Detecting the DDoS attack for SDN Controller

A Software Defined Network (SDN) is an architecture used to form agile and flexible networks. SDN's goal is to improve network control, allowing service providers to respond rapidly to changing requirements. In a SDN, an administrator or a network engineer can configure the traffic from a centralized control console without having to touch individual network switches. Due to the fact that the control plan is entered by SDN as a network manager, a Single of Failure Point (SPoF) is also introduced. If SDN can not be reached by network devices, the network will crash. Distributed Denial of service (DDoS) attack is a way to make SDN Controller inaccessible. In this paper are presented the potential vulnerabilities of SDN Controller that can be exploited for DDoS attack as well as the presence of methods of detection and attenuation of these attacks.

Download Full-text

Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

10.26686/wgtn.17064107.v1 ◽

2021 ◽

Author(s):

◽

Jarrod Bakker

Keyword(s):

Denial Of Service ◽

Network Control ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Network Information ◽

Ddos Attack ◽

Machine Learning Methods ◽

Attack Scenario ◽

And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

Download Full-text

Proxy SDN Controller for Wireless Networks

Mobile Information Systems ◽

10.1155/2016/7172187 ◽

2016 ◽

Vol 2016 ◽

pp. 1-14

Author(s):

Won-Suk Kim ◽

Sang-Hwa Chung

Keyword(s):

Wireless Networks ◽

Response Time ◽

Wireless Network ◽

Cooperative Control ◽

Hybrid Control ◽

Network Control ◽

Centralized Control ◽

Wired Networks ◽

Control Overhead ◽

Sdn Controller

Management of wireless networks as well as wired networks by using software-defined networking (SDN) has been highlighted continually. However, control features of a wireless network differ from those of a wired network in several aspects. In this study, we identify the various inefficient points when controlling and managing wireless networks by using SDN and propose SDN-based control architecture called Proxcon to resolve these problems. Proxcon introduces the concept of a proxy SDN controller (PSC) for the wireless network control, and the PSC entrusted with the role of a main controller performs control operations and provides the latest network state for a network administrator. To address the control inefficiency, Proxcon supports offloaded SDN operations for controlling wireless networks by utilizing the PSC, such as local control by each PSC, hybrid control utilizing the PSC and the main controller, and locally cooperative control utilizing the PSCs. The proposed architecture and the newly supported control operations can enhance scalability and response time when the logically centralized control plane responds to the various wireless network events. Through actual experiments, we verified that the proposed architecture could address the various control issues such as scalability, response time, and control overhead.

Download Full-text

Memcached: An Experimental Study of DDoS Attacks for the Wellbeing of IoT Applications

Sensors ◽

10.3390/s21238071 ◽

2021 ◽

Vol 21 (23) ◽

pp. 8071

Author(s):

Nivedita Mishra ◽

Sharnil Pandya ◽

Chirag Patel ◽

Nagaraj Cholli ◽

Kirit Modi ◽

...

Keyword(s):

Best Practices ◽

Amplification Factor ◽

Service Providers ◽

Denial Of Service ◽

Threshold Scheme ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Ddos Attack ◽

Iot Applications ◽

Future Challenges

Distributed denial-of-service (DDoS) attacks are significant threats to the cyber world because of their potential to quickly bring down victims. Memcached vulnerabilities have been targeted by attackers using DDoS amplification attacks. GitHub and Arbor Networks were the victims of Memcached DDoS attacks with 1.3 Tbps and 1.8 Tbps attack strengths, respectively. The bandwidth amplification factor of nearly 50,000 makes Memcached the deadliest DDoS attack vector to date. In recent times, fellow researchers have made specific efforts to analyze and evaluate Memcached vulnerabilities; however, the solutions provided for security are based on best practices by users and service providers. This study is the first attempt at modifying the architecture of Memcached servers in the context of improving security against DDoS attacks. This study discusses the Memcached protocol, the vulnerabilities associated with it, the future challenges for different IoT applications associated with caches, and the solutions for detecting Memcached DDoS attacks. The proposed solution is a novel identification-pattern mechanism using a threshold scheme for detecting volume-based DDoS attacks. In the undertaken study, the solution acts as a pre-emptive measure for detecting DDoS attacks while maintaining low latency and high throughput.

