Enhanced Attacks Detection and Mitigation in Software Defined Networks
DOI:
https://doi.org/10.47672/ajce.2120Abstract
Purpose: The main aim of this research project was to develop a security simulation and mitigation mechanism for Software Defined Networking (SDN) deploying machine learning algorithms.
Materials and Methods: Applied research method was used whereby attacks were initially detected and classified using machine learning algorithms on the CiCDDoS2019 dataset; next a SDN virtual network was created through simulation in Mininet plus captured network data from the environment and finally applied machine learning algorithms to detect and mitigate the attacks in case of an attack occurrence.
Findings: Results showed higher rates of attack detection and lower false positive rates. Hence our system could be used in real life environments for attack detection and mitigation. However, the conditions and networks traffic would be different per the network configurations and tasks performed in the network environment
Implications to Theory, Practice and Policy: Based on the findings and knowledge acquired, some key recommendations for successful implementation of an Enhanced attack and detection scheme in SDN include: Use deep learning and ensemble learning as the system will have an awareness of its state and hence have better accuracy and less false alarm rates, conducting thorough feature analysis and selection based on statistical techniques, correlation analysis, and domain knowledge, experimenting with multiple algorithms like deep neural networks, ensemble learning algorithms, optimizing the system to minimize computational overhead and ensure real-time processing, performing the study on a real world sdn environment to ensure proper knowledge of the data flow patterns in real world environments and use multiple datasets in the implementation of the system.
Downloads
References
Aksu, Doğukan & Ustebay, Serpil & Aydin, M.Ali & Atmaca, Tülin. (2018). Intrusion Detection with Comparative Analysis of Supervised Learning Techniques and Fisher Score Feature Selection Algorithm. 10.1007/978-3-030-00840-6_16.
Amrish, R., Bavapriyan, K., Gopinaath, V., Jawahar, A., & Kumar, C. V. (2022). DDoS detection using machine learning techniques. Journal of IoT in Social, Mobile, Analytics, and Cloud, 4(1), 24-32.
Bawany, N. Z., Shamsi, J. A., & Salah, K. (2017). DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arabian Journal for Science and Engineering, 42, 425-441.
Bergstra, J., Yamins, D., & Cox, D. D. (2013, June). Hyperopt: A python library for optimizing the hyperparameters of machine learning algorithms. In Proceedings of the 12th Python in science conference (Vol. 13, p. 20).
Cameron Magazine (2021). https://www.cameroonmagazine.com/actualite-internationale/cm-software-defined-networking-sdn-market-development-strategies-growth-rate-and-opportunity-assessment-till-2025/
C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, 2017 “DDoS in the IoT: Mirai and other botnets,” Computer (Long Beach Calif), vol. 50, no. 7, doi: 10.1109/MC.2017.201Carlos Javier, Gonzalez. (2017). Management of a heterogeneous distributed architecture with the SDN.
Chan P & Vargiya, R. (2013). Boundary Detection in Tokenizing Network Application Payload for Anomaly Detection. Melbourne: Florida Institute of Technology
Chen, W.-K., 1993. Linear Networks and Systems. Wadsworth, Belmont, CA, USA, pp. 123–135.
Chirag N. Modi, Dhiren R. Patel, Avi Patel, et al. “Bayesian Classifier and Snort based network intrusion detection system in cloud computing”. In: 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT’12). ISSN: null. July 2012, pp. 1–7. doi: 10 . 1109 / ICCCNT.2012.6396086.
DDoS attack that disrupted internet was largest of its kind in history, experts say | Hacking | The Guardian.” https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet (accessed May . 10, 2023).
Eliyan, L.F.; Di Pietro, (2021). DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research challenges. Future Gener. Comput. Syst.
Elsayed, M. S., Le-Khac, N. A., Dev, S., & Jurcut, A. D. (2019, October). Machine-learning techniques for detecting attacks in SDN. In 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT) (pp. 277-281). IEEE.
Farhady, H., Lee, H., & Nakao, A. (2015). Software-defined networking: A survey. Computer Networks, 81, 79-95.
Garg, S., Kaur, K., Kumar, N., Kaddoum, G., Zomaya, A. Y., & Ranjan, R. (2019). A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Transactions on Network and Service Management, 16(3), 924-935.
Gueant, V. (2021). iPerf-iPerf3 and iPerf2 user documentation. Iperf. fr.
Gong, D. F. (2003). Deciphering Detection Techniques: Part II Anomaly-Based Intrusion Detection. McAfee Security.
Hande, Y., & Muddana, A. (2019, November). Intrusion detection system using deep learning for software defined networks (SDN). In 2019 International Conference on Smart Systems and Inventive Technology (ICSSIT) (pp. 1014-1018). IEEE.
