A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

(1) * Majd Latah Mail (Ege University - Izmir - Turkey., Turkey)
(2) Levent Toker Mail (Ege University - Izmir - Turkey., Turkey)
*corresponding author


Software-Defined Networking (SDN) is an emerging networking paradigm that provides an advanced programming capability and moves the control functionality to a centralized controller. This paper proposes a two-stage novel intelligent approach that takes advantage of the SDN approach to detect Denial of Service (DoS) flooding attacks based on calculation of packet rate as the first step and followed by Support Vector Machine (SVM) classification as the second step. Flow concept is an essential idea in OpenFlow protocol which represents a common interface between an SDN switch and an SDN controller. Therefore, our system calculates the packet rate of each flow based on flow statistics obtained by SDN controller. Once the packet rate exceeds a predefined threshold, the system will activate the packet inspection unit which, in turn, will use the (SVM) algorithm to classify the previously collected packets. The experimental results showed that our system was able to detect DoS flooding attacks with 96.25% accuracy and 0.26% false alarm rate.


Denial of Service (DoS) Flooding Attacks; Software-Defined Networking (SDN); Support Vector Machines (SVM)




Article metrics

Abstract views : 157





A. Basta, W. Kellerer, M. Hoffmann, K. Hoffmann and E. D. Schmidt, “A virtual SDN-enabled LTE EPC architecture: A case study for S-/P-gateways functions,” in Proceedings of IEEE SDN for Future Networks and Services (SDN4FNS) Conference, 2013, pp. 1–7.

M. Jammal, T. Singh, A. Shami, R. Asal and Y. Li, “Software defined networking: State of the art and research challenges,” Computer Networks, vol. 72, pp. 74-98, October, 2014.

P. Görsansson and C. Black, Software Defined Networks - A Comprehensive Approach, 1st Edition, Morgan Kaufmann, 2014.

A. Akhunzada, E. Ahmed, A. Gani, M.K. Khan, M. Imran and S. Guizani, “Securing the software defined networks: Taxonomy, requirements, and open Issues,” IEEE Communications Magazine, vol. 53 no. 4, pp. 36-44, April, 2015.

I. Alsmadi and D. Xu, “Security of software defined networks: A survey,” Computers & Security, vol. 53, pp. 79-108, Sep., 2015.

C. YuHunag, T. MinChi, C. YaoTing, C. YuChie and C. YanRen, “A novel design for future on-demand service and security,” in: 12th IEEE International Conference on Communication Technology (ICCT), 2010, pp. 385-388.

R. Braga, E. Mota and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in 35th Annual IEEE Conference on Local Computer Networks, 2010, pp. 408–415.

X. Chen and S. Yu, “CIPA: A collaborative intrusion prevention architecture for programmable network and SDN,” Computers & Security, vol. 58, pp. 1–19, May, 2016.

B. Wang, Y. Zheng, W. Lou and Y. Thomas Hou, “DDoS attack protection in the era of cloud computing and software-defined networking,” Computer Networks, vol. 81, pp. 308–319, April, 2015.

K. Taekyoung and C. Yanghee, “Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure,” in: Proceedings of 1st European NetFPGA Developers Workshop, 2010, pp. 1-5.

S. Seungwon, Y. Vinod, P. Phillip and G. Guofei, “Avant-guard: scalable and vigilant switch flow management in software-defined networks,” in: Proceedings of the ACM Conference on Computer and Communications Security (CCS'13), 2013, pp. 413-424.

N. Naik and P. Jenkins, “Fuzzy reasoning based windows firewall for preventing denial of service attack,” in 2016 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE), 2016, pp. 759-766.

N. Naik, “Fuzzy inference based intrusion detection system: FI-snort,” in Proceedings of IEEE International Conference on Dependable, Autonomic and Secure Computing, 2015, pp. 2062–2067.

S. Dotcenko, A. Vladyko and I. Letenko, “A fuzzy logic-based information security management for software-defined networks,” in Proceedings of 16th International Conference on Advanced Communication Technology (ICACT), 2014, pp. 167–71.

I. Özçelik and R. Brooks, “Deceiving entropy based DoS detection,” Computers & Security, vol. 48, pp. 234-245, Feb. 2015.

K. J. Singh, K. Thongam and T. De, “Entropy-based application layer DDoS attack detection using artificial neural networks,” Entropy, vol. 18, no. 10, pp. 350-367, Oct., 2016.

J. David and C. Thomas, “DDoS attack detection using fast entropy approach on flow-based network traffic,” in: Proceedings of the 2nd International Symposium on Big Data and Cloud Computing (ISBCC’15), 2015, pp. 30-36.

C. Cortes and V. Vapnik, “Support-vector networks,” Machine learning, vol. 20, no. 3, pp. 273–297, September, 1995.

Z. Zhang, and H. Shen, “Application of online-training SVMs for real-time intrusion detection with different considerations,” Computer Communications, vol. 28, no. 12, pp. 1428-1442, July, 2005.

J. Yu, H. Lee, M.S. Kim, and D. Park, “Traffic flooding attack detection with SNMP MIB using SVM,” Computer Communications, vol. 31, no. 17, pp. 4212-4219, Nov., 2008.

S. Avallone, S. Guadagno, D. Emma, A. Pescape, and G. Ventre, “D-ITG distributed internet traffic generator,” in: Proceedings of IEEE First International Conference on Quantitative Evaluation of Systems (QEST 2004), 2004, pp. 316-317.

I. Mukhopadhyay, K.S. Gupta, D. Sen, and P. Gupta, “Heuristic intrusion detection and prevention system,” in Proceedings of 2015 IEEE International Conference and Workshop on Computing and Communication (IEMCON), 2015 pp. 1-7.

Copyright (c) 2018

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

International Journal of Advances in Intelligent Informatics
ISSN 2442-6571  (print) | 2548-3161 (online)
Organized by Informatics Department - Universitas Ahmad Dahlan , and UTM Big Data Centre - Universiti Teknologi Malaysia
Published by Universitas Ahmad Dahlan
W : http://ijain.org
E : info@ijain.org, andri.pranolo@tif.uad.ac.id (paper handling issues)
     ijain@uad.ac.id, andri.pranolo.id@ieee.org (publication issues)

View IJAIN Stats

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0