scholarly journals A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)

2018 ◽  
Vol 8 (2) ◽  
pp. 2724-2730 ◽  
Author(s):  
M. H. H. Khairi ◽  
S. H. S. Ariffin ◽  
N. M. Abdul Latiff ◽  
A. S. Abdullah ◽  
M. K. Hassan
Keyword(s):  
Anomaly Detection ◽  
Network Architecture ◽  
Denial Of Service ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Detection Techniques ◽  
And Control ◽  
Entire Network

Software defined network (SDN) is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS). SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS) attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.

scholarly journals DETECTION AND MITIGATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS ON NETWORK ARCHITECTURE SOFTWARE DEFINED NETWORKING USING THE NAIVE BAYES ALGORITHM

2022 ◽  
Vol 3 (2) ◽  
pp. 51-55
Author(s):  
Misbachul Munir ◽  
Ipung Ardiansyah ◽  
Joko Dwi Santoso ◽  
Ali Mustopa ◽  
Sri Mulyatun
Keyword(s):  
Network Architecture ◽  
Naive Bayes ◽  
Denial Of Service ◽  
Naïve Bayes ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Network Resources ◽  
Bayes Algorithm

DDoS attacks are a form of attack carried out by sending packets continuously to machines and even computer networks. This attack will result in a machine or network resources that cannot be accessed or used by users. DDoS attacks usually originate from several machines operated by users or by bots, whereas Dos attacks are carried out by one person or one system. In this study, the term to be used is the term DDoS to represent a DoS or DDoS attack. In the network world, Software Defined Network (SDN) is a promising paradigm. SDN separates the control plane from forwarding plane to improve network programmability and network management. As part of the network, SDN is not spared from DDoS attacks. In this study, we use the naïve Bayes algorithm as a method to detect DDoS attacks on the Software Defined Network network architecture

scholarly journals Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

2021 ◽  
Author(s):  
◽  
Jarrod Bakker
Keyword(s):  
Denial Of Service ◽  
Network Control ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Network Information ◽  
Ddos Attack ◽  
Machine Learning Methods ◽  
Attack Scenario ◽  
And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

scholarly journals Identifying Botnets: Classification and Detection

2019 ◽  
Vol 8 (9S) ◽  
pp. 131-137
Keyword(s):  
Denial Of Service ◽  
Cyber Attacks ◽  
Distributed Denial Of Service ◽  
Huge Amount ◽  
Internet Relay Chat ◽  
Ip Address ◽  
Detection Techniques ◽  
The Past ◽  
Hypertext Transfer Protocol ◽  
And Control

The past few years have witnessed the threats caused by the evolving of botnets. It has been found that the nefarious network consisting of contagious systems called as bots are operated by the botmaster. These botnets have been used for malicious activities. This prevailing threat on the internet has led to spam, Distributed Denial of Service (DDoS) attacks, phishing emails, and other cyber-attacks. The detection of such networks is very important keeping the protocols and features they work upon. The paper talks about the various detection techniques that can be adapted to evade the attacks of bots. The huge amount of traffic created by bots can be studied and distinguished respectively to understand the protocols used by the botmaster; which are further used to detect botnets based on the signature and anomaly patterns. The attacks being done from different locations have made it difficult for a botnet to be caught. It has been mentioned that a few networks provide the bots with a nickname using which the detection can be done. The method has been described thoroughly by also specifying how the bot-names of the same network are similar. Nowadays, the number of botnets has increased with a fewer number of trained bots. These network work upon the protocols like Command and Control (C&C), Internet Relay Chat (IRC), HyperText Transfer Protocol (HTTP) and Peer to Peer(P2P). The detection of such networks is being done classifying the traffic and analyzing the spam e-mails alongside the respected IP address. Even the traps of honeynet are developed which motivate the botmaster to take action and get caught. Such honeynet techniques along with the required steps and the necessary precautions are also mentioned in the paper.

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

scholarly journals Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

2018 ◽  
Vol 7 (2.8) ◽  
pp. 472 ◽  
Author(s):  
Shruti Banerjee ◽  
Partha Sarathi Chakraborty ◽  
. .
Keyword(s):  
Machine Learning ◽  
Denial Of Service ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Paper Machine ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Control Plane ◽  
Data Plane ◽  
And Control

SDN (Software Defined Network) is rapidly gaining importance of ‘programmable network’ infrastructure. The SDN architecture separates the Data plane (forwarding devices) and Control plane (controller of the SDN). This makes it easy to deploy new versions to the infrastructure and provides straightforward network virtualization. Distributed Denial-of-Service attack is a major cyber security threat to the SDN. It is equally vulnerable to both data plane and control plane. In this paper, machine learning algorithms such as Naïve Bayesian, KNN, K Means, K-Medoids, Linear Regression, use to classify the incoming traffic as usual or unusual. Above mentioned algorithms are measured using the two metrics: accuracy and detection rate. The best fit algorithm is applied to implement the signature IDS which forms the module 1 of the proposed IDS. Second Module uses open connections to state the exact node which is an attacker and to block that particular IP address by placing it in Access Control List (ACL), thus increasing the processing speed of SDN as a whole. 

DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning

2019 ◽  
Vol 63 (7) ◽  
pp. 983-994 ◽  
Author(s):  
Muhammad Asad ◽  
Muhammad Asim ◽  
Talha Javed ◽  
Mirza O Beg ◽  
Hasan Mujtaba ◽  
...  
Keyword(s):  
Neural Network ◽  
Network Architecture ◽  
Denial Of Service ◽  
Smart Devices ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Tangible Computing ◽  
Network Bandwidth ◽  
Feed Forward Back Propagation

Abstract At the advent of advanced wireless technology and contemporary computing paradigms, Distributed Denial of Service (DDoS) attacks on Web-based services have not only increased exponentially in number, but also in the degree of sophistication; hence the need for detecting these attacks within the ocean of communication packets is extremely important. DDoS attacks were initially projected toward the network and transport layers. Over the years, attackers have shifted their offensive strategies toward the application layer. The application layer attacks are potentially more detrimental and stealthier because of the attack traffic and the benign traffic flows being indistinguishable. The distributed nature of these attacks is difficult to combat as they may affect tangible computing resources apart from network bandwidth consumption. In addition, smart devices connected to the Internet can be infected and used as botnets to launch DDoS attacks. In this paper, we propose a novel deep neural network-based detection mechanism that uses feed-forward back-propagation for accurately discovering multiple application layer DDoS attacks. The proposed neural network architecture can identify and use the most relevant high level features of packet flows with an accuracy of 98% on the state-of-the-art dataset containing various forms of DDoS attacks.

scholarly journals USING GRAPHIC NETWORK SIMULATOR 3 FOR DDOS ATTACKS SIMULATION

2017 ◽  
pp. 219-225
Author(s):  
Anatoliy Balyk ◽  
Mikolaj Karpinski ◽  
Artur Naglik ◽  
Gulmira Shangytbayeva ◽  
Ihor Romanets
Keyword(s):  
Denial Of Service ◽  
Discrete Event ◽  
Network Simulator ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Easy Task ◽  
Detection Techniques ◽  
Ddos Attack ◽  
Network Simulators ◽  
Attack Mitigation

Distributed Denial of Service (DDoS) attacks are still one of the major cybersecurity threats and the focus of much research on developing DDoS attack mitigation and detection techniques. Being able to model DDoS attacks can help researchers develop effective countermeasures. Modeling DDoS attacks, however, is not an easy task because modern DDoS attacks are huge and simulating them would be impossible in most cases. That’s why researchers use tools like network simulators for modeling DDoS attacks. Simulation is a widely used technique in networking research, but it has suffered a loss of credibility in recent years because of doubts about its reliability. In our previous works we used discrete event simulators to simulate DDoS attacks, but our results were often different from real results. In this paper, we apply our approach and use Graphical Network Simulator-3(GNS3) to simulate an HTTP server’s performance in a typical enterprise network under DDoS attack. Also, we provide references to related work.

scholarly journals SVM Implementation for Ddos Attacks in Software Defined Networks

2020 ◽  
Vol 10 (1) ◽  
pp. 205-212
Keyword(s):  
Detection Rate ◽  
Denial Of Service ◽  
Support Vector ◽  
Software Defined Network ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Network Resources ◽  
Elapsed Time ◽  
Classification Technique

Software Defined Network (SDN) is making software interaction with the network. SDN has made the network flexible and dynamic and also enabled the abstraction feature of applications and services. As the network is independent of any of the devices like in traditional networks there exist routers, hubs, and switches that is why it is preferable these days. Being more preferably used it has become more vulnerable in terms of security. The more common attacks that corrupt the network and hinders the efficiency are distributed denial-of-service (DDOS) attacks. DDOS is an attack that in general leads to exhaust of the network resources in turn stopping the controller. Detection of DDOS attacks requires a classification technique that provides accurate and efficient decision making. As per the analysis Support Vector Machine (SVM), the classifier technique detects more accurately and precisely the attacks. This paper produces a better approach to detecting attacks using SVM classifiers in terms of detection rate and elapsed time of the attack and it also predicts the various types of distributed denial of service attacks that have corrupted the network.

scholarly journals Multischeme feedforward artificial neural network architecture for DDoS attack detection

2021 ◽  
Vol 10 (1) ◽  
pp. 458-465
Author(s):  
Arif Wirawan Muhammad ◽  
Cik Feresa Mohd Foozy ◽  
Kamaruddin Malik bin Mohammed
Keyword(s):  
Neural Network ◽  
Artificial Neural Network ◽  
Network Architecture ◽  
Denial Of Service ◽  
Data Packet ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Neural Network Architecture ◽  
Quasi Newton

Distributed denial of service attack classified as a structured attack to deplete server, sourced from various bot computers to form a massive data flow. Distributed denial of service (DDoS) data flows behave as regular data packet flows, so it is challenging to distinguish between the two. Data packet classification to detect DDoS attacks is one solution to prevent DDoS attacks and to maintain server resources maintained. The machine learning method especially artificial neural network (ANN), is one of the effective ways to detect the flow of data packets in a computer network. Based on the research that has carried out, it concluded that ANN with hidden layer architecture that contains neuron twice as neuron on the input layer (2n) produces a stable detection accuracy value on Quasi-Newton, Scaled-Conjugate and Resilient-Propagation training functions. Based on the studies conducted, it concluded that ANN Architecture sufficiently affected the Scaled-Conjugate and Resilient-Propagation training functions, otherwise the Quasi-Newton training function. The best detection accuracy achieved from the experiment is 99.60%, 1.000 recall, 0.988 precision, and 0.993 f-measure using the Quasi-Newton training function with 6-(12)-2 neural network architecture.

Sign in / Sign up

Export Citation Format

Share Document