Skip to main content
SpringerLink
Log in

The DDoS attacks detection through machine learning and statistical methods in SDN

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

The distributed denial-of-service (DDoS) attack is a security challenge for the software-defined network (SDN). The different limitations of the existing DDoS detection methods include the dependency on the network topology, not being able to detect all DDoS attacks, applying outdated and invalid datasets and the need for powerful and costly hardware infrastructure. Applying static thresholds and their dependency on old data in previous periods reduces their flexibility for new attacks and increases the attack detection time. A new method detects DDoS attacks in SDN. This method consists of the three collector, entropy-based and classification sections. The experimental results obtained by applying the UNB-ISCX, CTU-13 and ISOT datasets indicate that this method outperforms its counterparts in terms of accuracy in detecting DDoS attacks in SDN.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. http://www.unb.ca/cic/datasets/ids-2017.html.

  2. https://www.stratosphereips.org/datasets-ctu13.

  3. https://www.uvic.ca/engineering/ece/isot/datasets/.

  4. https://www.unb.ca/cic/.

  5. https://www.esncz.org.

  6. https://www.uvic.ca/.

References

  1. Anithaashri T, Ravichandran G, Baskaran R (2019) Security enhancement for software defined network using game theoretical approach. Comput Netw 157:112–121

    Article  Google Scholar 

  2. Todorova MS, Todorova ST (2016) DDoS attack detection in SDN-based VANET architectures. Master Appl Sci, 175

  3. Behal S, Kumar K, Sachdeva M (2018) D-face: an anomaly based distributed approach for early detection of DDoS attacks and flash events. J Netw Comput Appl 111:49–63

    Article  Google Scholar 

  4. Newman LH (2018) Github survived the biggest DDoS attack ever recorded. Wired, 1

  5. Kupreev O, Badovskaya E, Gutnikov A (2019) DDoS attacks in Q1 2019

  6. Hoque N, Kashyap H, Bhattacharyya DK (2017) Real-time ddos attack detection using FPGA. Comput Commun 110:48–58

    Article  Google Scholar 

  7. Dayal N, Maity P, Srivastava S, Khondoker R (2016) Research trends in security and DDoS in SDN. Secur Commun Netw 9(18):6386–6411

    Article  Google Scholar 

  8. Salloum SA, Alshurideh M, Elnagar A, Shaalan K (2020) Machine learning and deep learning techniques for cybersecurity: a review. In: Joint European-US workshop on applications of invariance in computer vision. Springer, pp 50–57

  9. Prasad KM, Siva VS, Nagamuneiah J, Nelaballi S (2020) An ensemble framework for flow-based application layer DDoS attack detection using data mining techniques. In: ICT analysis and applications. Springer, pp 9–19

  10. Chen W, Xiao S, Liu L, Jiang X, Tang Z (2020) A DDoS attacks traceback scheme for SDN-based smart city. Comput Electr Eng 81:106503

    Article  Google Scholar 

  11. Agrawal N, Tapaswi S (2018) Low rate cloud DDoS attack defense method based on power spectral density analysis. Inf Process Lett 138:44–50

    Article  MathSciNet  Google Scholar 

  12. Yassin W, Udzir NI, Muda Z, Sulaiman MN et al (2013) Anomaly-based intrusion detection through k-means clustering and Naives Bayes classification. In: Proceedings of the 4th International Conference on Computer Informatics ICOCI

  13. Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J (2014) Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comput 64(9):2519–2533

    Article  MathSciNet  Google Scholar 

  14. Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393

    Article  Google Scholar 

  15. Wang B, Zheng Y, Lou W, Hou YT (2015) DDoS attack protection in the era of cloud computing and software-defined networking. Comput Netw 81:308–319

    Article  Google Scholar 

  16. Yan Q, Gong Q, Deng F-A (2016) Detection of DDoS attacks against wireless SDN controllers based on the fuzzy synthetic evaluation decision-making model. Adhoc Sens Wirel Netw 33

  17. Cui Y, Yan L, Li S, Xing H, Pan W, Zhu J, Zheng X (2016) SD-Anti-DDoS: fast and efficient DDoS defense in software-defined networks. J Netw Comput Appl 68:65–79

    Article  Google Scholar 

  18. Fallahi N, Sami A, Tajbakhsh M (2016) Automated flow-based rule generation for network intrusion detection systems. In: 24th Iranian Conference on Electrical Engineering (ICEE). IEEE, pp 1948–1953

  19. Liang X, Znati T (2019) On the performance of intelligent techniques for intensive and stealthy DDoS detection. Comput Netw 164:106906

