Detection Techniques of Distributed Denial of Service Attacks on Software-Defined Networking Controller–A Review

Aladaileh, Mohammad Adnan; Anbar, Mohammed; Hasbullah, Iznan H.; Chong, Yung-Wey; Sanjalawe, Yousef K.

doi:10.1109/access.2020.3013998

Cited by 59 publications

(19 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When the switch received an incoming packet, the switch performed the filtering of incoming packets by matching the packet header with Flowrule. If no match was found, the switch automatically considered the packet as a new packet [30]- [32]. The packet was considered new because there was no mapping for the IP and MAC address of the packet on the switch.…”

Section: Classification Processmentioning

confidence: 99%

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

Azmi

Sumadi

2022

KINETIK

View full text Add to dashboard Cite

The evolution of computer network technology is now experiencing substantial changes, particularly with the introduction of a new paradigm, Software Defined Networking (SDN). The SDN architecture has been applied in a variety of networks, including the Internet of Things (IoT), which is known as SD-IoT. IoT is made up of billions of networking devices that are interconnected and linked to the Internet. Since the SD-IoT was considered as a complex entity, several types of attack on vulnerabilities vary greatly and can be exploited by careless individuals. Low-Rate Distributed Denial of Service (LRDDoS) is one of the availability-based attack that may affect the SD-IoT integration paradigm. Therefore, it is necessary to have an Intrusion Detection System (IDS) to overcome the security hole caused by LRDDoS. The main objective of this research was the establishment of an IDS application for resolving LRDDoS attack using the SVM algorithm combined with the Feature Importance method, namely the Logistic Regression Coefficient. The implemented approach was developed to reduce the complexity or resource’s consumption during the classification process as well as increasing the accuracy. It could be concluded that the Linear kernel SVM algorithm acquired the highest results on the test schemes at 100% accuracy, but the training time required for this model was longer, about 23.6 seconds compared to the Radial Basis Function model which only takes about 1.5 seconds.

show abstract

Section: Classification Processmentioning

confidence: 99%

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

Azmi

Sumadi

2022

KINETIK

View full text Add to dashboard Cite

show abstract

“…Proposed IP-spoof detection has been undertaken near the attacker source in this study to enhance the attack trace. In addition, a model has been introduced for detecting and mitigating all the DDoS attacks in the cloud environment [24], [25]. The introduced model needs small storage and the ability for fast detection.…”

Section: Review Of Existing Workmentioning

confidence: 99%

An SDN-based Decision Tree Detection (DTD) Model for Detecting DDoS Attacks in Cloud Environment

J¹,

Sridaran²

2022

IJACSA

View full text Add to dashboard Cite

Detecting Distributed Denial of Service (DDoS) attacks has become a significant security issue for various network technologies. This attack has to be detected to increase the system's reliability. Though various traditional studies are present, they suffer from data shift issues and accuracy. Hence, this study intends to detect DDoS attacks by classifying the normal and malicious traffic. The study aims to solve the data shift issues by using the introduced Decision Tree Detection (DTD) model encompassing of Greedy Feature Selection (GFS) algorithm and Decision Tree Algorithm (DTA). It also attempts to enhance the proposed model's detection rate (accuracy) above 90%. Various processes are involved in DDoS attack detection. Initially, the gureKddcup dataset is loaded to perform preprocessing. This process is essential for removing noisy data. After this, feature selection is performed to select only the relevant features, removing the irrelevant data. This is then fed into the train and test split. Following this, Software Defined Networking (SDN) based DTA is used to classify the normal and malicious traffic, then given to the trained model for predicting this attack. Performance analysis is undertaken by comparing the proposed model with existing systems in terms of accuracy, MCC (Matthew's Correlation Coefficient), sensitivity, specificity, error rate, FAR (False Alarm Rate), and AUC (Area under Curve). This analysis is carried out to evaluate the efficacy of the proposed model, which is verified through the results.

show abstract

“…DDoS attacks are of various types, such as TCP flood [22], UDP flood [23], and ICMP flood. An attacker sends a large amount of garbage traffic to the target network by operating the attack source, which sharply reduces the available bandwidth and prevents the target host from communicating with the outside world.…”

Section: Distributed Denial Of Service In Sdnmentioning

confidence: 99%

Detection of DDoS Attacks in Software Defined Networking Using Entropy

et al. 2021

View full text Add to dashboard Cite

Software Defined Networking (SDN) is one of the most commonly used network architectures in recent years. With the substantial increase in the number of Internet users, network security threats appear more frequently, which brings more concerns to SDN. Distributed denial of Service (DDoS) attacks are one of the most dangerous and frequent attacks in software defined networks. The traditional attack detection method using entropy has some defects such as slow attack detection and poor detection effect. In order to solve this problem, this paper proposed a method of fusion entropy, which detects attacks by measuring the randomness of network events. This method has the advantages of fast attack detection speed and obvious decrease in entropy value. The complementarity of information entropy and log energy entropy is effectively utilized. The experimental results show that the entropy value of the attack scenarios 91.25% lower than normal scenarios, which has greater advantages and significance compared with other attack detection methods.

show abstract

Detection Techniques of Distributed Denial of Service Attacks on Software-Defined Networking Controller–A Review

Cited by 59 publications

References 60 publications

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

An SDN-based Decision Tree Detection (DTD) Model for Detecting DDoS Attacks in Cloud Environment

Detection of DDoS Attacks in Software Defined Networking Using Entropy

Contact Info

Product

Resources

About