Abstract
The characteristic features of cloud computing deployment make it highly vulnerable to distributed denial of service (DDoS) attacks. The recent advancement in software-defined networking (SDN) enhances the possibilities for defeating DDoS attacks in cloud computing environments. This option to improve the probability of defeating DDoS attacks is made feasible through the striking features of SDN that include their capability for software-oriented traffic investigation, network global dimension, dynamically updating forwarding rules and centralized point of control. This paper presents a Fuzzy self organizing maps-based DDOS mitigation (FSOMDM) technique that is ideally and suitably designed for improving the SDN capabilities of cloud computing. FSOMDM is the enhanced neural network model that effectively replaces the neurons of the traditional Kohonen neural network model through updating fuzzy rules. The property of software-oriented traffic investigation is utilized in this process and the fuzzy rule is used for exploring the dimension of input space from which a single valued output is derived for enabling the mitigation of DDoS. In addition, FSOMDM incorporates an attack-response process that possesses the significance of dropping attack flows through its enforcement in the control plane of SDN. The performance investigation of FSOMDM confirms its significance by facilitating nearly 94% of classifier accuracy evaluated in terms of true positive rate (TPR).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Achbarou O, Kiram MA, Bouanani SE (2017) Securing cloud computing from different attacks using intrusion detection systems. Int J Interact Multimed Artif Intell 4(3):61–64. https://doi.org/10.9781/ijimai.2017.439
Azodolmolky S, Wieder P, Yahyapour R (2013) SDN-based cloud computing networking. In: Transparent optical networks (ICTON), 15th international conference of the IEEE, pp 1–4. https://doi.org/10.1109/ICTON.2013.6602678
Banikazemi M, Olshefski D, Shaikh A, Tracey J, Wang G (2013) Meridian: an SDN platform for cloud network services. Commun Mag IEEE 51(2):120–127. https://doi.org/10.1109/MCOM.2013.6461196
Bawany NZ, Shamsi JA, Salah K (2017) DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng 42(2):425–441. https://doi.org/10.1007/s13369-017-2414-5
Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: Local computer network conference, IEEE, pp 408–415. https://doi.org/10.1109/LCN.2010.5735752
Cheng TY, Wang M, Jia X (2015) QoS-guaranteed controller placement in SDN. In: Global communications (GLOBECOM), IEEE conference, pp 1–6. https://doi.org/10.1109/GLOCOM.2015.7416960
Chou L, Tseng C, Huang Y, Chen K, Ou T, Yen C (2016) A security service on-demand architecture in SDN. In: Information and communication technology convergence (ICTC), IEEE international conference, pp 287–291. https://doi.org/10.1109/ICTC.2016.7763487
Chu Yu H, Tseng M, Chen Yao T, Chou Yu C, Chen Y (2010) A novel design for future on-demand service and security. In: Communication technology, 12th international conference of the IEEE, pp 385–388. https://doi.org/10.1109/ICCT.2010.5689156
Ciulli N, Carrozzo G, Landi G, Bernini G (2013) An SDN framework for the orchestration of cloud and network services across datacenters. In: Asia communications and photonics conference, international, pp 23–31. https://doi.org/10.1364/ACPC.2013.ATh3I.2
Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Networ 62(2):122–136. https://doi.org/10.1016/j.bjp.2013.10.014
Izaddoost A, McGregor C (2016) Enhance network communications in a cloud-based real-time health analytics platform using SDN. In: Healthcare informatics (ICHI), IEEE international conference, pp 388–391. https://doi.org/10.1109/ICHI.2016.69
Jain R, Paul S (2013) Network virtualization and software defined networking for cloud computing: a survey. Commun Mag IEEE 51(11):24–31. https://doi.org/10.1109/MCOM.2013.6658648
Kim H, Feamster N (2013) Improving network management with software defined networking. Commun Mag IEEE 51(2):114–119. https://doi.org/10.1109/MCOM.2013.6461195
Kwangtae J, Kim J, Young-Tak K (2012) QoS-aware network operating system for software defined networking with generalized OpenFlows. In: Network operations and management symposium, IEEE international, pp 1167–1174. https://doi.org/10.1109/NOMS.2012.621 2044
Oktian YE, Lee S, Lee H (2014) Mitigating denial of service (DoS) attacks in openflow networks. In: Information and communication technology convergence (ICTC), international conference, pp 325–330. https://doi.org/10.1109/ICTC.2014.6983147
Passito A, Mota E, Bennesby R, Fonseca P (2014) AgNOS: a framework for autonomous control of software-defined networks. In: Advanced information networking and applications, 28th international conference of the IEEE, pp 405–412. https://doi.org/10.1109/AINA.2014.114
Saidi A, Bendriss E, Kartit A, Marraki ME (2017) Techniques to detect DoS and DDoS attacks and an introduction of a mobile agent system to enhance it in cloud computing. Int J Interact Multimed Artif Intell 4(3):75–78. https://doi.org/10.9781/ijimai.2017.4312
Salvestrini F, Carrozzo G, Ciulli N (2013) Towards a distributed SDN control: inter-platform signaling among flow processing platforms. In: SDN for future networks and services (SDN4FNS), IEEE international conference, pp 1–7. https://doi.org/10.1109/SDN4FNS.2013.6702560
Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the SIGSAC conference on computer & communications security, ACM, pp 413–424. https://doi.org/10.1145/2508859.2516684
Suh J, Jang D, Kwon T, Choi Y (2011) CANA: one step from IP networking toward content networking. In: Proceedings of the CoNEXT student workshop, ACM, pp 12–18. https://doi.org/10.1145/2079327.2079332
Taheri Monfared A, Rong C (2013) Multi-tenant network monitoring based on software defined networking. In: On the move to meaningful internet systems, international conference, pp 327–341. https://doi.org/10.1007/978-3-642-41030-7_24
Talbi J, Haqiq A (2017) A MAS-based cloud service brokering system to respond security needs of cloud customers. Int J Interact Multimed Artif Intell 4(3):65–69. https://doi.org/10.9781/ijimai.2017.4310
Toumi H, Marzak B, Talea A, Eddaoui A, Talea M (2017) Use trust management framework to achieve effective security mechanisms in cloud environment. Int J Interact Multimed Artif Intell 4(3):70–74. https://doi.org/10.9781/ijimai.2017.4311
Xing T, Huang D, Xu L, Chung C, Khatkar P (2013) SnortFlow: an OpenFlow-based intrusion prevention system in cloud environment. In: GENI research and educational experiment, 2nd workshop, pp 89–92. https://doi.org/10.1109/GREE.2013.25
Xu Y, Liu Y (2016) DDoS attack detection under SDN context. In: Computer communications, 35th annual international conference of the IEEE, pp 1–9. https://doi.org/10.1109/INFOCOM.2016.7524500
Yan Q, Yu FR (2015) Distributed denial of service attacks in software-defined networking with cloud computing. Commun Mag IEEE 53(4):52–59. https://doi.org/10.1109/MCOM.2015.7081075
Yu Y, Qian C, Li X (2014) Distributed and collaborative traffic monitoring in software defined networks. In: Hot topics in software defined networking, 3rd workshop, pp 85–90. https://doi.org/10.1145/2620728.2620739
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pillutla, H., Arjunan, A. Fuzzy self organizing maps-based DDoS mitigation mechanism for software defined networking in cloud computing. J Ambient Intell Human Comput 10, 1547–1559 (2019). https://doi.org/10.1007/s12652-018-0754-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-018-0754-y