SDNDefender: A Comprehensive DDoS Defense Mechanism Using Hybrid Approaches over Software Defined Networking

In traditional networks, DDoS attacks are often launched in the network layer or the transport layer. Researchers had explored this problem in depth and put forward plenty of solutions. However, these solutions are only suitable for scenarios such as a single link or victim side network and could not analyse traffic distribution from the angle of the global network. Also, the TCP/IP network architecture lacks abilities to quickly conduct resource deployment and traffic scheduling. When DDoS attacks occur, victims usually could not respond in time. With the superiorities of centralized control mode and global topological view, Software-Defined Networking (SDN) provides a new way to get over the above issues. In this paper, we adopt a combination of diverse technologies to design SDNDefender, a SDN-based DDoS detection and defense mechanism, which is composed of two core components aiming to counter the most popular DDoS attacks including IP spoofing attack and TCP SYN flood attack. We carry out quantitative simulation experiments for evaluating SDNDefender from many metrics. The experimental results show that in contrast to other DDoS defense algorithms, SDNDefender not only efficiently validates spoofed packets and withstands well-known attacks but also defends unknown attacks according to the target’s available resources. Besides, SDNDefender could significantly reduce TCP half-open connections and improve detection accuracy, alleviating attack influences that exhaust the server’s resources and network bandwidth.

Download Full-text

The State of the Art of Software Defined Networking (SDN)

International Journal of Information Communication Technologies and Human Development ◽

10.4018/ijicthd.2018100104 ◽

2018 ◽

Vol 10 (4) ◽

pp. 44-60 ◽

Cited By ~ 2

Author(s):

Emilia Rosa Jimson ◽

Kashif Nisar ◽

Mohd Hanafi Ahmad Hijazi

Keyword(s):

Real Time ◽

Network Architecture ◽

Software Defined Networking ◽

Centralized Control ◽

Network Resources ◽

Limited Bandwidth ◽

Network Bandwidth ◽

Real Time Traffic ◽

Complex Design ◽

Proposed Model

The complex design of the current network architecture, which has inevitably resulted in poor network resources management, has triggered researchers to propose a Software Defined Networking (SDN)-based network model to simplify the management of the limited bandwidth of a network. The key idea of the SDN-based model is to simplify network management by introducing a centralized control through which the dynamic update of forwarding rules, the simplification of network devices tasks, and flow abstractions can be realized. This proposed model utilizes the limited network bandwidth systematically by giving real-time traffic higher priority than non-real-time traffic to access limited resources. The experimental results showed that the proposed model helped ensure real-time traffic would be given greater priority to access the limited bandwidth, where the major portion of the limited bandwidth was allocated to the real-time traffic.

Download Full-text

The State of the Art of Software Defined Networking (SDN) Issues in Current Network Architecture and a Solution for Network Management Using the SDN

International Journal of Technology Diffusion ◽

10.4018/ijtd.2019070103 ◽

2019 ◽

Vol 10 (3) ◽

pp. 33-48 ◽

Cited By ~ 2

Author(s):

Emilia Rosa Jimson ◽

Kashif Nisar ◽

Mohd Hanafi Ahmad Hijazi

Keyword(s):

Network Management ◽

Real Time ◽

Network Model ◽

Network Architecture ◽

Limited Resource ◽

Software Defined Networking ◽

Centralized Control ◽

Network Resources ◽

Limited Bandwidth ◽

Network Bandwidth

Software defined networking (SDN) architecture has been verified to make the current network architecture management simpler, and flexible. The key idea of SDN is to simplify network management by introducing a centralized control, through which dynamic updates of forwarding rules, simplification of the network devices task, and flow abstractions can be realized. In this article, the researchers discuss the complex design of the current network architecture, which has inevitably resulted in poor network resources management, such as bandwidth management. SDN-based network model has been proposed to simplify the management of the limited bandwidth of a network. The proposed network model utilizes the limited network bandwidth systematically by giving real-time traffics higher priority than non-real-time traffics to access the limited resource. The experimental results showed that the proposed model helped ensure real-time traffics would be given greater priority to access the limited bandwidth, where major portion of the limited bandwidth being allocated to the real-time traffics.

