Two-Layers DDoS Attack Detection Model Using Machine Learning in Software Defined Networking
Main Article Content
Abstract
Software Defined Network is a new architecture designed to make the network infrastructure more flexible and easier to manage. It allows network administrators to configure network parameters as well as integrating new functions using programming languages easily. Thanks to the centralized control paradigm, it is easier to collect information of the entire network, which facilitates the implementation of machine learning algorithms to detect anomaly traffic as well as network attacks. Recently, with the development of machine learning and artificial intelligence, several methods have been applied to detect and mitigate DDoS attacks. However, all of activities from monitoring data, detecting and mitigating the attack consume time and resources. To reduce unnecessary redundancy, in this paper, we divide attack detection into two phases, which are anomaly detection phase with lightweight machine learning algorithm and attack detection phase when anomaly behaviors have been detected. This reduces the in-depth analysis of normal traffic and helps to improve the use of computing resources and data transmission efficiency of the network. By setting up a testbed, we have successfully run this model as well as evaluated the accuracy of the model. The results show that our model can detect attacks quickly and accurately.
Keywords
DDOS detection, SDN, Security, Machine learning
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
[1] T. Mahjabin, Y. Xiao, G. Sun, W. Jiang, A survey of
distributed denial-of-service attack, prevention, and
mitigation techniques, International Journal of
Distributed Sensor Networks, Dec. 2017,
https://doi.org/10.1177/1550147717741463.
[2] Software-Define Networking: The new norm for
networking, Open Networking Foundation, Apr. 2012.
[3] T.M. Nam, P. H. Phong, T. D. Khoa, T. T. Huong, P. N.
Nam, N. H. Thanh, Self-organizing map-based approaches
in ddos flooding detection using SDN, In Proceedings of
the 2018 International Conference on Information
Networking, Chiang Mai, Thailand, Jan. 2018,
https://doi.org/10.1109/ICOIN.2018.8343119.
[4] S. Hameed, H, A. Khan, SDN based collaborative
scheme for mitigation of ddos attacks, Future Internet,
vol. 10, no. 3, Feb. 2018,
https://doi.org/10.3390/fi10030023
[5] P. Kumar, M. Tripathi, A. Nehra, M. Conti, C. Lal,
SAFETY: Early detection and mitigation of TCP SYN
flood utilizing entropy in SDN, IEEE Trans. Network
and Service Management, vol. 15, no. 4, pp. 1545-1559,
Dec. 2018,
https://doi.org/10.1109/TNSM.2018.2861741
[6] D. Hu, P. Hong, Y. Chen, FADM: DDoS flooding
attack detection and mitigation system in softwaredefined networking, IEEE Global Communications
Conference, Singapore, Dec. 4-8, 2017,
https://doi.org/10.1109/GLOCOM.2017.8254023
[7] L. Yang, H. Zhao, DDos attack identification and
defense using SDN based on machine learning method,
International Symposium on Pervasive Systems,
Algorithms and Networks (I-SPAN), Yichang, China,
Oct. 2018,
https://doi.org/10.1109/I-SPAN.2018.00036
[8] R. Song and F. Liu, Real-time anomaly traffic
monitoring based on dynamic k-NN cumulativedistance abnormal detection algorithm, IEEE 3rd
International Conference on Cloud Computing and
Intelligence Systems, Shenzhen, Nov. 27-29, 2014,
https://doi.org/10.1109/CCIS.2014.7175727
[9] L. Barki, A. Shidling, N. Meti, D. G. Narayan, M. M.
Mulla, Detection of distributed denial of service attacks
in software defined networks, International Conference
on Advances in Computing, Communications and
Informatics (ICACCI), Jaipur, India, Sep. 21-24, 2016,
https://doi.org/10.1109/ICACCI.2016.7732445.
[10] M. Zhu, N. Guo, Abnormal network traffic detection
based on semi-supervised machine learning, Computer
Science, DEStech Transactions on Engineering and
Technology Research, Feb. 14, 2018,
https://doi.org/10.12783/dtetr/ecame2017/18466
[11] Z. Ma, J. Huang, Research on DDoS abnormal traffic
detection under SDN network, In: H. Shen, Y. Sang,
Parallel Architectures, Algorithms and Programming.
