Software-defined DDoS detection with information entropy analysis and optimized deep learning

Liu, Ying; Zhi, Ting; Shen, Ming; Wang, Lu; Li, Yikun; Wan, Ming

doi:10.1016/j.future.2021.11.009

Cited by 43 publications

(23 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The controller implemented the defense strategy to thwart the onslaught. The testing findings reveal that the suggested method's detection accuracy is 98.98 percent, indicating that it can successfully identify DDoS attack traffic in an SDN context [1]. Based on their analysis of the impact of class imbalance on SBR prediction, Zheng et al [32] found that it had a negative impact on prediction accuracy.…”

Section: Wireless Communications and Mobile Computingmentioning

confidence: 95%

“…These advancements have accelerated the development of next-generation Internet technologies, including big data, cloud computing, the Internet of Things, and programmable networks. However, with softwaredefined network architecture, the potential of a DDoS attack brought on by centralized control becomes more apparent [1]. IDS are divided into two categories.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

ML-DDoSnet: IoT Intrusion Detection Based on Denial-of-Service Attacks Using Machine Learning Methods and NSL-KDD

Esmaeili

Goki

Masjidi

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The Internet of Things (IoT) is a complicated security feature in which datagrams are protected by integrity, confidentiality, and authentication services. The network is protected from external interruptions and intrusions. Because IoT devices run with a range of heterogeneous technologies and process data over time, standard solutions may not be practical. It is necessary to develop intelligent procedures that can be used for multiple levels of data flow in the system. This study examines metainnovations using deep learning-based IDS. Per the findings of the earlier tests, BiLSTMs are better for binary (regular/attacker) classification; however, sequential models (LSTM or BiLSTM) are better for detecting some brutal attacks in multiclass classifiers. According to experts, deep learning-based intrusion detection systems can now recognize and select the best structure for each category. However, specific difficulties will need to be solved in the future. Two topics should be studied further in future attempts. One of the researchers’ concerns is the impact of various data processing techniques, such as artificial intelligence or metamethods, on IDS. The BiLSTM approach has chosen the safest instances with the highest accuracy among the models. According to the findings, the most reliable and suitable solution for evaluating DDoS attacks in IoT is the BiLSTM design.

show abstract

Section: Wireless Communications and Mobile Computingmentioning

confidence: 95%

Section: Introductionmentioning

confidence: 99%

ML-DDoSnet: IoT Intrusion Detection Based on Denial-of-Service Attacks Using Machine Learning Methods and NSL-KDD

Esmaeili

Goki

Masjidi

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…(3) for (i 1; i ≤ m; i + +) do (4) num 0; (5) for (start_time(f j ) Δt • (i − 1); end_time(f j ) ≤ Δt • i; j + +). do (6) if…”

Section: 3unclassified

“…It is simple and requires no additional hardware support. However, its detection effect depends on thresholds, which researchers usually give directly [ 6 ]. This subjective assignment lacks an objective basis, affecting the reliability of results.…”

Section: Introductionmentioning

confidence: 99%

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

Guo¹,

Qiu²,

Liu³

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Distributed denial of service (DDoS) attacks are the most common means of cyberattacks against infrastructure, and detection is the first step in combating them. The current DDoS detection mainly uses the improvement or fusion of machine learning and deep learning methods to improve classification performance. However, most classifiers are trained with statistical flow features as input, ignoring topological connection changes. This one-sidedness affects the detection accuracy and cannot provide a basis for the distribution of attack sources for defense deployment. In this study, we propose a topological and flow feature-based deep learning method (GLD-Net), which simultaneously extracts flow and topological features from time-series flow data and exploits graph attention network (GAT) to mine correlations between non-Euclidean features to fuse flow and topological features. The long short-term memory (LSTM) network connected behind GAT obtains the node neighborhood relationship, and the fully connected layer is utilized to achieve feature dimension reduction and traffic type mapping. Experiments on the NSL-KDD2009 and CIC-IDS2017 datasets show that the detection accuracy of the GLD-Net method for two classifications (normal and DDoS flow) and three classifications (normal, fast DDoS flow, and slow DDoS flow) reaches 0.993 and 0.942, respectively. Compared with the existing DDoS attack detection methods, its average improvement is 0.11 and 0.081, respectively. In addition, the correlation coefficient between the detection accuracy of attack flow and the four source distribution indicators ranges from 0.7 to 0.83, which lays a foundation for the inference of attack source distribution. Notably, we are the first to fuse topology and flow features and achieve high-performance DDoS attack intrusion detection through graph-style neural networks. This study has important implications for related research and development of network security systems in other fields.

show abstract

“…Liu et al (2022) divide the attack detection method in the SDN environment into two levels of granularity. At the coarse granularity level, the attack source is located, reducing the detection scope.…”

mentioning

confidence: 99%

SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)

Linhares

Patel

Barros

et al. 2022

Preprint

View full text Add to dashboard Cite

Software-Defined Networks (SDN) are becoming a trending technology in the modern Internet by splitting control and data planes and using a central controller. A SDN controller provides flexible flows management at wire-speed packet forwarding. The centralized control gives an opportunity to implement detection and mitigation security attacks inside the SDN controller. Typically, Distributed Denial of Service (DDoS) attacks poses an immense threat to the Internet security. However, the prediction and prevention of DDoS attacks in SDN environments are a huge challenge. In this paper, we introduce a mechanism to mitigate DDoS attacks in SDN using statistical analysis and traffic entropy. To validate the proposal, a prototype was built in Mininet tool. The accuracy and training time were compared against different Machine Learning algorithms. Finally, we expound about the effectiveness and limitation of the proposed solution as well indicate further research opportunities.

show abstract

Software-defined DDoS detection with information entropy analysis and optimized deep learning

Cited by 43 publications

References 30 publications

ML-DDoSnet: IoT Intrusion Detection Based on Denial-of-Service Attacks Using Machine Learning Methods and NSL-KDD

ML-DDoSnet: IoT Intrusion Detection Based on Denial-of-Service Attacks Using Machine Learning Methods and NSL-KDD

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

SDNTruth: Innovative DDoS Detection Scheme for Software-Defined Networks (SDN)

Contact Info

Product

Resources

About