Detection of distributed denial of service attacks using machine learning algorithms in software defined networks

Software Defined Networking (SDN) is a new promising networking concept which has a centralized control over the network and separates the data and control planes. This new approach provides abstraction of lower-level functionality and allows the network administrators to initialize, control, change, and manage network behavior programmatically. The centralized control, being the major advantage of SDN can sometimes also be a major security threat. If the intruder succeeds in attacking the central controller, he would get access to the entire system. The controller is highly vulnerable to Distributed Denial of Service (DDoS) attacks which lead to exhaustion of the system resources which causes non-availability of the services given by the controller. It is critical to detect the attacks in the controller at earlier stage. Many algorithms and techniques have been discovered for this purpose. But less work has been done in the field of SDN networks. Using machine learning algorithms for classifying the connections into legitimate and illegitimate is one such solution. We use two machine learning algorithms namely, the Support Vector Machine (SVM) classifier and the Neural Network (NN) classifier to detect the suspicious and harmful connections.

[1]  Mohammed Moin Mulla,et al.  Detection of distributed denial of service attacks in software defined networks , 2016, 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[2]  Mourad Debbabi,et al.  A Survey and a Layered Taxonomy of Software-Defined Networking , 2014, IEEE Communications Surveys & Tutorials.

[3]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.

[4]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[5]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[6]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[7]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[8]  Seyed Mohammad Mousavi,et al.  Early Detection of DDoS Attacks in Software Defined Networks Controller , 2014 .

[9]  J. K. Kalita,et al.  Botnet in DDoS Attacks: Trends and Challenges , 2015, IEEE Communications Surveys & Tutorials.

[10]  Dimitrios Gkounis Cross-domain DoS link-flooding attack detection and mitigation using SDN principles , 2014 .

[11]  A. Neeraja,et al.  Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .

[12]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[13]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[14]  D. Sharmila,et al.  Predicting Application Layer DDoS Attacks Using Machine Learning Algorithms , 2015 .

[15]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[16]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[17]  Seemab Latif,et al.  Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques , 2014, 2014 National Software Engineering Conference.

[18]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.