scholarly journals Software Defined Network : The Comparison of SVM kernel on DDoS Detection

2021 ◽  
Vol 1 (1) ◽  
pp. 281-290
Author(s):  
Rifki Indra Perwira ◽  
Hari Prapcoyo

SDN is a new technology in the concept of a network where there is a separation between the data plane and the control plane as the brain that regulates data forwarding so that it becomes a target for DDoS attacks. Detection of DDoS attacks is an important topic in the field of network security. because of the difficulty of detecting the difference between normal traffic and anomalous attacks. Based on data from helpnetsecurity.com, in 2020 there were 4.83 million attempted DoS/DDoS attacks on various services, this shows that network security is very important. Various methods have been used in detecting DDoS attacks such as using a threshold on passing network traffic with an average traffic size compared to 3 times the standard deviation, the weakness of this method is if there is a spike in traffic it will be detected as an attack even though the traffic is normal so that it increases false positives. To maintain security on the SDN network, the reason is that a system is needed that can detect DDoS attacks anomalously by taking advantage of the habits that appear on the system and assuming that if there are deviations from the habits that appear then it is declared a DDoS attack, the SVM method is used to categorize the data traffic obtained from the controller to detect whether it is a DDoS attack or not. Based on the tests conducted with 500 training data, the accuracy is 99,2%. The conclusion of this paper is that the RBF SVM kernel can be very good at detecting anomalous DDoS attacks.

2018 ◽  
Vol 7 (2.6) ◽  
pp. 46 ◽  
Author(s):  
Sanjeetha R ◽  
Shikhar Srivastava ◽  
Rishab Pokharna ◽  
Syed Shafiq ◽  
Dr Anita Kanavalli

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.


Symmetry ◽  
2022 ◽  
Vol 14 (1) ◽  
pp. 66
Author(s):  
Chin-Shiuh Shieh ◽  
Thanh-Tuan Nguyen ◽  
Wan-Wei Lin ◽  
Yong-Lin Huang ◽  
Mong-Fong Horng ◽  
...  

DDoS (Distributed Denial of Service) has emerged as a serious and challenging threat to computer networks and information systems’ security and integrity. Before any remedial measures can be implemented, DDoS assaults must first be detected. DDoS attacks can be identified and characterized with satisfactory achievement employing ML (Machine Learning) and DL (Deep Learning). However, new varieties of aggression arise as the technology for DDoS attacks keep evolving. This research explores the impact of a new incarnation of DDoS attack–adversarial DDoS attack. There are established works on ML-based DDoS detection and GAN (Generative Adversarial Network) based adversarial DDoS synthesis. We confirm these findings in our experiments. Experiments in this study involve the extension and application of the GAN, a machine learning framework with symmetric form having two contending neural networks. We synthesize adversarial DDoS attacks utilizing Wasserstein Generative Adversarial Networks featuring Gradient Penalty (GP-WGAN). Experiment results indicate that the synthesized traffic can traverse the detection systems such as k-Nearest Neighbor (KNN), Multi-Layer Perceptron (MLP) and Random Forest (RF) without being identified. This observation is a sobering and pessimistic wake-up call, implying that countermeasures to adversarial DDoS attacks are urgently needed. To this problem, we propose a novel DDoS detection framework featuring GAN with Dual Discriminators (GANDD). The additional discriminator is designed to identify adversary DDoS traffic. The proposed GANDD can be an effective solution to adversarial DDoS attacks, as evidenced by the experimental results. We use adversarial DDoS traffic synthesized by GP-WGAN to train GANDD and validate it alongside three other DL technologies: DNN (Deep Neural Network), LSTM (Long Short-Term Memory) and GAN. GANDD outperformed the other DL models, demonstrating its protection with a TPR of 84.3%. A more sophisticated test was also conducted to examine GANDD’s ability to handle unseen adversarial attacks. GANDD was evaluated with adversarial traffic not generated from its training data. GANDD still proved effective with a TPR around 71.3% compared to 7.4% of LSTM.


