An investigation of different DDOS attack detection methods in software-defined networks

Gaganjot Kaur; Prinima Gupta

doi:10.53730/ijhs.v6nS1.4863

Authors

Gaganjot Kaur
gaganjot@mru.edu.in
Assistant Professor, Department of Computer Science and Technology, Manav Rachna University, Faridabad, India
Prinima Gupta Professor, Department of Computer Science and Technology, Manav Rachna University, Faridabad, India

Keywords:

Software-Defined Network, Distributed denial-of-service, SVM, DENFES, BPNN, Network security

Abstract

Software-Defined Network is more vulnerable to more frequent and severe security attacks. Distributed Denial of service (DDoS) spasms corrupt network along with hinder efficiency and performance significantly. DDoS spasms lead to exhaustion of network means, thereby stopping the controller and impeding normal activities. Detection of DDoS attacks requires different classification techniques that provide accurate and efficient decision-making. Various techniques to detect the attacks are proposed in the existing literature. However, analysis of various works reveals various shortcomings of different techniques. In this paper, the existing techniques are analyzed in terms of their accuracy and MSE, and seven methods are compared with regards to suitability to counter DDoS attacks efficiently. Analysis of the results shows limitations and sets the tone for future studies on the topic. Overall, it is suggested to continue looking for better techniques to improve upon the existing learning and experiences gained and provide more accurate results.

Downloads

Download data is not yet available.

References

AlEroud, A., Alsmadi, I. (2017) ‘Identifying cyber-attacks on software-defined networks: An inference-based intrusion detection approach’, Journal Network Computer Application, Vol. 80, pp. 152-164. https://doi.org/10.1016/j.jnca.2016.12.024.

Ankali S.B., Ashoka D.V. (2011) ‘Detection architecture of application-layer DDoS attack for the internet’, International Journal Adventure Network Application, Vol. 3, No.1, 2011, pp. 984-990.

Arivudainambi, D., KA, V.K. and Chakkaravarthy, S.S., (2019) ‘LION IDS: A meta-heuristics approach to detect DDoS attacks against software-defined networks,’ Neural Computing and Applications, Vol.31, No.5, pp.1491-1501. doi:10.1007/s00521-018-3383-3387.

Bawany, N. Z., Shamsi, J. A., Salah, K. (2017) ‘DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arabian Journal Science Engineering, Vol.42, No.2, 425-441. https://doi.org/10.1007/s13369-017-2414-5.

Benzekki, K., El Fergougui, A. and ElbelrhitiElalaoui, A.(2016) ‘Software?defined networking (SDN): a survey. Security and communication networks, Vol. 9, No.18, pp.5803-5833.https://doi.org/10.1002/sec.1737.

Bhuyan, M.H., Bhattacharyya,D.K. and Kalita, J.K. (2013) ‘Network anomaly detection: methods, systems, and tools,’ IEEE Communications Surveys & Tutorials, Vol. 16, No.1, pp. 303-336. https://doi.org/10.1109/SURV.2013.052213.00046.

Burai, P., Beko, L., Lenart, C. and Tomor, T. (2014) ‘Classification of energy tree species using support vector machines’, WHISPERS IEEE, https://doi.org/10.1109/WHISPERS.2014.8077499.

Cadena Muñoz, E., Pedraza Martínez, L.F. and Ortiz Triviño, J.E. (2020) ‘Detection of malicious primary user emulation based on a support vector machine for a mobile cognitive radio network using software-defined radio,’ Electronics, Vol. 9, pp.1282.

Canadian Institute for Cybersecurity [online] Intrusion detection evaluation dataset (ISCXIDS2012) http://www.unb.ca/cic/datasets/ids.html (accessed 21 October 2020).

Creech, G. and Hu, J. (2013) Generation of a new IDS test dataset: time to retire the KDD collection. IEEE Wireless Communications and Networking Conference.

DEFCON (The Shmoo Group, 2000): Generated in 2000, DEFCON-8 ... create profiles to generate real traffic for HTTP, SMTP, SSH, IMAP, POP3, and FTP ... [21] DEFCON 8, 10 and 11, The ShmooGroup http://cctf.shmoo.com, (2000).

