DETECTION AND MITIGATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS ON NETWORK ARCHITECTURE SOFTWARE DEFINED NETWORKING USING THE NAIVE BAYES ALGORITHM

DDoS attacks are a form of attack carried out by sending packets continuously to machines and even computer networks. This attack will result in a machine or network resources that cannot be accessed or used by users. DDoS attacks usually originate from several machines operated by users or by bots, whereas Dos attacks are carried out by one person or one system. In this study, the term to be used is the term DDoS to represent a DoS or DDoS attack. In the network world, Software Defined Network (SDN) is a promising paradigm. SDN separates the control plane from forwarding plane to improve network programmability and network management. As part of the network, SDN is not spared from DDoS attacks. In this study, we use the naïve Bayes algorithm as a method to detect DDoS attacks on the Software Defined Network network architecture

SplitTrie: A Fast Update Packet Classification Algorithm with Trie Splitting

Software Defined Network (SDN) currently is widely used in the implementation of new network technologies owing to its distinctive advantages. In changeable SDN environments, the update performance of SDN switches has significant importance for the overall network performance because packet processing could be interrupted by ruleset updating in SDN switches. In order to guarantee high update performance, we propose a new classification algorithm, SplitTrie, based on trie structures and trie splitting. SplitTrie splits rulesets according to the field type vectors of rules. The splitting can improve the update performance because it reduces the trie structure sizes. Experimental results demonstrated that SplitTrie could achieve 20 times of update speed in the complex rulesets comparing the method without trie splitting.

A Proposed Architecture f or Placement of Cloud Data Centre in Software Defined Network Environment

Emerging technologies like IoT (Internet of Things) and wearable devices like Smart Glass, Smart watch, Smart Bracelet and Smart Plaster produce delay sensitive traffic. Cloud computing services are emerging as supportive technologies by providing resources. Most services like IoT require minimum delay which is still an area of research. This paper is an effort towards the minimization of delay in delivering cloud traffic, by geographically localizing the cloud traffic through establishment of Cloud mini data centers. The anticipated architecture suggests a software defined network supported mini data centers connected together. The paper also suggests the use of segment routing for stitching the transport paths between data centers through Software defined Network Controllers.

PQROM: To optimize software defined network QoS-aware routing with proximal policy optimization

Currently, Quality-of-Service (QoS)-aware routing is one of the crucial challenges in Software Defined Network (SDN). The QoS performances, e.g. latency, packet loss ratio and throughput, must be optimized to improve the performance of network. Traditional static routing algorithms based on Open Shortest Path First (OSPF) could not adapt to traffic fluctuation, which may cause severe network congestion and service degradation. Central intelligence of SDN controller and recent breakthroughs of Deep Reinforcement Learning (DRL) pose a promising solution to tackle this challenge. Thus, we propose an on-policy DRL mechanism, namely the PPO-based (Proximal Policy Optimization) QoS-aware Routing Optimization Mechanism (PQROM), to achieve a general and re-customizable routing optimization. PQROM can dynamically update the routing calculation by adjusting the reward function according to different optimization objectives, and it is independent of any specific network pattern. Additionally, as a black-box one-step optimization, PQROM is qualified for both continuous and discrete action space with high-dimensional input and output. The OMNeT ++ simulation experiment results show that PQROM not only has good convergence, but also has better stability compared with OSPF, less training time and simpler hyper-parameters adjustment than Deep Deterministic Policy Gradient (DDPG) and less hardware consumption than Asynchronous Advantage Actor-Critic (A3C).

Software Defined Network : The Comparison of SVM kernel on DDoS Detection

SDN is a new technology in the concept of a network where there is a separation between the data plane and the control plane as the brain that regulates data forwarding so that it becomes a target for DDoS attacks. Detection of DDoS attacks is an important topic in the field of network security. because of the difficulty of detecting the difference between normal traffic and anomalous attacks. Based on data from helpnetsecurity.com, in 2020 there were 4.83 million attempted DoS/DDoS attacks on various services, this shows that network security is very important. Various methods have been used in detecting DDoS attacks such as using a threshold on passing network traffic with an average traffic size compared to 3 times the standard deviation, the weakness of this method is if there is a spike in traffic it will be detected as an attack even though the traffic is normal so that it increases false positives. To maintain security on the SDN network, the reason is that a system is needed that can detect DDoS attacks anomalously by taking advantage of the habits that appear on the system and assuming that if there are deviations from the habits that appear then it is declared a DDoS attack, the SVM method is used to categorize the data traffic obtained from the controller to detect whether it is a DDoS attack or not. Based on the tests conducted with 500 training data, the accuracy is 99,2%. The conclusion of this paper is that the RBF SVM kernel can be very good at detecting anomalous DDoS attacks.

Software Defined Network Enabled Fog-to-Things Hybrid Deep Learning Driven Cyber Threat Detection System

Software Defined Network (SDN) is a next-generation networking architecture and its power lies in centralized control intelligence. The control plane of SDN can be extended to many underlying networks such as fog to Internet of Things (IoT). The fog-to-IoT is currently a promising architecture to manage a real-time large amount of data. However, most of the fog-to-IoT devices are resource-constrained and devices are widespread that can be potentially targeted with cyber-attacks. The evolving cyber-attacks are still an arresting challenge in the fog-to-IoT environment such as Denial of Service (DoS), Distributed Denial of Service (DDoS), Infiltration, malware, and botnets attacks. They can target varied fog-to-IoT agents and the whole network of organizations. The authors propose a deep learning (DL) driven SDN-enabled architecture for sophisticated cyber-attacks detection in fog-to-IoT environment to identify new attacks targeting IoT devices as well as other threats. The extensive simulations have been carried out using various DL algorithms and current state-of-the-art Coburg Intrusion Detection Data Set (CIDDS-001) flow-based dataset. For better analysis five DL models are compared including constructed hybrid DL models to distinguish the DL model with the best performance. The results show that proposed Long Short-Term Memory (LSTM) hybrid model outperforms other DL models in terms of detection accuracy and response time. To show unbiased results 10-fold cross-validation is performed. The proposed framework is so effective that it can detect several types of cyber-attacks with 99.92% accuracy rate in multiclass classification.