    Article  Google Scholar 

  20. Ujjan RMA, Pervez Z, Dahal K, Bashir AK, Mumtaz R, González J (2019) Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Future Gener Comput Syst

  21. Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102419

    Google Scholar 

  22. Wang M, Lu Y, Qin J (2020) A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur 88:101645

    Article  Google Scholar 

  23. Asadollahi S, Goswami B (2017) Experimenting with scalability of floodlight controller in software defined networks. In: International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT). IEEE, pp 288–292

  24. Shaghaghi A, Kaafar MA, Buyya R, Jha S (2020) Software-defined network (SDN) data plane security: issues, solutions, and future directions. In: Handbook of Computer Networks and Cyber Security. Springer, pp 341–387

  25. Dai Y, He J, Wu Y, Chen S, Shang P (2019) Generalized entropy plane based on permutation entropy and distribution entropy analysis for complex time series. Physica A 520:217–231

    Article  Google Scholar 

  26. Oshima S, Nakashima T, Sueyoshi T (2010) DDoS detection technique using statistical analysis to generate quick response time. In: International Conference on Broadband, Wireless Computing, Communication and Applications. IEEE, pp 672–677

  27. Azeez N, Babatope A (2016) AANtiD: an alternative approach to network intrusion detection. J Comput Sci Appl 23(1):129–143

    Google Scholar 

  28. Thomas T, Vijayaraghavan AP, Emmanuel S (2020) Introduction to machine learning. In: Machine learning approaches in cyber security analytics. Springer, pp 17–36

  29. Xiong Z, Cui Y, Liu Z, Zhao Y, Hu M, Hu J (2020) Evaluating explorative prediction power of machine learning algorithms for materials discovery using k-fold forward cross-validation. Comput Mater Sci 171:109203

    Article  Google Scholar 

  30. Jazi HH, Gonzalez H, Stakhanova N, Ghorbani AA (2017) Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Comput Netw 121:25–36

    Article  Google Scholar 

  31. Yavanoglu O, Aydos M (2017) A review on cyber security datasets for machine learning algorithms. In: IEEE International Conference on Big Data (Big Data). IEEE, pp 2186–2193

  32. Bhamare D, Salman T, Samaka M, Erbad A, Jain R (2016) Feasibility of supervised machine learning for cloud security. In: International Conference on Information Science and Security (ICISS). IEEE, pp 1–5

  33. Zollanvari A, Dougherty ER (2014) Moments and root-mean-square error of the Bayesian MMSE estimator of classification error in the gaussian model. Pattern Recogn 47(6):2178–2192

    Article  Google Scholar 

  34. Al-Ayyoub M, Jararweh Y, Benkhelifa E, Vouk M, Rindos A et al (2017) A novel framework for software defined based secure storage systems. Simul Model Pract Theory 77:407–423

    Article  Google Scholar 

  35. Abbott D (2011) Linux for embedded and real-time applications. Elsevier, Amsterdam

    Google Scholar 

  36. Izard R (2020) Floodlight controller. https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller

  37. Fernandes G, Rodrigues JJ, Carvalho LF, Al-Muhtadi JF, Proença ML (2019) A comprehensive survey on network anomaly detection. Telecommun Syst 70(3):447–489

    Article  Google Scholar 

  38. Catania C, Garino CG (2013) Towards reducing human effort in network intrusion detection. In: 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), vol 2. IEEE, pp 655–660

  39. Kalaivani P, Vijaya M (2016) Mining based detection of botnet traffic in network flow. Int J Comput Sci Inf Technol Secur 6:535–540

    Google Scholar 

  40. Bansal A, Mahapatra S (2017) A comparative analysis of machine learning techniques for botnet detection. In: Proceedings of the 10th International Conference on Security of Information and Networks, pp 91–98

  41. Chen R, Niu W, Zhang X, Zhuo Z, Lv F (2017) An effective conversation-based botnet detection method. Math Probl Eng 2017

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Isfahan, Iran

    Afsaneh Banitalebi Dehkordi, MohammadReza Soltanaghaei & Farsad Zamani Boroujeni

Authors
  1. Afsaneh Banitalebi Dehkordi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. MohammadReza Soltanaghaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Farsad Zamani Boroujeni
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to MohammadReza Soltanaghaei.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Banitalebi Dehkordi, A., Soltanaghaei, M. & Boroujeni, F.Z. The DDoS attacks detection through machine learning and statistical methods in SDN. J Supercomput 77, 2383–2415 (2021). https://doi.org/10.1007/s11227-020-03323-w

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-020-03323-w

Keywords

Search

Navigation