Author(s):  
Maman Abdurohman ◽  
Dani Prasetiawan ◽  
Fazmah Arif Yulianto

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.


2020 ◽  
Vol 14 (3) ◽  
pp. 50-71
Author(s):  
Oussama Hannache ◽  
Mohamed Chaouki Batouche

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.


2014 ◽  
Vol 2014 ◽  
pp. 1-15 ◽  
Author(s):  
Monika Sachdeva ◽  
Krishan Kumar

The detection of distributed denial of service (DDoS) attacks is one of the hardest problems confronted by the network security researchers. Flash event (FE), which is caused by a large number of legitimate requests, has similar characteristics to those of DDoS attacks. Moreover DDoS attacks and FEs require altogether different handling procedures. So discriminating DDoS attacks from FEs is very important. But the research involving DDoS detection has not laid enough emphasis on including FEs scenarios in the experiments. In this paper, we are using traffic cluster entropy as detection metric not only to detect DDoS attacks but also to distinguish DDoS attacks from FEs. We have validated our approach on cyber-defense technology experimental research laboratory (DETER) testbed. Different emulation scenarios are created on DETER using mix of legitimate, flash, and different types of attacks at varying strengths. It is found that, when flash event is triggered, source address entropy increases but the corresponding traffic cluster entropy does not increase. However, when DDoS attack is launched, traffic cluster entropy also increases along with source address entropy. An analysis of live traces on DETER testbed clearly manifests supremacy of our approach.


Sensors ◽  
2022 ◽  
Vol 22 (2) ◽  
pp. 410
Author(s):  
Muhammad Altaf Khan ◽  
Moustafa M. Nasralla ◽  
Muhammad Muneer Umar ◽  
Ghani-Ur-Rehman ◽  
Shafiullah Khan ◽  
...  

Wireless sensor networks (WSNs) are low-cost, special-purpose networks introduced to resolve various daily life domestic, industrial, and strategic problems. These networks are deployed in such places where the repairments, in most cases, become difficult. The nodes in WSNs, due to their vulnerable nature, are always prone to various potential threats. The deployed environment of WSNs is noncentral, unattended, and administrativeless; therefore, malicious attacks such as distributed denial of service (DDoS) attacks can easily be commenced by the attackers. Most of the DDoS detection systems rely on the analysis of the flow of traffic, ultimately with a conclusion that high traffic may be due to the DDoS attack. On the other hand, legitimate users may produce a larger amount of traffic known, as the flash crowd (FC). Both DDOS and FC are considered abnormal traffic in communication networks. The detection of such abnormal traffic and then separation of DDoS attacks from FC is also a focused challenge. This paper introduces a novel mechanism based on a Bayesian model to detect abnormal data traffic and discriminate DDoS attacks from FC in it. The simulation results prove the effectiveness of the proposed mechanism, compared with the existing systems.


2020 ◽  
Author(s):  
Artur Luczak ◽  
Bruce L. McNaughton ◽  
Yoshimasa Kubo

AbstractPlasticity mechanisms in the brain are still not well understood. Here we demonstrate that the ability of a neuron to predict its future activity may provide an effective mechanism for learning in the brain. We show that comparing a neuron’s predicted activity with the actual activity provides a useful learning signal for modifying synaptic weights. Interestingly, this predictive learning rule can be derived from a metabolic principle, where neurons need to minimize their own synaptic activity (cost), while maximizing their impact on local blood supply by recruiting other neurons. This reveals an unexpected connection that learning in neural networks could result from simply maximizing the energy balance by each neuron. We validated this predictive learning rule in neural network simulations and in data recorded from awake animals. We found that in the sensory cortex it is indeed possible to predict a neuron’s activity ∼10-20ms into the future. Moreover, in response to stimuli, cortical neurons changed their firing rate to minimize surprise: i.e. the difference between actual and expected activity, as predicted by our model. Our results also suggest that spontaneous brain activity provides “training data” for neurons to learn to predict cortical dynamics. Thus, this work demonstrates that the ability of a neuron to predict its future inputs could be an important missing element to understand computation in the brain.Significance statementUnderstanding how the brain learns may lead to machines with human-like intellectual capacities. Donald Hebb proposed the influential idea that the brain’s learning algorithm is based on correlated firing: a.k.a. ‘cells that fire together wire together’. However, Hebb’s rule and other biologically inspired learning algorithms are still likely missing some important components needed to replicate brain learning mechanisms. Here we provide evidence for a predictive learning rule: a neuron predicts its future activity and adjusts its incoming weights to minimize surprise: i.e. the difference between actual and expected activity. Interestingly, we show that such a rule is equivalent to maximizing the neuron’s energy balance, which could be paraphrased as: cells adjust their weights to achieve maximum impact with minimum activity.


Author(s):  
Ankur Dumka ◽  
Alaknanda Ashok ◽  
Parag Verma

The software-defined network (SDN) emerges as an updated technology that changes the scenario of networking where the network is managed by means of software. Any network is always not secure, and hence, the research in terms of securing this network is an area of research. DDoS is one of the attacks that makes a network insecure. This paper proposes the impact in terms of performance of SDN networks due to DDoS attack and proposes a new algorithm for increasing the performance of network. The proposed algorithm prevents the DDoS attack at the application level of flooding by keeping track of IP addresses and thus improves the performance of the network by preventing from DDoS attacks.


Author(s):  
Irmawati Feren Kilwalaga ◽  
Fauzi Dwi Setiawan Sumadi ◽  
Syaifuddin Syaifuddin

Limitations on traditional networks contributed to the development of a new paradigm called Software Defined Network (SDN). The separation of control and data plane provides an advantage as well as a security gap on the SDN network because all controls are centralized on the controller so when the compilation of attacks are directed the controller, the controller will be overburdened and eventually dropped. One of the attacks that can be used is the DDoS attack - ICMP Flood. ICMP Flood is an attack intended to overwhelm the target with a large number of ICMP requests. To overcome this problem, this paper proposes detection and mitigation using the Modern Honey Network (MHN) integration in SDN and then makes reactive applications outside the controller using the entropy method. Entropy is a statistical method used to calculate the randomness level of an incoming packet and use header information as a reference for its calculation. In this study, the variables used are the source of IP, the destination of IP and protocol. The results show that detection and mitigation were successfully carried out with an average value of entropy around 10.830. Moreover, CPU usage either in normal packet delivery or attacks showed insignificant impact from the use of entropy. In addition, it can be concluded that the best data collected in 30 seconds in term of the promptness of mitigation flow installation.


2021 ◽  
Vol 13 (22) ◽  
pp. 12514
Author(s):  
Chih-Hsiang Hsieh ◽  
Wei-Kuan Wang ◽  
Cheng-Xun Wang ◽  
Shi-Chun Tsai ◽  
Yi-Bing Lin

The DDoS attack is one of the most notorious attacks, and the severe impact of the DDoS attack on GitHub in 2018 raises the importance of designing effective defense methods for detecting this type of attack. Unlike the traditional network architecture that takes too long to cope with DDoS attacks, we focus on link-flooding attacks that do not directly attack the target. An effective defense mechanism is crucial since as long as a link-flooding attack is undetected, it will cause problems over the Internet. With the flexibility of software-defined networking, we design a novel framework and implement our ideas with a deep learning approach to improve the performance of the previous work. Through rerouting techniques and monitoring network traffic, our system can detect a malicious attack from the adversary. A CNN architecture is combined to assist in finding an appropriate rerouting path that can shorten the reaction time for detecting DDoS attacks. Therefore, the proposed method can efficiently distinguish the difference between benign traffic and malicious traffic and prevent attackers from carrying out link-flooding attacks through bots.


Sign in / Sign up

Export Citation Format

Share Document