A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection
Riyad AM
Abstract
The network traffic is getting increased day by day with the increase in the usage of the internet and related technologies such as cloud computing, Internet of Things (IoT), and big data. However, the traditional Internet Protocol (IP) based network struggles with adopting the huge network traffic through scalability, controllability as well as manageability for which software defined network has become an alternative. It meets the requirements of modern technologies in which the control is centralized over the network. Due to the increased popularity and usage, the security of the Software Defined Networking (SDN) is often compromised. Distributed Denial of Service (DDoS) attack is a major threat that suppresses the service of the SDN network. This paper focuses on providing a defence framework for SDN against DDoS attacks with two main phases. The DDoS prevention phase implemented at the data plane is responsible for preventing attacks packets through simple flow analysis. The DDoS detection phase at the control plane extracts the features from the incoming packets on which the rough set theory-based entropy is applied to select the significant features. Later ensemble classifier categorizes the flow as normal or attack. The flow rules are updated based on the obtained results. The proposed model has experimented with two publicly available datasets and the analysis are made with the obtained results. The proposed model has better precision values in predicting the flow as benign or attack with the values 96.3% and 96.12% respectively. The result analysis proves that the proposed model outperforms various other existing models in classifying DDoS attacks.
Keyword
Software defined networks, Distributed denial of attack, Flow analysis, Ensemble classifier, Rough set theory, Entropy.
Cite this article
Refference
[1][1]Polat H, Polat O, Cetin A. Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability. 2020; 12(3):1-16.
[2][2]Kreutz D, Ramos FM, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S. Software-defined networking: a comprehensive survey. Proceedings of the IEEE. 2014; 103(1):14-76.
[3][3]Sahoo KS, Puthal D, Obaidat MS, Sarkar A, Mishra SK, Sahoo B. On the placement of controllers in software-defined-WAN using meta-heuristic approach. Journal of Systems and Software. 2018; 145:180-94.
[4][4]Yin D, Zhang L, Yang K. A DDoS attack detection and mitigation with software-defined internet of things framework. IEEE Access. 2018; 6:24694-705.
[5][5]Ujjan RM, Pervez Z, Dahal K, Khan WA, Khattak AM, Hayat B. Entropy based features distribution for anti-DDoS model in SDN. Sustainability. 2021; 13(3):1-27.
[6][6]https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html. Accessed 17 September 2021.
[7][7]Saravanan A, Ahmed MI, Bama SS. Automated policy based remote attestation in trusted computing. ARPN Journal of Engineering and Applied Sciences. 2016; 11(7):4485-91.
[8][8]Akhunzada A, Ahmed E, Gani A, Khan MK, Imran M, Guizani S. Securing software defined networks: taxonomy, requirements, and open issues. IEEE Communications Magazine. 2015; 53(4):36-44.
[9][9]Kalkan K, Gür G, Alagöz F. SDNScore: a statistical defense mechanism against DDoS attacks in SDN environment. In symposium on computers and communications 2017 (pp. 669-75). IEEE.
[10][10]Andishmand R, Mohammdi H, Mostafavi S. Detection and analysis of DDoS attacks in software-defined networks. Computer Security and Reliability.2020.
[11][11]Dehkordi AB, Soltanaghaei M, Boroujeni FZ. The DDoS attacks detection through machine learning and statistical methods in SDN. The Journal of Supercomputing. 2021; 77(3):2383-415.
[12][12]Conti M, Lal C, Mohammadi R, Rawat U. Lightweight solutions to counter DDoS attacks in software defined networking. Wireless Networks. 2019; 25(5):2751-68.
[13][13]Santos R, Souza D, Santo W, Ribeiro A, Moreno E. Machine learning algorithms to detect DDoS attacks in SDN. Concurrency and Computation: Practice and Experience. 2020; 32(16).
[14][14]Yang L, Zhao H. DDoS attack identification and defense using SDN based on machine learning method. In 15th international symposium on pervasive systems, algorithms and networks (I-SPAN) 2018 (pp. 174-8). IEEE.
[15][15]Ali M, Benamrane F, Luong DK, Hu YF, Li JP, Abdo K. An AI based approach to secure SDN enabled future avionics communications network against DDoS attacks. In digital avionics systems conference 2019 (pp. 1-7). IEEE.
[16][16]Yu S, Zhang J, Liu J, Zhang X, Li Y, Xu T. A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN. EURASIP Journal on Wireless Communications and Networking. 2021.
[17][17]Manso P, Moura J, Serrão C. SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information. 2019; 10(3):1-17.
[18][18]Priyadarshini R, Barik RK. A deep learning based intelligent framework to mitigate DDoS attack in fog environment. Journal of King Saud University-Computer and Information Sciences. 2019:1-7.
[19][19]Joëlle MM, Park YH. Strategies for detecting and mitigating DDoS attacks in SDN: a survey. Journal of Intelligent & Fuzzy Systems. 2018; 35(6):5913-25.
[20][20]Karan BV, Narayan DG, Hiremath PS. Detection of DDoS attacks in software defined networks. In 3rd international conference on computational systems and information technology for sustainable solutions 2018 (pp. 265-70). IEEE.
