An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics

Sahoo, Kshira Sagar; Puthal, Deepak; Tiwary, Mayank; Rodrigues, Joel J. P. C.; Sahoo, Bibhudatta; Dash, Ratnakar

doi:10.1016/j.future.2018.07.017

Cited by 158 publications

(58 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Machine learning techniques used for anomaly detection distinguish malicious traffic flows based on characteristics of network traffic [50] and utilize models that learn automatically from these experiences. It uses supervised learning algorithms such as support vector machine (SVM), Decision tree, etc.…”

Section: ) Machine Learning-based Schemesmentioning

confidence: 99%

Security Analysis of Network Anomalies Mitigation Schemes in IoT Networks

2020

View full text Add to dashboard Cite

The Internet of Things (IoT) is on the rise and it is giving a new shape to several fields such as smart cities, smart homes, smart health, etc. as it facilitates the connection of physical objects to the internet. However, this advancement comes along with new challenges in terms of security of the devices in the IoT networks. Some of these challenges come as network anomalies. Hence, this has prompted the use of network anomaly mitigation schemes as an integral part of the defense mechanisms of IoT networks in order to protect the devices from malicious users. Thus, several schemes have been proposed to mitigate network anomalies. This paper covers a review of different network anomaly mitigation schemes in IoT networks. The schemes' objectives, operational procedures, and strengths are discussed. A comparison table of the reviewed schemes, as well as a taxonomy based on the detection methodology, is provided. In contrast to other surveys that presented qualitative evaluations, our survey provides both qualitative and quantitative evaluations. The UNSW-NB15 dataset was used to conduct a performance evaluation of some classification algorithms used for network anomaly mitigation schemes in IoT. Finally, challenges and open issues in the development of network anomaly mitigation schemes in IoT are discussed.

show abstract

Section: ) Machine Learning-based Schemesmentioning

confidence: 99%

Security Analysis of Network Anomalies Mitigation Schemes in IoT Networks

2020

View full text Add to dashboard Cite

show abstract

“…As demonstrated in Eqs. 7- (8), the Gain Ratio is a measure of the decision tree to estimate the performance. Assume that there is a training dataset D, the expected information required to accurately categorize an attack in IDS, x j ∈ D is calculated as:…”

Section: Decision Treementioning

confidence: 99%

“…Because these profiles are based on information on normal network behaviors, the anomaly-based detection schemes can recognize previously unknown attacks. As such, it has opened up an enormous research area for researchers [5,8]. In general, effectiveness is measured by detection speed, frequency of false alarms; and efficacy is estimated by response time when an attack occurs.…”

Section: Introductionmentioning

confidence: 99%

Distributed Denial-of-Service Prediction on IoT Framework by Learning Techniques

Dwivedi

Vardhan

Tripathi

2020

Open Computer Science

View full text Add to dashboard Cite

Distributed denial-of-service (DDoS) attacks on the Internet of Things (IoT) pose a serious threat to several web-based networks. The intruder’s ability to deal with the power of various cooperating devices to instigate an attack makes its administration even more multifaceted. This complexity can be further increased while lots of intruders attempt to overload an attack against a device. To counter and defend against modern DDoS attacks, several effective and powerful techniques have been used in the literature, such as data mining and artificial intelligence for the intrusion detection system (IDS), but they have some limitations. To overcome the existing limitations, in this study, we propose an intrusion detection mechanism that is an integration of a filter-based selection technique and a machine learning algorithm, called information gain-based intrusion detection system (IGIDS). In addition, IGIDS selects the most relevant features from the original IDS datasets that can help to distinguish typical low-speed DDoS attacks and, then, the selected features are passed on to the classifiers, i.e. support vector machine (SVM), decision tree (C4.5), naïve Bayes (NB) and multilayer perceptron (MLP) to detect attacks. The publicly available datasets as KDD Cup 99, CAIDA DDOS Attack 2007, CONFICKER worm, and UNINA traffic traces, are used for our experimental study. From the results of the simulation, it is clear that IGIDS with C4.5 acquires high detection and accuracy with a low false-positive rate.

show abstract

“…The controller then creates the rule and action to be sent to the switch through the Packet_out message. This workflow provides effective and flexible traffic management and control; however, the centralized control approach is a target of major security attacks [7], [8].…”

Section: Introductionmentioning

confidence: 99%

Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks

Alamri

Thayananthan

2020

IEEE Access

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an emerging network architecture that addresses the limitation of the traditional network by providing centralized management through a central controller that decouples the control and data planes. However, this development has made the controller a severe target for malicious users to execute attacks such as Distributed Denial of Service (DDoS) attacks. Several schemes have been proposed to mitigate DDoS attacks in SDN, but the challenges still exist. This paper proposes a DDoS mitigation scheme for SDN to ensure accurate attack detection and efficient network resource utilization. The scheme employs two stages: a bandwidth control mechanism and Extreme Gradient Boosting (XGBoost) Algorithm. The bandwidth control mechanism utilizes an adaptive bandwidth profile-based threshold and bandwidth control algorithm that trigger the XGBoost algorithm in case of threshold violations. The use of multiple bandwidth profiles in stetting the threshold ensures the threshold's adaptivity to consider the network traffic variation and reduce the packets drop ratio, which shows an outstanding result. The XGBoost algorithm classifies network traffic flow that violates a set threshold into normal or abnormal traffic. We evaluated the performance of our scheme using CICDDoS2019, NSL-KDD, and CAIDA datasets. Furthermore, we validated our proposed solution in real-time with the SDN environment. The results obtained show that our scheme protects SDN against DDoS attacks with high accuracy, low error, and efficient utilization of the network resources. The proposed system achieved 99.9% accuracy in detecting DDoS attacks with a low false-positive rate of 0.0002% in SDN.

show abstract

An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics

Cited by 158 publications

References 34 publications

Security Analysis of Network Anomalies Mitigation Schemes in IoT Networks

Security Analysis of Network Anomalies Mitigation Schemes in IoT Networks

Distributed Denial-of-Service Prediction on IoT Framework by Learning Techniques

Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks

Contact Info

Product

Resources

About