A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

(1) * Majd Latah Mail (Ege University - Izmir - Turkey., Turkey)
(2) Levent Toker Mail (Ege University - Izmir - Turkey., Turkey)
*corresponding author


Software-Defined Networking (SDN) is an emerging networking paradigm that provides an advanced programming capability and moves the control functionality to a centralized controller. This paper proposes a two-stage novel intelligent approach that takes advantage of the SDN approach to detect Denial of Service (DoS) flooding attacks based on calculation of packet rate as the first step and followed by Support Vector Machine (SVM) classification as the second step. Flow concept is an essential idea in OpenFlow protocol, which represents a common interface between an SDN switch and an SDN controller. Therefore, our system calculates the packet rate of each flow based on flow statistics obtained by SDN controller. Once the packet rate exceeds a predefined threshold, the system will activate the packet inspection unit, which, in turn, will use the (SVM) algorithm to classify the previously collected packets. The experimental results showed that our system was able to detect DoS flooding attacks with 96.25% accuracy and 0.26% false alarm rate.


Denial of Service (DoS) Flooding Attacks; Software-Defined Networking (SDN); Support Vector Machines (SVM)




Article metrics

Abstract views : 3427 | PDF views : 443




Full Text



[1] A. Basta, W. Kellerer, M. Hoffmann, K. Hoffmann, and E.-D. Schmidt, “A virtual SDN-enabled LTE EPC architecture: A case study for S-/P-gateways functions,” in Future Networks and Services (SDN4FNS), 2013 IEEE SDN for, 2013, pp. 1–7, doi: https://doi.org/10.1109/SDN4FNS.2013.6702532.

[2] M. Jammal, T. Singh, A. Shami, R. Asal, and Y. Li, “Software defined networking: State of the art and research challenges,” Comput. Networks, vol. 72, pp. 74–98, 2014, doi: https://doi.org/10.1016/j.comnet.2014.07.004.

[3] P. Goransson, C. Black, and T. Culver, Software defined networks: a comprehensive approach, 2nd Editio. Morgan Kaufmann, 2016, available at: https://www.elsevier.com/books/software-defined-networks/goransson/978-0-12-804555-8.

[4] A. Akhunzada, E. Ahmed, A. Gani, M. K. Khan, M. Imran, and S. Guizani, “Securing software defined networks: taxonomy, requirements, and open issues,” IEEE Commun. Mag., vol. 53, no. 4, pp. 36–44, 2015, doi: https://doi.org/10.1109/MCOM.2015.7081073.

[5] I. Alsmadi and D. Xu, “Security of software defined networks: A survey,” Comput. Secur., vol. 53, pp. 79–108, 2015, doi: https://doi.org/10.1016/j.cose.2015.05.006.

[6] C. YuHunag, T. MinChi, C. YaoTing, C. YuChieh, and C. YanRen, “A novel design for future on-demand service and security,” in Communication Technology (ICCT), 2010 12th IEEE International Conference on, 2010, pp. 385–388, doi: https://doi.org/10.1109/ICCT.2010.5689156.

[7] R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Local Computer Networks (LCN), 2010 IEEE 35th Conference on, 2010, pp. 408–415, doi: https://doi.org/10.1109/LCN.2010.5735752.

[8] X.-F. Chen and S.-Z. Yu, “CIPA: A collaborative intrusion prevention architecture for programmable network and SDN,” Comput. Secur., vol. 58, pp. 1–19, 2016, doi: https://doi.org/10.1016/j.cose.2015.11.008.

[9] B. Wang, Y. Zheng, W. Lou, and Y. T. Hou, “DDoS attack protection in the era of cloud computing and software-defined networking,” Comput. Networks, vol. 81, pp. 308–319, 2015, doi: https://doi.org/10.1016/j.comnet.2015.02.026.

[10] J. Suh, H. Choi, W. Yoon, T. You, T. T. Kwon, and Y. Choi, “Implementation of Content-Oriented Networking Architecture (CONA): A Focus on DDoS Countermeasure,” in 1st European NetFPGA Developers Workshop, 2010, pp. 1–5, available at : https://mmlab.snu.ac.kr/publications/docs/2010_EU_netfpga_workshop_jhsuh.pdf.

[11] S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “Avant-guard: Scalable and vigilant switch flow management in software-defined networks,” in Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, 2013, pp. 413–424, doi: https://doi.org/10.1145/2508859.2516684.

[12] N. Naik and P. Jenkins, “Fuzzy reasoning based windows firewall for preventing denial of service attack,” in Fuzzy Systems (FUZZ-IEEE), 2016 IEEE International Conference on, 2016, pp. 759–766, doi: https://doi.org/10.1109/FUZZ-IEEE.2016.7737764.

[13] N. Naik, “Fuzzy inference based intrusion detection system: FI-Snort,” in Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, 2015, pp. 2062–2067, doi: https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.306.

[14] S. Dotcenko, A. Vladyko, and I. Letenko, “A fuzzy logic-based information security management for software-defined networks,” in Advanced Communication Technology (ICACT), 2014 16th International Conference on, 2014, pp. 167–171, doi: https://doi.org/10.1109/ICACT.2014.6778942.

[15] I. Özçelik and R. R. Brooks, “Deceiving entropy based DoS detection,” Comput. Secur., vol. 48, pp. 234–245, 2015, doi: https://doi.org/10.1016/j.cose.2014.10.013.

[16] K. Johnson Singh, K. Thongam, and T. De, “Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks,” Entropy, vol. 18, no. 10, p. 350, 2016, doi: https://doi.org/10.3390/e18100350.

[17] J. David and C. Thomas, “DDoS attack detection using fast entropy approach on flow-based network traffic,” Procedia Comput. Sci., vol. 50, pp. 30–36, 2015, doi: https://doi.org/10.1016/j.procs.2015.04.007.

[18] C. Cortes and V. Vapnik, “Support-vector networks,” Mach. Learn., vol. 20, no. 3, pp. 273–297, 1995, doi: https://doi.org/10.1007/BF00994018.

[19] Z. Zhang and H. Shen, “Application of online-training SVMs for real-time intrusion detection with different considerations,” Comput. Commun., vol. 28, no. 12, pp. 1428–1442, 2005, doi: https://doi.org/10.1016/j.comcom.2005.01.014.

[20] J. Yu, H. Lee, M.-S. Kim, and D. Park, “Traffic flooding attack detection with SNMP MIB using SVM,” Comput. Commun., vol. 31, no. 17, pp. 4212–4219, 2008, doi: https://doi.org/10.1016/j.comcom.2008.09.018.

[21] S. Avallone, S. Guadagno, D. Emma, A. Pescape, and G. Ventre, “D-ITG distributed internet traffic generator,” in Quantitative Evaluation of Systems, 2004. QEST 2004. Proceedings. First International Conference on the, 2004, pp. 316–317, doi: https://doi.org/10.1109/QEST.2004.1348045.

[22] I. Mukhopadhyay, K. S. Gupta, D. Sen, and P. Gupta, “Heuristic Intrusion Detection and Prevention System,” in Computing and Communication (IEMCON), 2015 International Conference and Workshop on, 2015, pp. 1–7, doi: https://doi.org/10.1109/IEMCON.2015.7344479.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

International Journal of Advances in Intelligent Informatics
ISSN 2442-6571  (print) | 2548-3161 (online)
Organized by UAD and ASCEE Computer Society
Published by Universitas Ahmad Dahlan
W: http://ijain.org
E: info@ijain.org (paper handling issues)
   andri.pranolo.id@ieee.org (publication issues)

View IJAIN Stats

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0