Download Full-text

DDoS Attack Detection in Software Defined Networks by various Metrics

Recent Patents on Engineering ◽

10.2174/1872212115666210714143008 ◽

2021 ◽

Vol 15 ◽

Author(s):

Noor Raad Saadallah ◽

Sahar Abdul Aziz Al-Talib ◽

Fahad Layth Malallah

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Software Defined Networks ◽

Centralized Control ◽

Multiple Sources ◽

Control Networks ◽

Software Applications ◽

Ddos Attack ◽

Traffic State ◽

Ddos Attack Detection

Background: Software-Defined Networks (SDNs) are a new architectural approach to smart centralized control networks that were introduced alongside Open Flow in 2011. SDNs are programmed using software applications that help operators manage the network in a fully consistent and comprehensive way. Centralization in these networks is considered a weakness, especially if it is accessed by a Distributed Denial of Service (DDoS) attack - which is the process of uploading huge floods of various sorts of traffic to a website, from multiple sources, in order to make it and its services inaccessible to users. Method: In our current research, we will build an SDN through a Mininet virtualization simulator, and by using Python. A DDoS attack will be detected depending on two facts: firstly, Traffic State - which normally sees traffic packets sent at around 30 packets per second (DDoS packets are about 250 packets per second and will completely disrupt the network if the attack persists). Secondly, the number of IP Hits. The method used in the research appears very effective in detecting DDoS, according to the results we have achieved. Result: The proposed performance of the system: The Precision (PREC), Recall (REC), and F-Measure (F1) metrics have been used for assessment. Conclusion: The novelty of the current research lies in the detection of penetration in SDN networks, by calculating the number of hits by the hacker's device and the number of times they enter the main device in the network, in addition to the large amount of data sent by the hacker's device to the network. The experimental results are promising as compared with the datasets like CIC-DoS, CICIDS2017, CSE-CIC-IDS2018, and customized dataset. The results ranged between 90% and 96%.

Download Full-text

New Detection Mechanism for Distributed Denial of Service Attacks in Software Defined Networks

International Journal of Sociotechnology and Knowledge Development ◽

10.4018/ijskd.2020040101 ◽

2020 ◽

Vol 12 (2) ◽

pp. 1-30

Author(s):

Khalid Mohamed Hosny ◽

Ameer El-Sayed Gouda ◽

Ehab Rushdy Mohamed

Keyword(s):

Denial Of Service ◽

Control Unit ◽

Hybrid Technique ◽

Software Defined Networks ◽

Distributed Denial Of Service ◽

Centralized Control ◽

Detection Mechanism ◽

Initiation Rate ◽

Degree Of Protection ◽

Ddos Attack

Software defined networks (SDN) are a recently developed form for controlling network management by providing centralized control unit called the Controller. This master Controller is a great power point but at the same time it is unfortunately a failure point and a serious loophole if it is targeted and dropped by attacks. One of the most serious types of attacks is the inability to access the Controller, which is known as the distributed denial of service (DDoS) attack. This research shows how DDoS attack can deplete the resources of the Controller and proposes a lightweight mechanism, which works at the Controller and detects a DDoS attack in the early stages. The proposed mechanism can not only detect the attack, but also identify attack paths and initiate a mitigation process to provide some degree of protection to network devices immediately after the attack is detected. The proposed mechanism depends on a hybrid technique that merges between the average flow initiation rate, and the flow specification of the coming traffic to the network.

Download Full-text

Distributed Denial-of-Service Attack Detection and Mitigation for the Internet of Things

International Journal of Technology Diffusion ◽

10.4018/ijtd.2020040102 ◽

2020 ◽

Vol 11 (2) ◽

pp. 18-32

Author(s):

Opeyemi Peter Ojajuni ◽

Yasser Ismail ◽

Albertha Lawson

Keyword(s):

Internet Of Things ◽

Denial Of Service ◽

Application Programming Interface ◽

Attack Detection ◽

The Internet ◽

Distributed Denial Of Service ◽

Financial Loss ◽

Ddos Attack ◽

The Internet Of Things ◽

Sdn Controller

The Internet of Things (IoT) allows different devices with internet protocol (IP) address to be connected together via the internet to collect, provide, store, and exchange data amongst themselves. The distributed denial of service (DDoS) attack is one of the inevitable challenges which should be addressed in the development of the IoT. A DDoS attack has the potential to render a victim's services unavailable, which can then lead to additional challenges such as website outage, financial loss, reputational damage and loss of confidential information. In this article, a framework of the SDN controller via an application programming interface (API) is compared to an existing framework. SDN provides a new architecture that can detect and mitigate a DDoS attack so that it makes the networking functionalities programmable via the API and also it centralizes the control management of the IoT devices. Experimental results show the capability of the SDN framework to analyze a real-time traffic of the SDN controller via the API by setting a control bandwidth usage threshold using the API.