Download Full-text

Defense mechanisms against Distributed Denial of Service attacks: Comparative Review

Journal of Information Security and Cybercrimes Research ◽

10.26735/lqez4186 ◽

2021 ◽

Vol 4 (1) ◽

pp. 81-94

Author(s):

Fahad Alatawi

Keyword(s):

Defense Mechanisms ◽

Large Scale ◽

Defense Mechanism ◽

Denial Of Service ◽

Detection Accuracy ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Response Mechanism ◽

Packet Filtering ◽

Comparative Review

Distributed Denial of Service (DDoS) remains a big concern in Cybersecurity. DDoS attacks are implemented to prevent legitimate users from getting access to services. The attackers make use of multiple hosts that have been compromised (i.e., Botnets) to organize a large-scale attack on targets. Developing an effective defensive mechanism against existing and potential DDoS attacks remains a strong desire in the cybersecurity research community. However, development of effective mechanisms or solutions require adequate evaluation of existing defense mechanism and a critical analysis of how these methods have been implemented in preventing, detecting, and responding to DDoS attacks. This paper adopted a systematic review method to critically analyze the existing mechanisms. The review of existing literature helped classify the defense mechanism into four categories: source-based, core-router, victim-based, and distributed systems. A qualitative analysis was used to exhaustively evaluate these defense mechanisms and determine their respective effectiveness. The effectiveness of the defense mechanisms was evaluated on six key parameters: coverage, implementation, deployment, detection accuracy, response mechanism, and robustness. The comparative analysis reviewed the shortcomings and benefits of each mechanism. The evaluation determined that victim-based defense mechanisms have a high detection accuracy but is associated with massive collateral as the detection happens when it is too late to protect the system. On the other hand, whereas stopping an attack from the source-end is ideal, detection accuracy at this point is too low as it is hard to differentiate legitimate and malicious traffic. The effectiveness of the core-based defense systems is not ideal because the routers do not have enough CPU cycles and memory to profile the traffic. Distributed defense mechanisms are effective as components can be spread out across the three locations in a way that takes advantage of each location. The paper also established that the rate-limiting response mechanism is more effective than packet filtering method because it does not restrict legitimate traffic. The analysis revealed that there is no single defense mechanism that offers complete protection against DDoS attacks but concludes that the best defense mechanism is the use of distributed defense because it ensures that defense components are placed on all locations.

Download Full-text

DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning

The Computer Journal ◽

10.1093/comjnl/bxz064 ◽

2019 ◽

Vol 63 (7) ◽

pp. 983-994 ◽

Cited By ~ 4

Author(s):

Muhammad Asad ◽

Muhammad Asim ◽

Talha Javed ◽

Mirza O Beg ◽

Hasan Mujtaba ◽

...

Keyword(s):

Neural Network ◽

Network Architecture ◽

Denial Of Service ◽

Smart Devices ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Tangible Computing ◽

Network Bandwidth ◽

Feed Forward Back Propagation

Abstract At the advent of advanced wireless technology and contemporary computing paradigms, Distributed Denial of Service (DDoS) attacks on Web-based services have not only increased exponentially in number, but also in the degree of sophistication; hence the need for detecting these attacks within the ocean of communication packets is extremely important. DDoS attacks were initially projected toward the network and transport layers. Over the years, attackers have shifted their offensive strategies toward the application layer. The application layer attacks are potentially more detrimental and stealthier because of the attack traffic and the benign traffic flows being indistinguishable. The distributed nature of these attacks is difficult to combat as they may affect tangible computing resources apart from network bandwidth consumption. In addition, smart devices connected to the Internet can be infected and used as botnets to launch DDoS attacks. In this paper, we propose a novel deep neural network-based detection mechanism that uses feed-forward back-propagation for accurately discovering multiple application layer DDoS attacks. The proposed neural network architecture can identify and use the most relevant high level features of packet flows with an accuracy of 98% on the state-of-the-art dataset containing various forms of DDoS attacks.

Download Full-text

Detection and Mitigation of Flood Attacks in IPv6 Enabled Software Defined Networks

Advances in Research ◽

10.9734/air/2020/v21i830221 ◽

2020 ◽

pp. 1-9

Author(s):

O. Ashimi Quadri ◽

Adeniji Oluwashola David

Keyword(s):

