technology and Advanced Engineering, 3(3), 581–586.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology, Kurukshetra, 136119, India

    Rochak Swami, Mayank Dave & Virender Ranga

Authors
  1. Rochak Swami
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Mayank Dave
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Virender Ranga
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Rochak Swami.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Swami, R., Dave, M. & Ranga, V. Detection and Analysis of TCP-SYN DDoS Attack in Software-Defined Networking. Wireless Pers Commun 118, 2295–2317 (2021). https://doi.org/10.1007/s11277-021-08127-6

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08127-6

Keywords