Download Full-text

Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

10.26686/wgtn.17064107 ◽

2021 ◽

Author(s):

◽

Jarrod Bakker

Keyword(s):

Denial Of Service ◽

Network Control ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Network Information ◽

Ddos Attack ◽

Machine Learning Methods ◽

Attack Scenario ◽

And Control

Download Full-text

Improved DDoS Attacks Detection using Hybrid Statistical Model and Sparse Representation for Cloud Computing

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i8586.0881019 ◽

2019 ◽

Vol 8 (10) ◽

pp. 32-37

Keyword(s):

Cloud Computing ◽

Service Providers ◽

Denial Of Service ◽

Cloud Service ◽

Ddos Attacks ◽

Service Accessibility ◽

Ddos Attack ◽

Redundant Data ◽

Cloud Computing Service ◽

Cloud Service Providers

While hosting various cloud based information technology facilities by handling various assets on the internet, Cloud service accessibility has remained one of the chief concerns of cloud service providers (CSP). Several security concerns associated to cloud computing service simulations, and cloud’s major qualities contribute towards its susceptibility of security threats related with cloud service availability, the liability of internet, and the dispense behavior of cloud computing. Distributed Denial of Service (DDoS) attacks is one of the main advanced threats that occur to be extremely problematic and stimulating to stand owing towards its dispersed behavior and resulted in cloud service interruption. Although there exist amount of interruption recognition resolutions anticipated by various investigation groups, there exists not at all such a faultless result that avoids the DDoS attack and cloud service providers (CSP) are presently consuming various detection resolutions by assuring that their product stays well protected. The features of DDoS attack consuming various forms with dissimilar scenarios make it problematic to identify. Inspecting and analyzing various surviving DDoS detecting methods contrary to several factors is accomplished by this paper. To enhance the system performance further, sparse based data optimization is proposed to remove the redundant data. This enhancement reduced the execution time of the system by0.2%.

Download Full-text

Distributed Denial of Service Attacks Detection and Mitigation in Software Defined Mesh Networks

10.3233/apc210218 ◽

2021 ◽

Author(s):

Santosh Mani ◽

Manisha J Nene

Keyword(s):

Service Providers ◽

Mesh Networks ◽

Denial Of Service ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Backbone Networks ◽

Mesh Topology ◽

Communication Links ◽

Rest Api ◽

Sdn Controller

Networks configured in Mesh topology provide Network security in the form of redundancy of communication links. But redundancy also contributes to complexity in configuration and subsequent troubleshooting. Critical networks like Backbone Networks (used in Cloud Computing) deploy the Mesh topology which provides additional security in terms of redundancy to ensure availability of services. Distributed Denial of Service attacks are one of the most prominent attacks that cause an immense amount of loss of data as well as monetary losses to service providers. This paper proposes a method by which using SDN capabilities and sFlow-RT application, Distributed Denial of Service (DDoS) attacks is detected and consequently mitigated by using REST API to implement Policy Based Flow Management through the SDN Controller which will help in ensuring uninterrupted services in scenarios of such attacks and also further simply and enhance the management of Mesh architecture-based networks.

Download Full-text

An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers

Technologies ◽

10.3390/technologies9010014 ◽

2021 ◽

Vol 9 (1) ◽

pp. 14

Author(s):

James Dzisi Gadze ◽

Akua Acheampomaa Bamfo-Asante ◽

Justice Owusu Agyemang ◽

Henry Nunoo-Mensah ◽

Kwasi Adu-Boahen Opare

Keyword(s):

Deep Learning ◽

Network Architecture ◽

Learning Algorithm ◽

Single Point ◽

Denial Of Service ◽

Specific Work ◽

Learning Models ◽

Ddos Attack ◽

Deep Learning Algorithm ◽

Proposed Model

Software-Defined Networking (SDN) is a new paradigm that revolutionizes the idea of a software-driven network through the separation of control and data planes. It addresses the problems of traditional network architecture. Nevertheless, this brilliant architecture is exposed to several security threats, e.g., the distributed denial of service (DDoS) attack, which is hard to contain in such software-based networks. The concept of a centralized controller in SDN makes it a single point of attack as well as a single point of failure. In this paper, deep learning-based models, long-short term memory (LSTM) and convolutional neural network (CNN), are investigated. It illustrates their possibility and efficiency in being used in detecting and mitigating DDoS attack. The paper focuses on TCP, UDP, and ICMP flood attacks that target the controller. The performance of the models was evaluated based on the accuracy, recall, and true negative rate. We compared the performance of the deep learning models with classical machine learning models. We further provide details on the time taken to detect and mitigate the attack. Our results show that RNN LSTM is a viable deep learning algorithm that can be applied in the detection and mitigation of DDoS in the SDN controller. Our proposed model produced an accuracy of 89.63%, which outperformed linear-based models such as SVM (86.85%) and Naive Bayes (82.61%). Although KNN, which is a linear-based model, outperformed our proposed model (achieving an accuracy of 99.4%), our proposed model provides a good trade-off between precision and recall, which makes it suitable for DDoS classification. In addition, it was realized that the split ratio of the training and testing datasets can give different results in the performance of a deep learning algorithm used in a specific work. The model achieved the best performance when a split of 70/30 was used in comparison to 80/20 and 60/40 split ratios.

Download Full-text