Dehkordi, A. B., Soltanaghaei,M., Boroujeni, F. Z.(2021) ‘The DDoS attacks detection through machine learning and statistical methods in SDN,’ Journal of Supercomputer, Vol.77, pp. 2383-2415. doi:10.1007/s11227-020-03323-w

Dev, S., Wen, B., Lee, Y.H., Winkler, S. (2016) ‘Ground-based image analysis: A tutorial on machine-learning techniques and applications,’ IEEE Geoscience and Remote Sensing Magazine, Vol.4, No.2, pp.79-93. https://doi.org/10.1109/MGRS.2015.2510448.

Hettich, S The ucikdd archive (1999) http://kdd.ics.uci.edu (accessed 29 may 2020).

Hick, P., Aben, E., Claffy, K. Polterock, J. (2010) ‘The CAIDA “DDoS attack 2007” dataset’ http://www. caida. org. (Accessed on 15 April 2020).

Jafarian, T., Masdari,M., Ghaffari, A., Majidzadeh, K.(2020) ‘A survey and classification of the security anomaly detection mechanisms in software-defined networks,’ Cluster Computers, Vol. 24, No.2, pp. 1235-1253. https://doi.org/10.1007/s10586-020-03184-1.

Jaiswal, S., Saxena, K., Mishra, A. and Sahu, S.K.(2016) ‘A KNN-ACO approach for intrusion detection using KDDCUP'99 dataset’, 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), pp. 628-633. IEEE, 2016.

Kabanda, GA. Bayesian Network Model for a Zimbabwean Cybersecurity System 2019 https://www.researchgate.net/profile/Gabriel-Kabanda/publication/339357040_Bayesian_Network_Model_for_a_Zimbabwean_Cybersecurity_System/links/5e53a9f4299bf1cdb945762b/Bayesian-Network-Model-for-a-Zimbabwean-Cybersecurity-System.pdf. (accessed 15 April 2020)

Karan B. V., Narayan D. G. and Hiremath P. S. (2018) ‘Detection of DDoS attacks in software-defined networks’, CSITSS IEEE. https://doi.org/10.1109/CSITSS.2018.8768551.

Khraisat, A., Gondal, I., Vamplew, P. and Kamruzzaman, J. (2019) Survey of intrusion detection systems: techniques,datasets and challenges. Cybersecurity, Vol.2,No.1 pp. 1-22. https://doi.org/10.1186/s42400-019-0038-7.

Krishnan, S. and Oliver, J. J. E. (2019) ‘Mitigating DDoS Attacks in Software Defined Networks,’ (ICOEI) IEEE. https://doi.org/10.1109/ICOEI.2019.8862589.

Larijani, H., Javed, A., Mtetwa, N. and Ahmad, J. (2019) ‘Intrusion detection using swarm intelligence,’ UCET.

Li W., Meng W. and Kwok, L. F. (2016).A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures. Journal Network Computer Application, Vol. 68, pp.126-139. https://doi.org/10.1016/j.jnca.2016.04.011.

Li, D., Wang, A. (2017) ‘Improved KNN algorithm for the scattered point cloud’, (IAEAC) IEEE. https://doi.org/10.1109/IAEAC.2017.8054336

Li, W., Meng, W., and Ip, H. H. S. (2016). PMFA: toward passive message fingerprint attacks on challenge-based collaborative intrusion detection networks. In International Conference on Network and System Security (pp. 433-449). Springer, Cham.

Li, Y. and Guo, L. (2008) ‘TCM-KNN scheme for network anomaly detection using feature-based optimizations’, SAC ACM. https://doi.org/10.1145/1363686.1364194.

Lima Filho, F.S.D., Silveira F.A., de Medeiros Brito Junior A., Vargas-Solar G. and Silveira L.F. (2019) ‘Smart detection: an online approach for DoS/DDoS attack detection using machine learning’, Security and Communication Networks, pp. 1-15. https://doi.org/10.1155/2019/1574749.

Liu, Z., He, Y., Wang, W. and Zhang, B. (2019) ‘DDoS attack detection scheme based on entropy and PSO-BP neural network in SDN’, China Communication, Vol. 16, 144-155. doi: 10.23919/JCC.2019.07.012.

Luo, S., Wu, J., Li, J. and Pei, B., (2015) A defense mechanism for distributed denial of service attack in software-defined networks. Ninth International Conference on Frontier of Computer Science and Technology, pp. 325-329, https://doi.org/10.1109/FCST.2015.11.

