DOCUS-DDoS detection in SDN using modified CUSUM with flash traffic discrimination and mitigation

Shalini, P. V.; Radha, V.; Sanjeevi, Sriram G.

doi:10.1016/j.comnet.2022.109361

Cited by 6 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At present, many DDoS attack detection methods have been proposed in SDN, mainly focusing on detection and defense mechanisms [ 22 , 23 ]. Most of the existing detection methods are usually scheduled by periodic triggers.…”

Section: System Designmentioning

confidence: 99%

A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers

Wang

2023

Entropy

View full text Add to dashboard Cite

Software defined networking (SDN) improves the flexibility and programmability of the network by separating the control plane and the data plane and effectively realizes the global control of the network infrastructure. However, the centralized structure design of SDN exposes the controller to potential threats. Attackers have used the active flow table delivery mode to launch distributed denial of service (DDoS) attacks on the SDN controller, resulting in the controller failure and seriously affecting the network performance. To overcome this problem, this paper proposes a defense framework called CC-Guard. The framework consists of four modules: attack detection triggering, switch migration, anomaly detection, and mitigation. Among them, the attack detection trigger module improves the system’s timely response to DDoS attacks. The switch migration module effectively unclogs the controller congestion problem and provides convenience for network flow transmission. The anomaly detection module uses a coarse-grained method for two-stage detection, which improves the detection accuracy. The mitigation module uses the idea of cross-domain cooperation of the controller to clear the abnormal flow in the blacklist. Experimental results show that our proposed CC-Guard has real-time DDoS attack defense capability and high detection accuracy, as well as efficient network resource utilization.

show abstract

Section: System Designmentioning

confidence: 99%

A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers

Wang

2023

Entropy

View full text Add to dashboard Cite

show abstract

“…We characterize and compare the proposed K-DDoS-SDN with existing works. 5,9,10,27,28,[30][31][32][33][34][36][37][38][44][45][46][47]56 DSPF-based approaches, 5,9,10,[30][31][32]38,43,56 for DDoS attacks deployed on the Spark and Kafka framework. This type of mechanism analyzes network streams in micro-batch processing mode (near-to-live).…”

Section: Characterization With Existing Workmentioning

confidence: 99%

“…However, their primary focus is to protect the Internet-based services and failed to protect the SDN environment from DDoS attacks. Further, some [44][45][46][47] researchers proposed mechanisms to protect the SDN environment or controller from different DDoS attacks. However, they failed to analyze network traces in real-time and not provided distributed solution.…”

Section: Characterization With Existing Workmentioning

confidence: 99%

“…We characterize and compare the proposed K‐DDoS‐SDN with existing works 5,9,10,27,28,30‐34,36‐38,44‐47,56 …”

Section: Performance Evaluationmentioning

confidence: 99%

“…Further, a few researchers, [44][45][46][47][48][49][50][51][52][53] proposed various detection approaches to protect SDN controller, environment, or topology from different types of DDoS attacks. However, most of the systems are deployed on TF.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

Kaur,

Krishna,

Patil

2023

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware‐defined networking (SDN) is an advanced networking paradigm that decouples forwarding control logic from the data plane. Therefore, it provides a loosely‐coupled architecture between the control and data plane. This separation provides flexibility in the SDN environment for addressing any transformations. Further, it delivers a centralized way of managing networks due to control logic embedded in the SDN controller. However, this advanced networking paradigm has been facing several security issues, such as topology spoofing, exhausting bandwidth, flow table updating, and distributed denial of service (DDoS) attacks. A DDoS attack is one of the most powerful menaces to the SDN environment. Further, the central data controller of SDN becomes the primary target of DDoS attacks. In this article, we propose a Kafka‐based distributed DDoS attacks detection approach for protecting the SDN environment named K‐DDoS‐SDN. The K‐DDoS‐SDN consists of two modules: (i) Network traffic classification (NTClassification) module and (ii) Network traffic storage (NTStorage) module. The NTClassification module is the detection approach designed using scalable H2O ML techniques in a distributed manner and deployed an efficient model on the two‐nodes Kafka Streams cluster to classify incoming network traces in real‐time. The NTStorage module collects raw packets, network flows, and 21 essential attributes and then systematically stores them in the HDFS to re‐train existing models. The proposed K‐DDoS‐SDN designed and evaluated using the recent and publically available CICDDoS2019 dataset. The average classification accuracy of the proposed distributed K‐DDoS‐SDN for classifying network traces into legitimate and one of the most popular attacks, such as DDoS_UDP is 99.22%. Further, the outcomes demonstrate that proposed distributed K‐DDoS‐SDN classifies traffic traces into five categories with at least 81% classification accuracy.

show abstract

An Efficient DDoS Attack Detection Using Chaos Henry Gas Solubility Optimization Weight Initialization Based Rectified Linear Unit

Selvam¹,

Ponnusamy²,

Andi³

2023

Cybernetics and Systems

View full text Add to dashboard Cite

DOCUS-DDoS detection in SDN using modified CUSUM with flash traffic discrimination and mitigation

Cited by 6 publications

References 17 publications

A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers

A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

An Efficient DDoS Attack Detection Using Chaos Henry Gas Solubility Optimization Weight Initialization Based Rectified Linear Unit

Contact Info

Product

Resources

About