Network Architecture ◽

Denial Of Service ◽

Cost Effective ◽

Centralized Control ◽

Ddos Attacks ◽

Control Plane ◽

Network Resources ◽

Effective Manner ◽

Data Plane ◽

Experimental Testbed

Software-defined networking (SDN) is an emerging technology, which provides network architecture that decouples the control plane from the data plane. Due to the centralized control, the network becomes more dynamic, and the network resources are managed in a more efficient and cost-effective manner. The centralization of the control plane requires robust and real-time security techniques. The security Techniques will protect it from any sign of vulnerabilities associated with the network such as a distributed denial of service (DDoS) attacks. The problem of the data-plane is that the attack is hard to be tracked by the SDN controlling plane. This makes the switches to be more susceptible against these types of attacks and hence it is very important to have quick provisional methods in place to prevent the switches from breaking down as soon as first signs of an attack are detected. To resolve this problem, the research developed a mechanism that detects and mitigates flood attacks in IPv6 enabled software to define networks. An experimental testbed was developed using sFlow technique, floodlight controller, and OpenFlow version 1.3. A mitigation algorithm was also developed and was tested with a simulation tool Mininet. The real network traffic was tested on the testbed to investigate the effective mitigation of a DDoS attack. The mitigation time performance for IPv6 was 46.6% while IPv4 was 66.6%. Also, The result gathered from the experiment showed that both the response and detection times were 4 secs while the mitigation time was 7secs respectively. The overall control time being 11 secs. The experimental Testbed result shows that the developed testbed outperformed the previous methods with the ability to detect threats on the network faster. The result from the IPv6 testbed is a probable solution to mitigate the threats posed by DDoS attacks on the IPv6 enabled SDN network resources.

Download Full-text

On the features of Software Defined Networking for the QoS provision in data networks

Inge CUC ◽

10.17981/ingecuc.14.2.2018.10 ◽

2018 ◽

Vol 14 (2) ◽

pp. 106-115

Author(s):

Jonier Hernando Porras Duque ◽

Daniel Orlando Ducuara Beltrán ◽

Gustavo Adolfo Puerto Leguizamón

Keyword(s):

Quality Of Service ◽

Network Architecture ◽

Software Defined Networking ◽

Data Networks ◽

Centralized Control ◽

Transport Services ◽

Use Of Resources ◽

Fast Evolution ◽

Base Network

Introduction: The traditional networks mostly implement devices where the control plane is distributed and mixed with the data plane; this fact does not allow a fast evolution towards a process that contributes to improving the transport of services. Otherwise, Software Defined Networking is a set of transport services that optimize the use of resources as these have a centralized network structure. Objective: To determine the aspects that enable software-defined networking to provide quality of service features in data networks. Methodology: This study is performed through network simulation over the same base network and under the same working conditions by carrying out measurements of the packet forwarding response time and management of the transported bandwidth. This study includes the demonstration of the multimedia content transport over a network architecture defining priorities to the links. Results: The outcomes show how the Software Defined Networking achieves better management of data transmission through the base network. In the same way, the previous outcomes are reinforced with those obtained in the quality of service test performed on the streaming of a multimedia flow. Conclusions: Due to the centralized control of Software Defined Networking, forwarding functions with the quality of service features are enabled in data networks based on layer-2 devices.

Download Full-text

On the Detection of Low-Rate Denial of Service Attacks at Transport and Application Layers

Electronics ◽

10.3390/electronics10172105 ◽

2021 ◽

Vol 10 (17) ◽

pp. 2105

Author(s):

Vasudha Vedula ◽

Palden Lama ◽

Rajendra V. Boppana ◽

Luis A. Trejo

Keyword(s):

Network Traffic ◽

Short Term Memory ◽

Transmission Control Protocol ◽

Denial Of Service ◽

Detection Methods ◽

Support Vector ◽

Detection Accuracy ◽

Ddos Attacks ◽

Network Bandwidth ◽

Low Rate

Distributed denial of service (DDoS) attacks aim to deplete the network bandwidth and computing resources of targeted victims. Low-rate DDoS attacks exploit protocol features such as the transmission control protocol (TCP) three-way handshake mechanism for connection establishment and the TCP congestion-control induced backoffs to attack at a much lower rate and still effectively bring down the targeted network and computer systems. Most of the statistical and machine/deep learning-based detection methods proposed in the literature require keeping track of packets by flows and have high processing overheads for feature extraction. This paper presents a novel two-stage model that uses Long Short-Term Memory (LSTM) and Random Forest (RF) to detect the presence of attack flows in a group of flows. This model has a very low data processing overhead; it uses only two features and does not require keeping track of packets by flows, making it suitable for continuous monitoring of network traffic and on-the-fly detection. The paper also presents an LSTM Autoencoder to detect individual attack flows with high detection accuracy using only two features. Additionally, the paper presents an analysis of a support vector machine (SVM) model that detects attack flows in slices of network traffic collected for short durations. The low-rate attack dataset used in this study is made available to the research community through GitHub.

