ONOS Flood Defender: An Intelligent Approach to Mitigate DDoS Attack in SDN

Aslam, Naziya; Srivastava, Shashank; Gore, Manoj Madhava

doi:10.1002/ett.4534

Cited by 18 publications

(7 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Attackers generally use the same IP protocol to attack the network, which will reduce the randomness of the network IP protocol. [26]. Therefore, the entropy value of IP protocols is also an important indicator.…”

Section: Relevant Features Of the Precise Detection Methodsmentioning

confidence: 99%

Joint Selfattention-SVM DDoS Attack Detection and Defense Mechanism Based on Self-Attention Mechanism and SVM Classification for SDN Networks

MAN,

YANG,

FENG

2024

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

Wanying MAN †a) , Nonmember, Guiqin YANG † †b) , and Shurui FENG † † c) ，Nonmembers SUMMARY Software Defined Networking (SDN), a new network architecture, allows for centralized network management by separating the control plane from the forwarding plane. Because forwarding and control is separated, distributed denial of service (DDoS) assaults provide a greater threat to SDN networks. To address the problem, this paper uses a joint high-precision attack detection combining selfattentive mechanism and support vector machine: a trigger mechanism deployed at both control and data layers is proposed to trigger the initial detection of DDoS attacks; the data in the network under attack is screened in detail using a combination of self-attentive mechanism and support vector machine; the control plane is proposed to initiate attack defense using the OpenFlow protocol features to issue flow tables for accurate classification results. The experimental results show that the trigger mechanism can react to the attack in time with less than 20% load, and the accurate detection mechanism is better than the existing inspection and testing methods, with a precision rate of 98.95% and a false alarm rate of only 1.04%. At the same time, the defense strategy can achieve timely recovery of network characteristics.

show abstract

Section: Relevant Features Of the Precise Detection Methodsmentioning

confidence: 99%

Joint Selfattention-SVM DDoS Attack Detection and Defense Mechanism Based on Self-Attention Mechanism and SVM Classification for SDN Networks

MAN,

YANG,

FENG

2024

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

show abstract

“…Authors of Reference [40] developed a method for addressing DDoS attacks in SDN networks by setting the ONOS Flood Defender Application, which employs supervised and ensemble machine learning techniques such as MLP, SVM, KNN, XGBoost, AdaBoost, RF, Bagging classifier, and Gradient Boosting (GB). This method uses the correlation matrix and DT technique to handle the feature selection process and K ‐fold cross‐validation for optimization.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Among these approaches, AEs have demonstrated promise in identifying anomalies in network traffic patterns, 34 while XGBoost is a machine learning algorithm that performs well in classification tasks related to the DDoS area. 37,40 Additionally, optimizing feature selection and hyperparameters can further enhance the performance of machine learning algorithms. Feature selection entails identifying the most relevant features in the dataset, while hyperparameter tuning involves selecting the best combination of hyperparameters for the model.…”

Section: Introductionmentioning

confidence: 99%

“…Machine learning‐based approaches have been proposed for detecting DDoS attacks in SDN‐enabled IoT networks as a solution. Among these approaches, AEs have demonstrated promise in identifying anomalies in network traffic patterns, 34 while XGBoost is a machine learning algorithm that performs well in classification tasks related to the DDoS area 37,40 . Additionally, optimizing feature selection and hyperparameters can further enhance the performance of machine learning algorithms.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization

Setitra

Fan

Bensalem

2023

Trans Emerging Tel Tech

View full text Add to dashboard Cite

The growing popularity of Software Defined Networks (SDN) and the Internet of Things (IoT) has led to the emergence of Software Defined Internet of Things (SDIoT) based on centralized network management by the Control Plane, which can handle the dynamic nature of IoT devices and the high volume of network traffic. However, due to their specific design, SDIoTs are the ideal target for Distributed Denial of Service (DDoS) attacks, becoming one of the most destructive threats. Machine learning (ML) techniques are best suited to solve this problem due to the recent growth and sophistication of DDoS attacks. In this study, we propose an enhanced deep learning approach based on combining AutoEncoder (AE) and Extreme Gradient Boosting (XGBoost). First, we applied the SHapley Additive exPlanations (SHAP) feature selection method to select the appropriate features subset according to their correlation results. Next, the AE is trained on the previous subset to learn a compact representation of the input features. The latent representation generated by the AE is then used as input for the XGBoost model, which is trained to predict the target variable and classify the traffic as usual or attack. In parallel, Grid Search Cross Validation (GSCV) is used to find the optimal hyperparameters for the AE‐XGBoost. The experimental results using two publicly available realistic SDN‐Iot datasets demonstrate that the proposed approach enables precise identification of DDoS attacks in SDIoT networks, achieving a 99.9920% accuracy, an F1 score of 0.999917, and a low false positive rate. Furthermore, the proposed model's performance exceeds that of the models used for comparison.

show abstract

“…Naziya et al 37 suggested the model called ONOS flood defender model to mitigate a DDoS attack in SDN. The machine learning approaches in the ensemble model in this application detect the DDoS attack more efficiently.…”

Section: Related Workmentioning

confidence: 99%

A novel machine learning‐based classification approach to prevent flow table overflow attack in Software‐Defined Networking

Karthikeyan¹,

Murugan²

2023

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware‐defined networking (SDN) is an emerging networking architecture where the network control is physically separated from the forwarding plane. It is dynamic, manageable, cost‐effective, and flexible, which is ideal for today's high‐bandwidth applications. The flow table is the fundamental data structure residing in ternary content addressable memory (TCAM) that provides flow rules for incoming flows. The TCAM is the costliest part of an SDN switch that can store limited flow rules. Hence, it is susceptible to distributed denial of service (DDoS) and more specifically to Transformed DDoS (TDDoS). It targets the flow tables, exhausting its limited resource, and resulting in flow table overflow. During overflow, the controller is incapable of installing new rules to the switch, and the switch function is disabled from the network. In this paper, a novel framework named machine learning‐based overflow prevention (MLOP) was proposed which includes a victim switch was identified using association rule mining algorithm concepts. Then, the fuzzy C‐means (FCM) was applied to classify the attack in the victim switch. In addition, FCM ensemble with an optimizing method called dynamic time warping (DTW) which detects similar patterns in the time window during classification. Finally, an elbow method is used that determines the cluster count for optimizing clusters which increases the attack detection and also increases the holding time with reduced packet loss. The real‐time network traffic datasets were used for simulations, and the results were compared with other state‐of‐the‐art approaches. The experimental results show that MLOP increases the holding time by 15% on average and reduces the packet loss due to flow table Overflow by 22.81% than the other existing approaches. In addition, the throughput is increased in the proposed MLOP from 10% to 40%, and end‐to‐end delay is reduced between the variations of 10% to 70%.

show abstract

ONOS Flood Defender: An Intelligent Approach to Mitigate DDoS Attack in SDN

Cited by 18 publications

References 52 publications

Joint Selfattention-SVM DDoS Attack Detection and Defense Mechanism Based on Self-Attention Mechanism and SVM Classification for SDN Networks

Joint Selfattention-SVM DDoS Attack Detection and Defense Mechanism Based on Self-Attention Mechanism and SVM Classification for SDN Networks

An efficient approach to detect distributed denial of service attacks for software defined internet of things combining autoencoder and extreme gradient boosting with feature selection and hyperparameter tuning optimization

A novel machine learning‐based classification approach to prevent flow table overflow attack in Software‐Defined Networking

Contact Info

Product

Resources

About