Detection and mitigation of botnet based DDoS attacks using catboost machine learning algorithm in SDN environment
Sanjeetha R, Anant Raj, Kolli Saivenu, Mumtaz Irteqa Ahmed, Sathvik B and Anita Kanavalli
Abstract
Software-defined networking (SDN) is an emerging new technology in the field of networks that facilitates comprehensive network programmability, which makes them prone to network attacks. One of the primitive yet highly effective network attacks is the Distributed Denial-of-Service (DDoS). DDoS attacks are launched from the compromised hosts called botnets acquired by the attacker host called the botmaster, all being connected to switches present in the same environment. Despite the large number of traditional mitigation solutions that exist today, DDoS attacks continue to grow severely. Numerous solutions have been proposed to counter these attacks and prevent service disruptions which have cost many companies a fortune. An extensive literature survey of existing solutions to these security challenges in an SDN environment, that employed machine learning techniques like XGBoost, Support Vector Machine (SVM), etc., has addressed the detection of DDoS attacks. But still showed the scope of improvement in detection speeds which could significantly reduce the service unavailability time from a server i.e., the victim of the DDoS attack. Thus, this paper addresses these requirements to build an optimal, reliable, and quick DDoS detection and mitigation application. This application leverages the controller's functionalities, continuously monitors the network traffic at a particular host interface (potential victim) to detect abnormal traffic. When the traffic is identified as a potential DDoS attack, its mitigation is initiated. The DDoS attack traffic is mitigated by deploying flow rules onto the switches such that it blocks the attack traffic from entering the network. The application uses CatBoost classifier, the boosting algorithm which has very less prediction time and is comparatively 8× faster than XGBoost, because of its symmetric tree structure. It is tested to be proven reliable and efficient in detecting botnet-based DDoS attacks on the SDN environment with an accuracy of 98% and far less training time. Thus, proving that the proposed solution employing the state-of-the-art machine learning model can be more effective in quickly detecting and mitigating a DDoS attack.
Keyword
SDN, Botnet, DDoS, Machine learning, Catboost.
Cite this article
Sanjeetha R, Raj A, Saivenu K, Ahmed MI, Sathvik B, Kanavalli A
Refference
[1][1]Chen Z, Jiang F, Cheng Y, Gu X, Liu W, Peng J. XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud. In international conference on big data and smart computing (bigcomp) 2018 (pp. 251-6). IEEE.
[2][2]Thomas RM, James D. DDOS detection and denial using third party application in SDN. In international conference on energy, communication, data analytics and soft computing 2017 (pp. 3892-7). IEEE.
[3][3]Lukaseder T, Stölzle K, Kleber S, Erb B, Kargl F. An SDN-based approach for defending against reflective ddos attacks. In conference on local computer networks 2018 (pp. 299-302). IEEE.
[4][4]Hong K, Kim Y, Choi H, Park J. SDN-assisted slow HTTP DDoS attack defense method. IEEE Communications Letters. 2017; 22(4):688-91.
[5][5]Deepa V, Sudar KM, Deepalakshmi P. Detection of DDoS attack on SDN control plane using hybrid machine learning techniques. In international conference on smart systems and inventive technology 2018 (pp. 299-303). IEEE.
[6][6]Lawal BH, Nuray AT. Real-time detection and mitigation of distributed denial of service (DDoS) attacks in software defined networking (SDN). In signal processing and communications applications conference 2018 (pp. 1-4). IEEE.
[7][7]Wijesinghe U, Tupakula U, Varadharajan V. Botnet detection using software defined networking. In international conference on telecommunications 2015 (pp. 219-24). IEEE.
[8][8]Dao NN, Park J, Park M, Cho S. A feasible method to combat against DDoS attack in SDN network. In international conference on information networking 2015 (pp. 309-11). IEEE.
[9][9]Dong S, Sarem M. DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access. 2019; 8:5039-48.
[10][10]Yadav S, Selvakumar S. Detection of application layer DDoS attack by modeling user behavior using logistic regression. In international conference on reliability, infocom technologies and optimization 2015 (pp. 1-6). IEEE.
[11][11]Fouladi RF, Kayatas CE, Anarim E. Frequency based DDoS attack detection approach using naive bayes classification. In international conference on telecommunications and signal processing 2016 (pp. 104-7). IEEE.
[12][12]Lakshminarasimman S, Ruswin S, Sundarakantham K. Detecting DDoS attacks using decision tree algorithm. In fourth international conference on signal processing, communication and networking 2017 (pp. 1-6). IEEE.
[13][13]Sahoo KS, Tripathy BK, Naik K, Ramasubbareddy S, Balusamy B, Khari M, et al. An evolutionary SVM model for DDOS attack detection in software defined networks. IEEE Access. 2020; 8:132502-13.
[14][14]Pérez-Díaz JA, Valdovinos IA, Choo KK, Zhu D. A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access. 2020; 8:155859-72.
[15][15]Abou El Houda Z, Khoukhi L, Hafid AS. Bringing intelligence to software defined networks: mitigating DDoS attacks. IEEE Transactions on Network and Service Management. 2020; 17(4):2523-35.
[16][16]Gong C, Yu D, Zhao L, Li X, Li X. An intelligent trust model for hybrid DDoS detection in software defined networks. Concurrency and Computation: Practice and Experience. 2020; 32(16).
[17][17]Phan TV, Park M. Efficient distributed denial-of-service attack defense in SDN-based cloud. IEEE Access. 2019; 7:18701-14.
[18][18]Tan L, Pan Y, Wu J, Zhou J, Jiang H, Deng Y. A new framework for DDoS attack detection and defense in SDN environment. IEEE Access. 2020; 8:161908-19.
[19][19]Alamri HA, Thayananthan V. Bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against DDoS attacks. IEEE Access. 2020; 8:194269-88.
[20][20]Wang J, Wen R, Li J, Yan F, Zhao B, Yu F. Detecting and mitigating target link-flooding attacks using SDN. IEEE Transactions on Dependable and Secure Computing. 2018; 16(6):944-56.
[21][21]Jia Y, Zhong F, Alrawais A, Gong B, Cheng X. Flowguard: an intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet of Things Journal. 2020; 7(10):9552-62.