Mall, P. K., and Singh, P. K. (2022). BoostNet: a method to enhance the performance of deep learning model on musculoskeletal radiographs X-ray images. International Journal of System Assurance Engineering and Management, 1-15.

Mall, P. K., Singh, P. K., and Yadav, D. (2019, December). GLCM based feature extraction and medical X-RAY image classification using machine learning techniques. In 2019 IEEE Conference on Information and Communication Technology (pp. 1-6). IEEE.

Masdari, M. and Jalali, M.A. (2016) ‘survey and taxonomy of DoS attacks in cloud computing’, Security Communication Network, Vol. 9, pp. 3724-3751. https://doi.org/10.1002/sec.1539.

Meng, W., Li, W., Su, C., Zhou, J. and Lu, R. (2017) ‘Enhancing trust management for wireless intrusion detection via traffic sampling in the era of big data’, IEEE Access, Vol.13, No.6, pp.7234-7243. doi: 10.1109/ACCESS.2017.2772294.

Mishra A., Gupta, N. and Gupta, B. B. (2021) Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller. Telecommunication System, Vol. 77, No.1,pp. 47-62. doi: 10.1007_s11235-020-00747-w.

Nechaev, B., Allman, M., Paxson, V. and Gurtov, A. (2004) Lawrence berkeley national laboratory (lbnl)/icsi enterprise tracing project. Berkeley, CA: LBNL/ICSI.

Noori, A., Amphawan, A., Ghazi, A. and Ghazi, S. A. (2019) Dynamic evolving neural fuzzy inference system equalization scheme in mode division multiplexer for optical fiber transmission. Bulletin in Electrical Engineering Information, Vol.8, No.1,. https://doi.org/10.11591/eei.v8i1.1399

Nwosu C.S., Dev S., Bhardwaj P., Veeravalli B. and John D. (2019) ‘Predicting stroke from electronic health records’, EMBC IEEE.

Qureshi, A.U.H.,Larijani, H., Yousefi, M., Adeel, A. and Mtetwa, N. (2020) ‘An Adversarial Approach for Intrusion Detection Systems Using Jacobian Saliency Map Attacks (JSMA) Algorithm’, Computers, Vol. 9, No.3, pp. 58. https://doi.org/10.3390/computers9030058.

Saad R. M., Anbar M., Manickam S. (2018) ‘Rule-based detection technique for ICMPv6 anomalous behavior’, Neural Computer Application, Vo. 30, No.12, pp. 3815-3824. https://doi.org/10.1007/s00521-017-2967-y.

Saad, R.M., Almomani, A., Altaher, A., Gupta, B.B., Manickam, S. (2014) ‘CMPv6 flood attack detection using DENFIS algorithms’, Indian Journal Science Technology, Vol.7, No. 2, pp. 168.

Saad, R.M., Anbar, M., Manickam, S. and Alomari, E. (2016) ‘An intelligent icmpv6 DDoS flooding-attack detection framework (v6iids) using back-propagation neural network,’ IETE Technical Review, Vol. 33, No 12, pp.244-255. https://doi.org/10.1080/02564602.2015.1098576.

Sahoo, K. S., Panda, S. K., Sahoo, S., Sahoo, B., Dash, R. (2019) ‘Toward secure software-defined networks against distributed denial of service attack’, Journal supercomputers, Vol.75. No. 8, pp. 4829-4874. https://doi.org/10.1007/s11227-019-02767-z.

Sahoo, K. S., Puthal, D., Tiwary, M., Rodrigues, J. J., Sahoo, B., and Dash, R. (2018). An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Generation Computer Systems, 89, 685-697.

Sangster, B., O'Connor, T. J., Cook, T., Fanelli, R., Dean, E., Morrell, C. and Conti, G. J. (2009) Toward Instrumenting Network Warfare Competitions to Generate Labeled Datasets. In CSET.

Shah, S. A. R. and Issac, B. (2018) ‘Performance comparison of intrusion detection systems and application of machine learning to Snort system’, Future Generation Computer Systems, 80, 157-170.

Sharafaldin, I., Lashkari, A.H. and Ghorbani, A.A. (2018) ‘Toward generating a new intrusion detection dataset and intrusion traffic characterization’, ICISSp.

