Information Theory-based Approaches to Detect DDoS Attacks on Software-defined Networking Controller a Review

Aladaileh, Mohammad Adnan; Anbar, Mohammed; Hasbullah, Iznan H.; Sanjalawe, Yousef K.

doi:10.46300/9109.2021.15.9

Cited by 5 publications

(4 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At the same time, eastbound-westbound interfaces are deployed in the case of multiple controllers. Hence, the roles of these interfaces include sending and receiving data between controllers, verifying whether the other controller is up, and informing the other controller to control an asset of forwarding devices, which are essential for connecting additional controllers and planes [17,26].…”

Section: Control Planementioning

confidence: 99%

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

Bahashwan

Anbar

Manickam

et al. 2023

Sensors

View full text Add to dashboard Cite

Software-defined networking (SDN) is a revolutionary innovation in network technology with many desirable features, including flexibility and manageability. Despite those advantages, SDN is vulnerable to distributed denial of service (DDoS), which constitutes a significant threat due to its impact on the SDN network. Despite many security approaches to detect DDoS attacks, it remains an open research challenge. Therefore, this study presents a systematic literature review (SLR) to systematically investigate and critically analyze the existing DDoS attack approaches based on machine learning (ML), deep learning (DL), or hybrid approaches published between 2014 and 2022. We followed a predefined SLR protocol in two stages on eight online databases to comprehensively cover relevant studies. The two stages involve automatic and manual searching, resulting in 70 studies being identified as definitive primary studies. The trend indicates that the number of studies on SDN DDoS attacks has increased dramatically in the last few years. The analysis showed that the existing detection approaches primarily utilize ensemble, hybrid, and single ML-DL. Private synthetic datasets, followed by unrealistic datasets, are the most frequently used to evaluate those approaches. In addition, the review argues that the limited literature studies demand additional focus on resolving the remaining challenges and open issues stated in this SLR.

show abstract

Section: Control Planementioning

confidence: 99%

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

Bahashwan

Anbar

Manickam

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Hence, once a response or flow is sent, it remains until the network administrator performs manual actions to remove it. They lack a verification layer that can validate whether responses should be permanent or transient based on the feedback received from previous responses [43]. Table 1 highlights the gaps in response mechanisms.…”

Section: Related Workmentioning

confidence: 99%

Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response

Shoaib,

Chow,

Vlahu-Gjorgievska

et al. 2023

Telecom

View full text Add to dashboard Cite

Software-defined networking (SDN) is an innovative technology that has the potential to enhance the scalability, flexibility, and security of telecommunications networks. The emergence and development of SDNs have introduced new opportunities and challenges in the telecommunications industry. One of the major challenges encountered by SDNs is the timing side-channel attacks. These attacks exploit timing information to expose sensitive data, including flow tables, routes, controller types, and ports, which pose a significant threat to communication networks. Existing techniques for mitigating timing side-channel attacks primarily focus on limiting them via network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. To secure resilient integration of SDN in telecommunications networks, it is necessary to conduct comprehensive research that not only identifies the attack activity, but also formulates an adequate response. In this paper, we propose a detection and response solution for timing side-channel attacks in SDN. We used a machine learning-based approach to detect the probing activity and identify the source. To address the identified timing side-channel attack queries, we propose a response mechanism. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. The architecture of this security solution ensures that it has a minimal impact on network traffic and resource usage as it is designed to be used in conjunction with SDN. The overall design findings show that our detection approach is 94% precise in identifying timing side-channel attacks in SDN when compared with traditional mitigation strategies. Additionally, the response mechanism employed by this approach yielded highly customised and precise responses, resulting in an impressive accuracy score of 97.6%.

show abstract

“…The deployment of the detection and mitigation system directly on the controller necessitates a lightweight solution to avoid adding undue burden to the controller. Therefore, an information theory-based system, as demonstrated in related research [6], [7], is deemed preferable for attacks targeting the controller. Previous studies, including [14], [15], and [16], have explored DDoS attack detection in SDN using entropy theory with a fixed threshold value.…”

Section: Introductionmentioning

confidence: 99%

“…SDN is one of the emerging technologies that decouples the control plane from the forwarding plane [6]. Its architecture typically involves three planes: the application plane, the control plane, and the data plane [7].…”

Section: Introductionmentioning

confidence: 99%

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Alemu,

Muhammed,

Belachew

et al. 2024

Preprint

View full text Add to dashboard Cite

Software-defined networking (SDN) has emerged as a transformative technology that separates the control plane from the data plane, providing advantages such as flexibility, centralized control, and programmability. This innovation proves particularly beneficial for Internet of Vehicles (IoV) networks, which amalgamate the Internet of Things (IoT) and Vehicular Ad Hoc Network (VANET) to implement Intelligent Transportation Systems (ITS). By employing an SDN controller, IoV networks can leverage centralized control and enhanced manageability, leading to the emergence of Software-Defined Internet of Vehicles (SD-IoV) as a promising solution for future communications. However, the integration of SDN into IoV networks introduces a potential vulnerability in the form of a single point of failure, particularly susceptible to Distributed Denial of Service (DDoS) attacks. This is because of the centralized nature of SDN and the dynamic nature of IoV. In this context, the SDN controller becomes a prime target for attackers who flood it with massive packet-in messages. To address this security concern, we propose an efficient and lightweight attack detection and mitigation scheme within the SDN controller. The scheme includes a detection module that utilizes entropy and flow rate to identify patterns indicative of attack traffic behavior. Additionally, a mitigation module is designed to minimize the effect of attack traffic on the normal operation, this is performed through analysis of payload lengths. An adaptive threshold computation for all parameter values enhances the scheme's effectiveness. We conducted simulations using SUMO, Mininet-WiFi, and Scapy. The simulation results demonstrate the efficacy of our proposed scheme in terms of detection time, accuracy, mitigation efficiency, controller load, and link bandwidth consumption, showcasing its superiority compared to existing works in the field.

show abstract

Information Theory-based Approaches to Detect DDoS Attacks on Software-defined Networking Controller a Review

Cited by 5 publications

References 60 publications

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking

Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response

A Comprehensive Detection and Mitigation Mechanism to Protect SD-IoV Systems Against Controller-Targeted DDoS Attacks

Contact Info

Product

Resources

About