Download Full-text

Security Improvement Mechanisms in Software-Defined Internet of Things

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.4.2.363 ◽

2020 ◽

Vol 4 (2) ◽

Author(s):

Seyedakbar Mostafavi ◽

Hussaindad Saadat ◽

Razieh Allamehzadeh

Keyword(s):

Internet Of Things ◽

Network Architecture ◽

Software Defined Networking ◽

Global Network ◽

The Internet ◽

Heterogeneous Environments ◽

Smart Objects ◽

Security Services ◽

Security Challenges ◽

Daunting Task

The IoT contains millions of heterogeneous smart objects that are connected together through the Internet platform. These heterogeneous smart objects deal with different protocols, technologies and resources, therefore each of them requires diverse security services in heterogeneous environments. Therefore, providing security services in heterogeneous environments is a daunting task for network providers that cannot be guaranteed through the traditional network architecture. Wide distribution and openness of IoT smart objects makes them very vulnerable to attacks and it can be easily targeted by cyber-attacks. Software-Defined Networking (SDN) is a new paradigm that separates the control plane from data plane t a global network view by centralized controller. Integrating the software-defined network with the Internet of Things can provide better access control and security mechanisms. Software-defined networking provides better control and management possibilities to manage and secure Internet of Things in a good manner. In this paper, we discuss about IoT architecture, security challenges in IoT, SDN architecture, security challenges in each layers of the SDN and software-defined IoT. In addition, we provide solutions to security problems in IoT through software-defined networking approach.

Download Full-text

S-DPS: An SDN-Based DDoS Protection System for Smart Grids

Security and Communication Networks ◽

10.1155/2021/6629098 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Hassan Mahmood ◽

Danish Mahmood ◽

Qaisar Shaheen ◽

Rizwan Akhtar ◽

Wang Changda

Keyword(s):

Smart Grids ◽

Defense Mechanisms ◽

Defense Mechanism ◽

Dynamic Network ◽

Software Defined Networking ◽

Power Grids ◽

Protection System ◽

Centralized Control ◽

Detection Mechanism ◽

Security Technologies

Information Communication Technology (ICT) environment in traditional power grids makes detection and mitigation of DDoS attacks more challenging. Existing security technologies, besides their efficiency, are not adequate to cater to DDoS security in Smart Grids (SGs) due to highly distributed and dynamic network environments. Recently, emerging Software Defined Networking- (SDN-) based approaches are proposed by researchers for SG’s DDoS protection; however, they are only able to protect against flooding attacks and are dependent on static thresholds. The proposed approach, i.e., Software Defined Networking-based DDoS Protection System (S-DPS), is efficiently addressing these issues by employing light-weight Tsallis entropy-based defense mechanisms using SDN environment. It provides early detection mechanism with mitigation of anomaly in real time. The approach offers the best deployment location of defense mechanism due to the centralized control of network. Moreover, the employment of a dynamic threshold mechanism is making detection process adaptive to the changing network conditions. S-DPS has demonstrated its effectiveness and efficiency in terms of Detection Rate (DR) and minimal CPU/RAM utilization, considering DDoS protection focusing smurf attacks, socket stress attacks, and SYN flood attacks.

Download Full-text

Multischeme feedforward artificial neural network architecture for DDoS attack detection

Bulletin of Electrical Engineering and Informatics ◽

10.11591/eei.v10i1.2383 ◽

2021 ◽

Vol 10 (1) ◽

pp. 458-465

Author(s):

Arif Wirawan Muhammad ◽

Cik Feresa Mohd Foozy ◽

Kamaruddin Malik bin Mohammed

Keyword(s):

Neural Network ◽

Artificial Neural Network ◽

Network Architecture ◽

Denial Of Service ◽

Data Packet ◽

Detection Accuracy ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Neural Network Architecture ◽

Quasi Newton

Distributed denial of service attack classified as a structured attack to deplete server, sourced from various bot computers to form a massive data flow. Distributed denial of service (DDoS) data flows behave as regular data packet flows, so it is challenging to distinguish between the two. Data packet classification to detect DDoS attacks is one solution to prevent DDoS attacks and to maintain server resources maintained. The machine learning method especially artificial neural network (ANN), is one of the effective ways to detect the flow of data packets in a computer network. Based on the research that has carried out, it concluded that ANN with hidden layer architecture that contains neuron twice as neuron on the input layer (2n) produces a stable detection accuracy value on Quasi-Newton, Scaled-Conjugate and Resilient-Propagation training functions. Based on the studies conducted, it concluded that ANN Architecture sufficiently affected the Scaled-Conjugate and Resilient-Propagation training functions, otherwise the Quasi-Newton training function. The best detection accuracy achieved from the experiment is 99.60%, 1.000 recall, 0.988 precision, and 0.993 f-measure using the Quasi-Newton training function with 6-(12)-2 neural network architecture.

Download Full-text