A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

Wang, Wentao; Ke, Xuan; Wang, Lingxia

doi:10.3390/fi10090083

Cited by 24 publications

(5 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ref. [85] distinguishes normal and attack traffic according to the Renyi entropy change of source IP and destination IP, and adopts the proposed HMM-R method to detect L-DDoS attacks of different rates in the form of probability. However, this method only considers the IP of the traffic, which has some limitations.…”

Section: ) Hmmmentioning

confidence: 99%

Overview of DDoS Attack Detection in Software-Defined Networks

Wang,

2024

IEEE Access

View full text Add to dashboard Cite

Software Defined network (SDN), as a new network architecture, is the direction of future network development. By decoupling the control plane and data plane of the network, the control and management of network resources can be improved. However, SDN centralized controllers become the target of malicious attacks, prone to the risk of single point of failure, of which DDoS attacks are the main attack behavior. Through extensive literature investigation, this paper systematically reviews the latest progress of DDoS attack detection in SDN environment. Firstly, the SDN architecture and corresponding DDoS attacks are described, and the commonly used data sets and evaluation indicators are summarized. Secondly, the data preprocessing technology is summarized, and the data dimensionality reduction technology is introduced in detail. Then, at the level of detection technology, it focuses on the advantages and disadvantages of detection algorithms based on statistical analysis, machine learning and deep learning. Finally, the challenges of current research are analyzed, and the future development direction is forecasted. In order to provide reference for future research and development, at the same time, it is of great significance to improve the safety of SDN products in the future.

show abstract

Section: ) Hmmmentioning

confidence: 99%

Overview of DDoS Attack Detection in Software-Defined Networks

Wang,

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Therefore, the above method has disadvantages such as poor reliability, low detection rate, and poor scalability. Wang et al 29 proposed the adaptive Markov algorithm for LDoS attack. By calculating the Renyi entropy of the source IP and destination IP of the attack flow, the algorithm combined with the hidden Markov model is able to distinguish the LDoS attack.…”

Section: Related Workmentioning

confidence: 99%

A hybrid deep learning model based low‐rate DoS attack detection method for software defined network

Sun

Guan

Peng

et al. 2022

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The low-rate DoS (LDoS) attack is a new kind of network attack which has the characteristics such as low speed and good concealment. The software defined network, as a new type of network architecture, also faces the threat from LDoS attacks. In this article, we propose a detection method of LDoS attacks based on a hybrid deep learning model CNN-GRU: the convolutional neural network (CNN) and the gated recurrent unit (GRU). First, we extract field values such as n_packets and n_bytes, from the flow rule, and construct the average numbers of packets and bytes as the input data of the hybrid model. Then, to enhance the detection performance of the hybrid model, we improve the sailfish algorithm to optimize the hyperparameters of CNN and GRU automatically in the training process. Finally, we adopt hyperparameter optimized CNN and GRU to extract deeper spatial and temporal features of input data, respectively, which achieves accurate detection of the LDoS attack. The experimental results demonstrate that the proposed hybrid deep learning model-based method outperforms other traditional machine learning algorithms in terms of detection efficiency and accuracy.

show abstract

“…In a study by Wang et al [169], HMM is combined with the calculated Renyi entropy of the source and destination IP of the incoming data packets collected by the SDN controller to create an HMM-R scheme that detects low-rate DDoS attacks. For the traffic acquisition, the authors have employed an SDN controller.…”

Section: Unsupervised ML Based Ids In Sdnmentioning

confidence: 99%

“…As a result, detecting a low-rate DDoS attack is still challenging and needs more attention. Though some studies [147], [169], [226], [303] have tried to detect low-rate DDoS in SDN using ML-based approaches, more research is needed in this area.…”

Section: Lack Of Low-rate Ddos Attack Detectionmentioning

confidence: 99%

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Rayhan¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Cite

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

show abstract

A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

Cited by 24 publications

References 24 publications

Overview of DDoS Attack Detection in Software-Defined Networks

Overview of DDoS Attack Detection in Software-Defined Networks

A hybrid deep learning model based low‐rate DoS attack detection method for software defined network

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Contact Info

Product

Resources

About