[21][21]Meti N, Narayan DG, Baligar VP. Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In international conference on advances in computing, communications and informatics 2017 (pp. 1366-71). IEEE.
[22][22]Fitriani S, Mandala S, Murti MA. Review of semi-supervised method for intrusion detection system. In Asia pacific conference on multimedia and broadcasting 2016 (pp. 36-41). IEEE.
[23][23]Sharma S, Sahu SK, Jena SK. On selection of attributes for entropy based detection of DDoS. In international conference on advances in computing, communications and informatics 2015 (pp. 1096-100). IEEE.
[24][24]Mehdi SA, Khalid J, Khayam SA. Revisiting traffic anomaly detection using software defined networking. In international workshop on recent advances in intrusion detection 2011 (pp. 161-80). Springer, Berlin, Heidelberg.
[25][25]Omar T, Ho A, Urbina B. Detection of DDoS in SDN environment using entropy-based detection. Califonia State Polytechnic University.
[26][26]Carvalho RN, Bordim JL, Alchieri EA. Entropy-based DoS attack identification in SDN. In international parallel and distributed processing symposium workshops 2019 (pp. 627-34). IEEE.
[27][27]Ahmed ME, Ullah S, Kim H. Statistical application fingerprinting for DDoS attack mitigation. IEEE Transactions on Information Forensics and Security. 2018; 14(6):1471-84.
[28][28]Durner R, Lorenz C, Wiedemann M, Kellerer W. Detecting and mitigating denial of service attacks against the data plane in software defined networks. In conference on network softwarization 2017 (pp. 1-6). IEEE.
[29][29]Gkountis C, Taha M, Lloret J, Kambourakis G. Lightweight algorithm for protecting SDN controller against DDoS attacks. In IFIP wireless and mobile networking conference 2017 (pp. 1-6). IEEE.
[30][30]Sahay R, Blanc G, Zhang Z, Debar H. ArOMA: an SDN based autonomic DDoS mitigation framework. Computers & Security. 2017; 70:482-99.
[31][31]Sharma PK, Singh S, Park JH. OpCloudSec: open cloud software defined wireless network security for the internet of things. Computer Communications. 2018; 122:1-8.
[32][32]Singh J, Behal S. Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. Computer Science Review. 2020.
[33][33]Aamir M, Zaidi SM. Clustering based semi-supervised machine learning for DDoS attack classification. Journal of King Saud University-Computer and Information Sciences. 2019; 33(4):436-46.
[34][34]Ye J, Cheng X, Zhu J, Feng L, Song L. A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks. 2018:1-8.
[35][35]Tuan NN, Hung PH, Nghia ND, Tho NV, Phan TV, Thanh NH. A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN. Electronics. 2020; 9(3):1-19.
[36][36]Phan TV, Bao NK, Park M. A novel hybrid flow-based handler with DDoS attacks in software-defined networking. In conferences on ubiquitous intelligence & computing, advanced and trusted computing, scalable computing and communications, cloud and big data computing, internet of people, and smart world congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld) 2016 J (pp. 350-7). IEEE.
[37][37]Mehmood A, Mukherjee M, Ahmed SH, Song H, Malik KM. NBC-MAIDS: naïve bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks. The Journal of Supercomputing. 2018; 74(10):5156-70.
[38][38]Ravi N, Shalinie SM. Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture. IEEE Internet of Things Journal. 2020; 7(4):3559-70.
[39][39]Alshamrani A, Chowdhary A, Pisharody S, Lu D, Huang D. A defense system for defeating DDoS attacks in SDN based networks. In proceedings of the ACM international symposium on mobility management and wireless access 2017(pp. 83-92).
[40][40]Yang X, Han B, Sun Z, Huang J. SDN-based ddos attack detection with cross-plane collaboration and lightweight flow monitoring. In global communications conference 2017 (pp. 1-6). IEEE.
[41][41]Saravanan A, Bama SS, Kadry S, Ramasamy LK. A new framework to alleviate DDoS vulnerabilities in cloud computing. International Journal of Electrical & Computer Engineering. 2019; 9(5): 4163−75.
[42][42]Saravana A, Sathya BS. Multi model anti DDoS framework for detection and mitigation of high rate DDoS attacks in the cloud environment. International Journal of Scientific & Technology Research. 2020; 9(3):4503-11.
[43][43]Hu D, Hong P, Chen Y. FADM: DDoS flooding attack detection and mitigation system in software-defined networking. In global communications conference 2017 (pp. 1-7). IEEE.
[44][44]Irfan AMS, Riyad AM. Rough set theory based entropy approach for feature selection in adaptive intrusion detection system. International Journal of Scientific & Technology Research, 2020; 9(3):5734-5740.
[45][45]http://ntwag.sourceforge.net/. Accessed 17 September 2021.
[46][46]http://nsl.cs.unb.ca/nsl-kdd/. Accessed 17 September 2021.
[47][47]Bama SS, Ahmed MI, Saravanan A. A survey on performance evaluation measures for information retrieval system. International Research Journal of Engineering and Technology. 2015; 2(2):1015-20.