An SDNFV-Based DDoS Defense Technology for Smart Cities

A software defined networking (SDN)-enabled smart city is a new paradigm that can effectively improve the cost efficiency and flexibility of data management through data-control separation. However, it faces significant security threats such as distributed denial of service (DDoS) attacks which jeopardize the security and availability of data and services by overloading the system with excessive traffic from distributed sources. To improve the DDoS defense capability and enhance the security of data management in SDN-enabled smart cities, this paper proposes a DDoS attack Defense strategy based on Traffic Classification (DDTC). We use software defined network function virtualization (SDNFV) architecture and traffic classification strategy, to improve the flexibility and reduce the load of SDN against DDoS attacks. Experimental results show that the proposed DDTC can not only launch DDoS attacks detection quickly, but also accurately track the sources of DDoS attacks. More importantly, it can reduce the risk of attack on the controller of SDN and improve the effectiveness of the system.

[1]  T. Chithralekha,et al.  Resource management of switches and Controller during saturation time to avoid DDoS in SDN , 2016, 2016 IEEE International Conference on Engineering and Technology (ICETECH).

[2]  Guyue Liu,et al.  SDNFV: Flexible and Dynamic Software Defined Control of an Application- and Flow-Aware Data Plane , 2016, Middleware.

[3]  K. K. Ramakrishnan,et al.  Protocols to support autonomy and control for NFV in software defined networks , 2015, 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN).

[4]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[5]  Alberto Ceselli,et al.  T-NOVA: An Open-Source MANO Stack for NFV Infrastructures , 2017, IEEE Transactions on Network and Service Management.

[6]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[7]  Bart De Schutter,et al.  A Comprehensive Survey of Multiagent Reinforcement Learning , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[8]  Filip De Turck,et al.  Network Function Virtualization: State-of-the-Art and Research Challenges , 2015, IEEE Communications Surveys & Tutorials.

[9]  Mohammad Ashiqur Rahman,et al.  A scalable and flexible DDoS mitigation system using network function virtualization , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[10]  Fang Hao,et al.  Towards an elastic distributed SDN controller , 2013, HotSDN '13.

[11]  Kouichi Sakurai,et al.  Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow , 2017, 2017 Fifth International Symposium on Computing and Networking (CANDAR).

[12]  R. R. Rejimol Robinson,et al.  Ranking of machine learning algorithms based on the performance in classifying DDoS attacks , 2015, 2015 IEEE Recent Advances in Intelligent Computational Systems (RAICS).

[13]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[14]  Stenio F. L. Fernandes,et al.  Integrated NFV/SDN Architectures , 2018, ArXiv.

[15]  Otto Carlos Muniz Bandeira Duarte,et al.  Flowfence: a denial of service defense system for software defined networking , 2015, 2015 Global Information Infrastructure and Networking Symposium (GIIS).

[16]  Yoon-Ho Choi,et al.  Wireless intrusion prevention system using dynamic random forest against wireless MAC spoofing attack , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[17]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[18]  Mohammed Anbar,et al.  Review on Detection Techniques against DDoS Attacks on a Software-Defined Networking Controller , 2017, 2017 Palestinian International Conference on Information and Communication Technology (PICICT).

[19]  Jie Cui,et al.  DDoS detection and defense mechanism based on cognitive-inspired computing in SDN , 2019, Future Gener. Comput. Syst..

[20]  Liang Lu,et al.  Feature Selection for Machine Learning-Based Early Detection of Distributed Cyber Attacks , 2018, 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[21]  Lisandro Zambenedetti Granville,et al.  Using NFV and Reinforcement Learning for Anomalies Detection and Mitigation in SDN , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[22]  Chengcui Zhang,et al.  Semantic Event Extraction Using Neural Network Ensembles , 2007 .

[23]  Hiroshi Matsuo,et al.  Scalable and Crash-Tolerant Load Balancing Based on Switch Migration for Multiple Open Flow Controllers , 2014, 2014 Second International Symposium on Computing and Networking.

[24]  Georgios K. Ouzounis,et al.  Smart cities of the future , 2012, The European Physical Journal Special Topics.

[25]  Joan Serrat,et al.  Self-managed resources in network virtualisation environments , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[26]  Fu Jiang,et al.  XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud , 2018, 2018 IEEE International Conference on Big Data and Smart Computing (BigComp).

[27]  Hamid Darabi,et al.  River suspended sediment modelling using the CART model: A comparative study of machine learning techniques. , 2018, The Science of the total environment.

[28]  Krishna Asawa,et al.  Mitigation and Detection of DDoS Attacks in Software Defined Networks , 2018, 2018 Eleventh International Conference on Contemporary Computing (IC3).

[29]  Gürkan Gür,et al.  JESS: Joint Entropy-Based DDoS Defense Scheme in SDN , 2018, IEEE Journal on Selected Areas in Communications.

[30]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[31]  Andrey Koucheryavy,et al.  Interaction of the IoT Traffic Generated by a Smart City Segment with SDN Core Network , 2017, WWIC.

[32]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[33]  Fatih Alagöz,et al.  SDNScore: A statistical defense mechanism against DDoS attacks in SDN environment , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[34]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[35]  Yong He,et al.  Land Price Prediction Based on Random Forest , 2018, IGARSS 2018 - 2018 IEEE International Geoscience and Remote Sensing Symposium.

[36]  Yang Wang,et al.  SGS: Safe-Guard Scheme for Protecting Control Plane Against DDoS Attacks in Software-Defined Networking , 2019, IEEE Access.

[37]  Keqin Li,et al.  SDNFV-Based Dynamic Network Function Deployment: Model and Mechanism , 2018, IEEE Communications Letters.

[38]  Arputharaj Kannan,et al.  CIMIDx: Prototype for a Cloud-Based System to Support Intelligent Medical Image Diagnosis With Efficiency , 2015, JMIR medical informatics.

[39]  Somsak Choomchuay,et al.  Improved Random Forest (RF) Classifier for Imbalanced Classification of Lung Nodules , 2018, 2018 International Conference on Engineering, Applied Sciences, and Technology (ICEAST).

[40]  Alberto Schaeffer-Filho,et al.  ANSwer: Combining NFV and SDN features for network resilience strategies , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[41]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[42]  Roopali Garg,et al.  Detecting Anomalies Efficiently in SDN Using Adaptive Mechanism , 2015, 2015 Fifth International Conference on Advanced Computing & Communication Technologies.

[43]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[44]  Xin Chen,et al.  VNF-FG design and VNF placement for 5G mobile networks , 2017, Science China Information Sciences.

[45]  Fatih Alagöz,et al.  Defense Mechanisms against DDoS Attacks in SDN Environment , 2017, IEEE Communications Magazine.

[46]  Sven Dietrich,et al.  Security Challenges and Opportunities of Software-Defined Networking , 2017, IEEE Security & Privacy.

[47]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[48]  Luc Van Gool,et al.  Real time head pose estimation with random regression forests , 2011, CVPR 2011.

[49]  Wen Chen,et al.  Implementation and Performance Optimization of Dynamic Random Forest , 2017, 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC).