Proactive DDoS attack detection in software-defined networks with Snort rule-based algorithms
Nor Shahniza Kamal Bashah, Twiene Selynda Simbas, Norjansalika Janom and Syaripah Ruzaini Syed Aris
Abstract
The exponential growth of application-layer programs has imposed significant constraints on the existing underlying network infrastructure. To address this escalating demand, a transition towards a software-oriented network infrastructure becomes indispensable. Software-defined networks (SDN), which decouples the data and control planes, transforming them into a programmable network controlled by a central controller, emerges as the solution. This approach enhances network management, leading to reduced operational expenditures (OPEX), heightened quality of service, and the achievement of desired scalability. However, the shift towards a programmable network infrastructure exposes vulnerabilities to existing security threats. In this research, additional security measures were proposed with the aim of detecting and preventing security threats, particularly distributed denial of service (DDoS) attacks. For simulation purposes, the Mininet platform is employed. The Ryu controller is configured as an SDN controller, responsible for transmitting and removing OpenFlow messages to and from switches, along with handling incoming packets. Snort plays a crucial role in analyzing suspicious traffic entering the network. This incoming traffic undergoes examination based on predefined rules, triggering an alert if any traffic matches these rules. The internet control message protocol (ICMP) flooding method was employed to execute DDoS attacks. Based on the results and findings, an extensive volume of packets was observed during attacks on the SDN network. Furthermore, connectivity tests conducted through ping tests towards the targeted machine resulted in 100% packet loss. This outcome signified the denial of resource access on the targeted machine during an attack, consequently leading to a decline in overall network performance. Analysis of the amassed data revealed that early detection through rule-based Snort implementation could significantly mitigate the impact on SDN networks. Consequently, the adoption of Snort for proactive DDoS attack detection in SDN networks was proposed. This approach empowered network administrators to respond promptly upon the occurrence of a Snort-generated alert.
Keyword
Security attack, Network degradation, Proactive detection, Rule-based algorithm, Snort alert.
Cite this article
Bashah NS, Simbas TS, Janom N, Syed Aris SR
Refference
[1][1]Zhang C, editor. Human security in China: A post-pandemic state. Springer Nature; 2021.
[2][2]Stanford B, Foster S, Berdud CE. Global pandemic, security and human rights: comparative explorations of COVID-19 and the law. Routledge; 2021.
[3][3]Hu M. Pandemic surveillance: privacy, security, and data ethics. Edward Elgar Publishing; 2022.
[4][4]Shaw R, Gurtoo A. Introduction: global pandemic, human security, technology and development. In global pandemic and human security: technology and development perspective 2022 (pp. 1-14). Singapore: Springer Nature Singapore.
[5][5]Gunaratna RK, Aslam MM. COVID-19 Pandemic: the threat and response. Routledge; 2022.
[6][6]Kumar S, Gaur MS, Sharma PS, Sagar V. Post pandemic cyber attacks impacts and countermeasures: a systematic review. In international conference on artificial intelligence and smart communication 2023 (pp. 192-9). IEEE.
[7][7]Bohara B, Bhuyan J, Wu F, Ding J. A survey on the use of data clustering for intrusion detection system in cybersecurity. International Journal of Network Security & its Applications. 2020; 12(1):1-18.
[8][8]Celesova B, Valko J, Grezo R, Helebrandt P. Enhancing security of SDN focusing on control plane and data plane. In 7th international symposium on digital forensics and security 2019 (pp. 1-6). IEEE.
[9][9]Zhang H, Cai Z, Liu Q, Xiao Q, Li Y, Cheang CF. A survey on security-aware measurement in SDN. Security and Communication Networks. 2018; 2018:1-15.
[10][10]Khalifa R, El-aasser M. Network security challenges in SDN environments. In 5th international conference on communications, signal processing, and their applications 2022 (pp. 1-6). IEEE.
[11][11]Ahmed SB, Mohamed YA. An approach for software-defined networks security. In second international conference on electrical, electronics, information and communication technologies 2023 (pp. 1-8). IEEE.
[12][12]Wang L, Qin Y, Li N. Research on security protection system under multi-party gathering technology of computer big data. In 3rd international conference on electronic technology, communication and information 2023 (pp. 1286-9). IEEE.
[13][13]https://asset.mkn.gov.my/wp-content/uploads/2020/10/MalaysiaCyberSecurityStrategy2020-2024.pdf. Accessed 27 July 2023.
[14][14]https://enterprise.verizon.com/content/verizonenterprise/us/en/index/resources/reports/2020-data-breach-investigations-report.pdf. Accessed 27 July 2023.
[15][15]https://k12cybersecure.com/wp-content/uploads/2021/03/StateofK12Cybersecurity-2020.pdf. Accessed 27 July 2023.
[16][16]Khairi MH, Ariffin SH, Latiff NM, Abdullah AS, Hassan MK. A review of anomaly detection techniques and distributed denial of service (DDoS) on software defined network (SDN). Engineering, Technology & Applied Science Research. 2018; 8(2):2724-30.
[17][17]Manso P, Moura J, Serrão C. SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information. 2019; 10(3):1-17.
[18][18]Iqbal M, Iqbal F, Mohsin F, Rizwan M, Ahmad F. Security issues in software defined networking (SDN): risks, challenges and potential solutions. International Journal of Advanced Computer Science and Applications. 2019; 10(10):298-303.
[19][19]Clouder A. DDoS attack statistics and trend report by alibaba cloud. https://www.alibabacloud.com/blog/ddos-attack-statistics-and-trend-report-by-alibaba-cloud_597607. Accessed 27 July 2023.
[20][20]Rawal BS, Patel S, Sathiyanarayanan M. Identifying ddos attack using split-machine learning system in 5g and beyond networks. In INFOCOM conference on computer communications workshops 2022 (pp. 1-6). IEEE.
[21][21]Cai T, Jia T, Adepu S, Li Y, Yang Z. ADAM: an adaptive DDoS attack mitigation scheme in software-defined cyber-physical system. IEEE Transactions on Industrial Informatics. 2023.
[22][22]Niu M, Feng Y, Sakurai K. A two-stage detection system of DDoS attacks in SDN using a trigger with multiple features and self-adaptive thresholds. In 17th international conference on ubiquitous information management and communication 2023 (pp. 1-8). IEEE.
[23][23]Sai AD, Tilak BH, Sanjith NS, Suhas P, Sanjeetha R. Detection and mitigation of low and slow DDoS attack in an SDN environment. In international conference on distributed computing, VLSI, electrical circuits and robotics 2022 (pp. 106-11). IEEE.
[24][24]Yadav AR, Jain AP, Shankar T, Rajesh A, Perumal S, Eappen G. AI based DDOS attack detection of SDN network in mininet emulator. In 2nd international conference on vision towards emerging trends in communication and networking technologies 2023 (pp. 1-4). IEEE.
[25][25]Dou S, Miao G, Guo Z, Yao C, Wu W, Xia Y. Matchmaker: maintaining network programmability for software-defined WANs under multiple controller failures. Computer Networks. 2021; 192:108045.
[26][26]Mahmood W, Nasir SD, Waqas I. A research survey on software defined networking (SDN). In proceedings ninth international conference on advances in computing, control and networking 2019 (pp. 1-6).
[27][27]Sharma PK, Tyagi SS. Improving security through software defined networking (SDN): an SDN based model. International Journal of Recent Technology and Engineering. 2019; 8:295-300.
[28][28]Sunday UI, Akhibi SD. Application of software-defined networking. European Journal of Computer Science and Information Technology. 2022; 10(2):27-48.
[29][29]Andishmand R, Mohammdi H, Mostafavi S. Detection and analysis of DDoS attacks in software-defined networks. Computer Security and Reliability. 2020:1-14.
[30][30]Bangui H, Ge M, Buhnova B. A hybrid data-driven model for intrusion detection in VANET. Procedia Computer Science. 2021; 184:516-23.
[31][31]Sukumar JA, Pranav I, Neetish MM, Narayanan J. Network intrusion detection using improved genetic k-means algorithm. In international conference on advances in computing, communications and informatics 2018 (pp. 2441-6). IEEE.
[32][32]Bhattacharjee PS, Fujail AK, Begum SA. A comparison of intrusion detection by K-means and fuzzy C-means clustering algorithm over the NSL-KDD dataset. In international conference on computational intelligence and computing research 2017 (pp. 1-6). IEEE.
[33][33]Karataş F, Korkmaz SA. Big data: controlling fraud by using machine learning libraries on spark. International Journal of Applied Mathematics Electronics and Computers. 2018; 6(1):1-5.
[34][34]Krishna KV, Swathi K, Rao BB. A novel framework for NIDS through fast KNN classifier on CICIDS 2017 dataset. International Journal of Recent Technology and Engineering. 2020; 8(5):3669-75.
[35][35]Alrowaily M, Alenezi F, Lu Z. Effectiveness of machine learning based intrusion detection systems. In security, privacy, and anonymity in computation, communication, and storage: 12th international conference, SpaCCS 2019, Atlanta, GA, USA, 2019 (pp. 277-88). Springer International Publishing.
[36][36]Verma A, Ranga V. Statistical analysis of CIDDS-001 dataset for network intrusion detection systems using distance-based machine learning. Procedia Computer Science. 2018; 125:709-16.
[37][37]Li L, Zhang H, Peng H, Yang Y. Nearest neighbors based density peaks approach to intrusion detection. Chaos, Solitons & Fractals. 2018; 110:33-40.
[38][38]Sandosh S, Govindasamy V, Akila G. Enhanced intrusion detection system via agent clustering and classification based on outlier detection. Peer-to-Peer Networking and Applications. 2020; 13:1038-45.
[39][39]Aung YY, Min MM. Hybrid intrusion detection system using K-means and K-nearest neighbors algorithms. In IEEE/ACIS 17th international conference on computer and information science 2018 (pp. 34-8). IEEE.
[40][40]Al Salti I, Zhang N. LINK-GUARD: an effective and scalable security framework for link discovery in SDN networks. IEEE Access. 2022; 10:130233-52.
[41][41]Agborubere B, Sanchez-velazquez E. Openflow communications and TLS security in software-defined networks. In international conference on internet of things (iThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData) 2017 (pp. 560-6). IEEE.
[42][42]Muragaa WH, Seman K, Marhusin MF. Simulating DDoS attack in SDN network using POX controller and Mininet emulator. In proceedings of 134th the IRES international conference. 2018 (pp. 39-41).
[43][43]Tupakula U, Karmakar KK, Varadharajan V, Collins B. Implementation of techniques for enhancing security of southbound infrastructure in SDN. In 13th international conference on network of the future 2022 (pp. 1-5). IEEE.
[44][44]Yungaicela-naula NM, Vargas-rosales C, Perez-diaz JA, Jacob E, Martinez-cagnazzo C. Physical assessment of an SDN-based security framework for DDoS attack mitigation: introducing the SDN-SlowRate-DDoS dataset. IEEE Access. 2023; 11: 46820-31.
[45][45]https://snort-org-site.s3.amazonaws.com/production/document_files/files/000/012/147/original/Snort_3.1.8.0_on_Ubuntu_18_and_20.pdf. Accessed 27 July 2023.