Singh, K., Singh, P. and Kumar, K. (2017) ‘Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges’, Computer Security, Vol. 65, pp. 344-372. https://doi.org/10.1016/j.cose.2016.10.005.

Singh, RS., Prasad, A., Moven, R.M. and Sarma, H.K.D. (2017) ‘Denial of service attack in wireless data network: A survey’, (DevIC) IEEE, https://doi.org/10.1109/DEVIC.2017.8073968.

Singh. M. P. and Bhandari. A. (2020) ‘New-flow-based DDoS attacks in SDN: Taxonomy, rationales, and research challenges’, Computer Communication, Vol.154 pp. 509-527. https://doi.org/10.1016/j.comcom.2020.02.085

Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D. and Nakao, K.(2011) ‘Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation’, Proceedings of the first workshop on building analysis datasets and gathering experience returns for security. https://doi.org/10.1145/1978672.1978676.

Suresh M. and Anitha, R. (2010) ‘Evaluating machine learning algorithms for detecting DDoS attacks’, CNSA. https://doi.org/10.1007/978-3-642-22540-6_42.

Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A. (2009) ‘A detailed analysis of the KDD CUP 99 data set’, CISDA IEEE. https://doi.org/10.1109/CISDA.2009.5356528.

Narayan, V., & Daniel, A. K. (2021). A novel approach for cluster head selection using trust function in WSN. Scalable Computing: Practice and Experience, 22(1), 1-13.

Narayan, V., & Daniel, A. K. (2022). CHHP: coverage optimization and hole healing protocol using sleep and wake-up concept for wireless sensor network. International Journal of System Assurance Engineering and Management, 1-11.

Narayan, V., & Daniel, A. K. (2021). RBCHS: Region-Based Cluster Head Selection Protocol in Wireless Sensor Network. In Proceedings of Integrated Intelligence Enable Networks and Computing (pp. 863-869). Springer, Singapore.

Narayan, V., & Daniel, A. K. (2021, October). IOT Based Sensor Monitoring System for Smart Complex and Shopping Malls. In International Conference on Mobile Networks and Management (pp. 344-354). Springer, Cham.

Wang, R., Jia, Z. and Ju, L. (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1, pp. 310-317. IEEE.

Wang, Y., Hu T., Tang, G., Xie, J., Lu, J. (2019) SGS: Safeguard scheme for protecting control plane against DDoSattacks in software-defined networking. IEEE Access, Vol.7, pp. 34699-34710. https://doi.org/10.1109/ACCESS.2019.2895092

Yan, Q., Yu, F.R. (2015) ‘Distributed denial of service attacks in software-defined networking with cloud computing’, IEEE Communications Magazine, Vol.53, pp.52-59. DOI: 10.1109/MCOM.2015.7081075.

Yan, Q., Yu, F.R., Gong, Q. and Li, J. (2015) ‘Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges’, IEEE Communication Survey Tutor, Vol.18, No.1, pp. 602-622. https://doi.org/10.1109/COMST.2015.2487361

Ye J., Cheng X., Zhu J., Feng L., Song L. (2018) ‘A DDoS attack detection method based on SVM in a software-defined network,’ Security Communication Network. https://doi.org/10.1155/2018/9804061.

Zargar, S.T., Joshi, J. and Tipper, D.A. (2001) ‘survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks’, IEEE Communications Surveys and Tutorials, Vol. 5, No.4, pp. 2046-2069. https://doi.org/10.1109/SURV.2013.031413.00127.

Zhu, L., Tang, X., Shen, M., Du, X. and Guizani, M. (2018) ‘Privacy-preserving DDoS attack detection using cross-domain traffic in software defined networks,’ IEEE Journal on Selected Areas in Communications, Vol. 36, No. 3, pp.628-643.

Zuech, R., Khoshgoftaar, T.M. and Wald, R. (2015) ‘Intrusion detection and big heterogeneous data: a survey’, Journal of Big Data, Vol. 2, pp.1-41. https://doi.org/10.1186/s40537-015-0013-4.

Fischli, A. E., Godfraind, T., & Purchase, I. F. H. (1998). Conclusions and Recommendations. Pure and Applied Chemistry, 70(9), 1863-1865. https://doi.org/10.1351/pac199870091863