ABSTRACT
Internet-of-things is one of the prominent communication technologies in the 21st century. We can connect everyday objects, like baby monitors, thermostats, e-health, etc., Connecting IoT with Software-defined networking is the best approach to security provisioning during network communication. Because the enormous features of SDN are programmable and centralized management, attackers can create multiple security vulnerabilities in SDN that redeem the distributed denial-of-service attack. This security breach causes bandwidth depletion and server resource impoverishment and perplexes benign users. This study proposes and builds a DDoS attack detection and mitigation defense system for SDN to address this issue. Two different defense modules are deployed in the SDN controller: suspicious identification, and mitigation of the malicious traffic flow. The first module of the SDN defense system used for detecting malignant traffic from DDoS attacks which works under a CNN-ELM is an integrated deep learning approach that combines a convolutional neural network with an extreme learning machine. The suspicious flows are identified, whether benign or malignant, by using a hybrid CCN-ELM model, and this process improves the accuracy of the attack detection. The second module of the mitigation strategy identifies the attacker's location by using IP traceback and removes that malicious traffic by transmitting the flow rule from the controller. These two SDN defense modules are evaluated by simulation processes. Finally, the experimental results of the SDN defense system, precisely detect the DDoS attack with an accuracy of 99.85% and efficiently mitigate the malicious traffic flow in real-time.
Supplemental Material
Available for Download
Manuscript, Figures, Copyright, Bibliography, ACM CCS
eRightcopy
CCS, copyright, bibliography
CCS, copyright, bibliography
CCS, copyright, bibliography
- Al-Garadi, Mohammed Ali, Amr Mohamed, Abdulla Khalid Al-Ali, Xiaojiang Du, Ihsan Ali, and Mohsen Guizani. "A survey of machine and deep learning methods for internet of things (IoT) security." IEEE Communications Surveys & Tutorials 22, no. 3 (2020): 1646-1685. DOI: 10.1109/COMST.2020.2988293Google ScholarCross Ref
- Ortet Lopes, Ivandro, Deqing Zou, Francis A. Ruambo, Saeed Akbar, and Bin Yuan. "Towards effective detection of recent DDoS attacks: A deep learning approach." Security and Communication Networks 2021 (2021): 1-14. DOI: 10.1155/2021/5710028Google ScholarDigital Library
- Popovskyy, Vladimir, and Vladislav Skibin. "Entropy methods for DDoS attacks detection in telecommunication systems." In 2014 First International Scientific-Practical Conference Problems of Infocommunications Science and Technology, pp. 182-185. IEEE, 2014. DOI:10.1109/INFOCOMMST.2014.6992345Google ScholarCross Ref
- Ye, Jin, Xiangyang Cheng, Jian Zhu, Luting Feng, and Ling Song. "A DDoS attack detection method based on SVM in software defined network." Security and Communication Networks 2018 (2018). DOI: 10.1155/2018/9804061Google ScholarCross Ref
- Ahmed, Muhammad Ejaz, Hyoungshick Kim, and Moosung Park. "Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking." In MILCOM 2017-2017 IEEE Military Communications Conference (MILCOM), pp. 11-16. IEEE, 2017. DOI:10.1109/MILCOM.2017.8170802Google ScholarDigital Library
- Hussain, Faisal, Syed Ghazanfar Abbas, Ivan Miguel Pires, Sabeeha Tanveer, Ubaid U. Fayyaz, Nuno M. Garcia, Ghalib A. Shah, and Farrukh Shahzad. "A two-fold machine learning approach to prevent and detect IoT botnet attacks." Ieee Access 9 (2021): 163412-163430. DOI: 10.1109/ACCESS.2021.3131014Google ScholarCross Ref
- Lopes, Ivandro O., Deqing Zou, Ihsan H. Abdulqadder, Francis A. Ruambo, Bin Yuan, and Hai Jin. "Effective network intrusion detection via representation learning: A Denoising AutoEncoder approach." Computer Communications 194 (2022): 55-65. DOI: 10.1016/j.comcom.2022.07.027Google ScholarCross Ref
- Doriguzzi-Corin, Roberto, Stuart Millar, Sandra Scott-Hayward, Jesus Martinez-del-Rincon, and Domenico Siracusa. "LUCID: A practical, lightweight deep learning solution for DDoS attack detection." IEEE Transactions on Network and Service Management 17, no. 2 (2020): 876-889. DOI: 10.1109/TNSM.2020.2971776Google ScholarDigital Library
- Alasmary, Faris, Sulaiman Alraddadi, Saad Al-Ahmadi, and Jalal Al-Muhtadi. "Shieldrnn: A distributed flow-based ddos detection solution for iot using sequence majority voting." IEEE Access 10 (2022): 88263-88275. DOI: 10.1109/ACCESS.2022.3200477Google ScholarCross Ref
Index Terms
- SDN Defense: Detection and mitigation of DDoS attack via IoT Network
Recommendations
Mitigation of DDoS Attack Using Moving Target Defense in SDN
AbstractSoftware-defined networking (SDN) is a trending networking paradigm that focuses on decoupling of the control logic from the data plane. This decoupling brings programmability and flexibility for the network management by introducing centralized ...
DDoS Attack and Defense in SDN-Based Cloud
Ubiquitous NetworkingAbstractSoftware defined networking-based cloud has many advantages over traditional network infrastructure, such as improved network flexibility, programmability, and scalability. However, new security concerns and especially new trends of Distributed ...
Automatic control method of DDoS defense policy through the monitoring of system resource
AICT'11: Proceedings of the 2nd international conference on Applied informatics and computing theoryIn these day, we obtain various information through internet services and the distributed denial-of-service (DDoS) attacks for threatening the services are socially and economically serious threats. Recently, the attacks that occurred in July 2009 ...
Comments