Distributed Denial of Service Attacks Detection in Software Defined Networks

Document Type : Original Article

Authors

1 Department of Computer Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Isfahan, Iran

2 Department of Computer Engineering, Isfahan (Khorasgan) Branch, Islamic Azad University, Isfahan, Iran;

Abstract

The software defined network (SDN) is a new computer architecture, where the central controller is applied. These networks rely on software and consequently, their security is exposed to different attacks through different components therein. One type of these attacks, which is the latest threat in computer network realm and the efficiency therein, is called the distributed denial of services (DDoS). An attempt is made to develop an attack- detector, through a combined statistical and machine learning method. In the statistical method, the entropy, based on destination IP and normal distribution in addition to dynamic threshold are applied to detect attacks. Normal distribution is one of the most important distributions in the theory of probability. In this distribution the entropy average and standard deviation are effective in attack detection. As for the learning algorithm, by applying the extracted features from the flows and supervised               classification algorithms, the accuracy of attack detection increases in such networks. The applied datasets in this study consist of: ISCX-SlowDDoS2016، ISCX-IDS2012, CTU-13 and ISOT. This method outperforms its counterparts with an accuracy of 99.65% and 0.12 false positive rate (FPR) for the          UNB-ISCX dataset, and with an accuracy of 99.84% and 0.25 FPR for CTU-13 dataset.
 