PAAP 2019, Communications in Computer and
Information Science, Springer, vol. 1163, pp. 368-379,
2020,
https://doi.org/10.1007/978-981-15-2767-8_33
[12] L. Yang, H. Zhao, DDoS attack identification and
defense using SDN based on machine learning method,
15th International Symposium on Pervasive Systems,
Algorithms and Networks (I-SPAN), Yichang, China,
Oct. 2018,
https://doi.org/10.1109/I-SPAN.2018.00036
distributed denial-of-service attack, prevention, and
mitigation techniques, International Journal of
Distributed Sensor Networks, Dec. 2017,
https://doi.org/10.1177/1550147717741463.
[2] Software-Define Networking: The new norm for
networking, Open Networking Foundation, Apr. 2012.
[3] T.M. Nam, P. H. Phong, T. D. Khoa, T. T. Huong, P. N.
Nam, N. H. Thanh, Self-organizing map-based approaches
in ddos flooding detection using SDN, In Proceedings of
the 2018 International Conference on Information
Networking, Chiang Mai, Thailand, Jan. 2018,
https://doi.org/10.1109/ICOIN.2018.8343119.
[4] S. Hameed, H, A. Khan, SDN based collaborative
scheme for mitigation of ddos attacks, Future Internet,
vol. 10, no. 3, Feb. 2018,
https://doi.org/10.3390/fi10030023
[5] P. Kumar, M. Tripathi, A. Nehra, M. Conti, C. Lal,
SAFETY: Early detection and mitigation of TCP SYN
flood utilizing entropy in SDN, IEEE Trans. Network
and Service Management, vol. 15, no. 4, pp. 1545-1559,
Dec. 2018,
https://doi.org/10.1109/TNSM.2018.2861741
[6] D. Hu, P. Hong, Y. Chen, FADM: DDoS flooding
attack detection and mitigation system in softwaredefined networking, IEEE Global Communications
Conference, Singapore, Dec. 4-8, 2017,
https://doi.org/10.1109/GLOCOM.2017.8254023
[7] L. Yang, H. Zhao, DDos attack identification and
defense using SDN based on machine learning method,
International Symposium on Pervasive Systems,
Algorithms and Networks (I-SPAN), Yichang, China,
Oct. 2018,
https://doi.org/10.1109/I-SPAN.2018.00036
[8] R. Song and F. Liu, Real-time anomaly traffic
monitoring based on dynamic k-NN cumulativedistance abnormal detection algorithm, IEEE 3rd
International Conference on Cloud Computing and
Intelligence Systems, Shenzhen, Nov. 27-29, 2014,
https://doi.org/10.1109/CCIS.2014.7175727
[9] L. Barki, A. Shidling, N. Meti, D. G. Narayan, M. M.
Mulla, Detection of distributed denial of service attacks
in software defined networks, International Conference
on Advances in Computing, Communications and
Informatics (ICACCI), Jaipur, India, Sep. 21-24, 2016,
https://doi.org/10.1109/ICACCI.2016.7732445.
[10] M. Zhu, N. Guo, Abnormal network traffic detection
based on semi-supervised machine learning, Computer
Science, DEStech Transactions on Engineering and
Technology Research, Feb. 14, 2018,
https://doi.org/10.12783/dtetr/ecame2017/18466
[11] Z. Ma, J. Huang, Research on DDoS abnormal traffic
detection under SDN network, In: H. Shen, Y. Sang,
Parallel Architectures, Algorithms and Programming.
PAAP 2019, Communications in Computer and
Information Science, Springer, vol. 1163, pp. 368-379,
2020,
https://doi.org/10.1007/978-981-15-2767-8_33
[12] L. Yang, H. Zhao, DDoS attack identification and
defense using SDN based on machine learning method,
15th International Symposium on Pervasive Systems,
Algorithms and Networks (I-SPAN), Yichang, China,
Oct. 2018,
https://doi.org/10.1109/I-SPAN.2018.00036