A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

Bahashwan, Abdullah Ahmed; Anbar, Mohammed; Manickam, Selvakumar; Al-Amiedy, Taief Alaa; Aladaileh, Mohammad Adnan; Hasbullah, Iznan H.

doi:10.3390/s23094441

Cited by 22 publications

(10 citation statements)

References 121 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they did not meet the objectives of this research. Some of these datasets (i.e., CICIDS2018 [ 18 ] and ISCX2012 [ 19 ]) are generated for conventional networks and do not reflect the SDN network architecture, which is entirely different from traditional networks [ 3 ].…”

Section: Resultsmentioning

confidence: 99%

“…The controller processes this message and returns a response using the Packet_Out message to update the flow table switches. Attackers can exploit this forwarding process to flood the network with spoofed packets that exhaust the SDN controller resources and cause degradation of its performance [ 3 ]. Therefore, the HLD-DDoSDN dataset focuses on the most relevant DDoS flooding attacks in the SDN context.…”

Section: Hld-ddosdn Generationmentioning

confidence: 99%

“…Consequently, the network infrastructure must be equipped with an efficient IDS to detect DDoS in the SDN network. Despite the existing IDSs, the research challenge of developing an effective anomaly-based IDS for the SDN environment remains open [ 3 ]. One of these challenges is that the publicly available datasets are generated for conventional networks and do not reflect an SDN network’s characteristics, even though the publicly available realistic SDN datasets are limited to standard or conventional DDoS attacks (i.e., high-rate attacks), which are relatively easy to detect due to the large volume of malicious traffic.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN

Bahashwan,

Anbar,

Manickam

et al. 2024

PLoS ONE

Self Cite

View full text Add to dashboard Cite

Software Defined Network (SDN) has alleviated traditional network limitations but faces a significant challenge due to the risk of Distributed Denial of Service (DDoS) attacks against an SDN controller, with current detection methods lacking evaluation on unrealistic SDN datasets and standard DDoS attacks (i.e., high-rate DDoS attack). Therefore, a realistic dataset called HLD-DDoSDN is introduced, encompassing prevalent DDoS attacks specifically aimed at an SDN controller, such as User Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). This SDN dataset also incorporates diverse levels of traffic fluctuations, representing different traffic variation rates (i.e., high and low rates) in DDoS attacks. It is qualitatively compared to existing SDN datasets and quantitatively evaluated across all eight scenarios to ensure its superiority. Furthermore, it fulfils the requirements of a benchmark dataset in terms of size, variety of attacks and scenarios, with significant features that highly contribute to detecting realistic SDN attacks. The features of HLD-DDoSDN are evaluated using a Deep Multilayer Perception (D-MLP) based detection approach. Experimental findings indicate that the employed features exhibit high performance in the detection accuracy, recall, and precision of detecting high and low-rate DDoS flooding attacks.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Hld-ddosdn Generationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN

Bahashwan,

Anbar,

Manickam

et al. 2024

PLoS ONE

Self Cite

View full text Add to dashboard Cite

show abstract

“…In most cases, the SDN controller serves as a reflection and model of the SDN framework. Communication with switches is facilitated through southbound application APIs, such as OpenFlow, while SDN applications such as load balancers and firewalls rely on northbound APIs [14].…”

Section: Sdn Controllers and Openflow Protocolmentioning

confidence: 99%

“…However, traditionally, signaturebased IDS struggle to keep up with the evolving nature of DDoS attacks, as attackers continuously employ new strategies. To address this challenge, DL has gained prominence in the field of IDS [14].…”

Section: Rnn-based Approachmentioning

confidence: 99%

Deep Learning-Based Approach for Detecting DDoS Attack on Software-Defined Networking Controller

Mansoor

Anbar

Bahashwan

et al. 2023

Systems

Self Cite

View full text Add to dashboard Cite

The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

show abstract