Keywords


[1]     J. Cui, M. Wang, Y. Luo, and H. Zhong, “DDoS detection and defense mechanism based on cognitive-inspired computing in SDN,” Future generation computer systems, vol. 97, pp. 275-283, 2019.##
[2]     M. S. Mahmoud and Y. Xia, “Cloud Control Systems: Analysis,” Design and Estimation, Academic Press, 2020.##
[3]     Q. Yan, Q. Gong, and F.-A. Deng, “Detection of DDoS Attacks Against Wireless SDN Controllers Based on the Fuzzy Synthetic Evaluation     Decision-making Model,” Adhoc & Sensor Wireless Networks, vol. 33, 2016.##
[4]     S. Hilton, “Dyn analysis summary of friday october 21 attack,” Dyn blog https://dyn. com/blog/dyn-analysis-summary-of-friday-october-21-attack, 2016.##
[5]     L. H. Newman, “Github survived the biggest DDoS attack ever recorded,” Wired, vol. 1, 2018.##
[6]     Y. Dai, J. He, Y. Wu, S. Chen, and P. Shang, “Generalized entropy plane based on permutation entropy and distribution entropy analysis for complex time series,” Physica A: Statistical Mechanics and its Applications, vol. 520, pp.       217-231, 2019.##
[7]     S. Lim, J. Ha, H. Kim, Y. Kim, and S. Yang, “A SDN-oriented DDoS blocking scheme for        botnet-based attacks,” In 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN), IEEE, pp. 63-68, 2014.##
[8]     K. M. Prasad, A. R. M. Reddy, and K. V. Rao, “Anomaly based Real Time Prevention of under rated App-DDOS attacks on web: An experiential metrics based machine learning approach,” Indian Journal of Science and Technology, vol. 9, p. 27, 2016.##
[9]     M. H. Bhuyan, D. Bhattacharyya, and J. K. Kalita, “An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection,” Pattern Recognition Letters, vol. 51, pp. 1-7, 2015.##
[10]   W. Yassin, N. I. Udzir, A. Abdullah, M. T. Abdullah, H. Zulzalil, and Z. Muda, “Signature-Based Anomaly intrusion detection using Integrated data mining classifiers,” In 2014 International Symposium on Biometrics and Security Technologies (ISBAST), IEEE, pp. 232-237, 2014.##
[11]   R. Wang, Z. Jia, and L. Ju, “An entropy-based distributed DDoS detection mechanism in     software-defined networking,” In 2015 IEEE Trustcom/BigDataSE/ISPA, IEEE, vol. 1, pp.      310-317, 2015.##
[12]   Z. Tan, A. Jamdagni, X. He, P. Nanda, R. P. Liu, and J. Hu, “Detection of denial-of-service attacks based on computer vision techniques,” IEEE transactions on computers, vol. 64, no. 9, pp. 2519-2533, 2014.##
[13]   A. Saied, R. E. Overill, and T. Radzik, “Detection of known and unknown DDoS attacks using Artificial Neural Networks,” Neurocomputing, vol. 172, pp. 385-393, 2016.##
[14]   B. Wang, Y. Zheng, W. Lou, and Y. T. Hou, “DDoS attack protection in the era of cloud computing and software-defined networking,” Computer Networks, vol. 81, pp. 308-319, 2015.##
[15]   N. Fallahi, A. Sami, and M. Tajbakhsh, “Automated flow-based rule generation for network intrusion detection systems,” In 2016 24th Iranian Conference on Electrical Engineering (ICEE), IEEE, pp.      1948-1953, 2016.##
[16]   S. Behal, K. Kumar, and M. Sachdeva, “D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events,” Journal of Network and Computer Applications, vol. 111, pp. 49-63, 2018.##
[17]   R. K. Deka, D. K. Bhattacharyya, and J. K. Kalita, “Active learning to detect DDoS attack using ranked features,” Computer Communications, vol. 145, pp. 203-222, 2019.##
[18]   R. M. A. Ujjan, Z. Pervez, K. Dahal, A. K. Bashir, R. Mumtaz, and J. González, “Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN,” Future Generation Computer Systems, vol. 111, pp. 763-779, 2020.##
[19]   V. Yadegari and A. Matinfar, “Detect Web Denial of Service Attacks Using Entropy and Support Vector Machine Algorithm,” 2019. (In Persian)##
[20]   J. David and C. Thomas, “DDoS attack detection using fast entropy approach on flow-based network traffic,” Procedia Computer Science, vol. 50, pp.   30-36, 2015.##
[21]   V. Shyamaladevi and R. Umarani, “Thwarting Distributed Denial of Service Attacks Using Normal Distribution and Weibull Theorem,”##
[22]   F. E. Harris, “Mathematics for physical science and engineering: symbolic computing applications in Maple and Mathematica,” Academic Press, 2014.##
 [23]   A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Communications surveys & tutorials, vol. 18, no. 2, pp. 1153-1176, 2015.##
[24]   H. H. Jazi, H. Gonzalez, N. Stakhanova, and A. A. Ghorbani, “Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling,” Computer Networks, vol. 121, pp. 25-36, 2017.##
[25]   O. Yavanoglu and M. Aydos, “A review on cyber security datasets for machine learning algorithms,” In 2017 IEEE International Conference on Big Data (Big Data), IEEE, pp. 2186-2193, 2017.##
[26]   D. Bhamare, T. Salman, M. Samaka, A. Erbad, and R. Jain, “Feasibility of supervised machine learning for cloud security,” In 2016 International Conference on Information Science and Security (ICISS), IEEE, pp. 1-5, 2016.##
[27]   T.-T. Wong, “Performance evaluation of classification algorithms by k-fold and leave-one-out cross validation,” Pattern Recognition, vol. 48, no. 9, pp. 2839-2846, 2015.##
[28]   E. Adi, Z. Baig, and P. Hingston, “Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services,” Journal of Network and Computer Applications, vol. 91, pp. 1-13, 2017.##
[29]   R. L. S. De Oliveira, C. M. Schweitzer, A. A. Shinoda, and L. R. Prete, “Using mininet for emulation and prototyping software-defined networks,” In 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), IEEE, pp. 1-6, 2014.##
[30]   S. Asadollahi and B. Goswami, “Experimenting with scalability of floodlight controller in software defined networks,” In 2017 International Conference on Electrical, Electronics, Communication, Computer, and Optimization Techniques (ICEECCOT), IEEE, pp. 288-292, 2017.##
[31]   V. N. Maiorov and G. M. Crippen, “Significance of root-mean-square deviation in comparing           three-dimensional structures of globular proteins,” Journal of molecular biology, vol. 235, no. 2, pp. 625-634, 1994.##
[32]   P. Kalaivani and M. Vijaya, “Mining based detection of botnet traffic in network flow,” Int. J. Comput. Sci. Inf. Technol. Secur., vol. 6, pp. 535-540, 2016.##
[33]   A. Bansal and S. Mahapatra, “A comparative analysis of machine learning techniques for botnet detection,” In Proceedings of the 10th International Conference on Security of Information and Networks, pp. 91-98, 2017.##
[34]   R. Chen, W. Niu, X. Zhang, Z. Zhuo, and F. Lv, “An effective conversation-based botnet detection method,” Mathematical Problems in Engineering, vol. 2017, 2017.##
 
Volume 9, Issue 1 - Serial Number 33
Serial No. 33, Spring Quarterly
April 2021
Pages 43-59
  • Receive Date: 15 March 2020
  • Revise Date: 07 May 2020
  • Accept Date: 05 August 2020
  • Publish Date: 21 April 2021