Hardesty, L. (2017). Google Brings SDN to the Public Internet. sdxcentral: https://www.sdxcentral.com/articles/news/google-brings-sdn-publicinternet/2017/04/, Access Date:21.04.2023
Hinden, R. M. (2014). SDN And Security: Why take over the hosts while you can take the whole network. RSA Conference: Capitalizing on collective intelligence. San Francisco.
Hussain, J., & Hnamte, V. (2021, September). A novel deep learning based intrusion detection system: Software defined network. In 2021 International Conference on innovation and intelligence for informatics, computing, and technologies (3ICT) (pp. 506-511). IEEE.
Islam, Md Tariqul & Islam, Nazrul & Refat, Md. (2020). Node to Node Performance Evaluation through RYU SDN Controller. Wireless Personal Communications. 112. 10.1007/s11277-020-07060-4.
“Isms family of standards,” standard, International Organization for Standardization, Geneva, CH, 2018
Jammal, M., Singh, T., Shami, A., Asal, R., & Li, Y. (2014). Software defined networking: State of the art and research challenges. Computer Networks, 72, 74-98.
Janabi, A. H., Kanakis, T., & Johnson, M. (2022). Convolutional neural network based algorithm for early warning proactive system security in software defined networks. IEEE Access, 10, 14301-14310.
Javaid, A., Niyaz, Q., Sun, W., (2016, May). A deep learning approach for network intrusion detection system. In Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS) (pp. 21-26).
Jafarian, Tohid & Masdari, Mohammad & Ghaffari, Ali & Majidzadeh, Kambiz. (2020). Security anomaly detection in software-defined networking based on a prediction technique. International Journal of Communication Systems. 33. e4524. 10.1002/dac.4524.
Junhong T (2020) A Machine Learning Framework for Host Based Intrusion Detection using machine learning.
Kanakarajan, N. K., & Muniasamy, K. (2016). Improving the accuracy of intrusion detection using gar-forest with feature selection. In Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015 (pp. 539-547). Springer India.
Kaur, Sukhveer & Singh, Japinder & Ghumman, Navtej. (2014). Network Programmability Using POX Controller. 10.13140/RG.2.1.1950.6961.
Kolias, N., Moustafa, N., & Sitnikova, E. (2017). Forensics and deep learning mechanisms for botnets in internet of things: A survey of challenges and solutions. IEEE Access, 7, 61764-61785.
Kousar, H., Mulla, M. M., Shettar, P., & Narayan, D. G. (2021, June). Detection of DDoS attacks in software defined network using decision tree. In 2021 10th IEEE International Conference on Communication Systems and Network Technologies (CSNT) (pp. 783-788). IEEE.
Kurochkin, I. I., & Volkov, S. S. (2020, September). Using GRU based deep neural network for intrusion detection in software-defined networks. In IOP Conference Series: Materials Science and Engineering (Vol. 927, No. 1, p. 012035). IOP Publishing.
Kumar Singh, V. (2020). DDOS attack detection and mitigation using statistical and machine learning methods in SDN (Doctoral dissertation, Dublin, National College of Ireland).
Labonne, M., Olivereau, A., Polvé, B., & Zeghlache, D. (2019, January). A cascade-structured meta-specialists approach for neural network-based intrusion detection. In 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-6). IEEE
Le J (2017). A logitboost-based algorithm for detecting known and unknown attacks in Networks
Lemaître, G., Nogueira, F., & Aridas, C. K. (2017). Imbalanced-learn: A python toolbox to tackle the curse of imbalanced datasets in machine learning. The Journal of Machine Learning Research, 18(1), 559-563.
Leung, K., & Leckie, C. (2005, January). Unsupervised anomaly detection in network intrusion detection using clusters. In Proceedings of the Twenty-eighth Australasian conference on Computer Science-Volume 38 (pp. 333-342).
Lim, A. (2015, July). Security risks in SDN and other new software issues. In RSA Conference.
M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker , 2007, Ethane: Taking Control of the Enterprise in Proceedings of the 2007 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, ser. SIGCOMM 07. ACM
Martin Casado (December 2007). "Architectural Support for Security Management in Enterprise Networks" (PDF). PhD dissertation. Stanford University. Retrieved October 30, 2016
Mell, P. (2007). Intrusion detection and prevention systems. In Handbook of Information and Communication Security (pp. 177-192). Berlin, Heidelberg: Springer Berlin Heidelberg.
Metzler, J. (2014). SDN and Network Virtualization: A Reality Check. Network World: https://www.networkworld.com/article/2604023/software-definednetworking/sdn-and-network-virtualization-a-reality-check.html, Access date:6.05.2023.
Mittal, Sangeeta. (2018). Performance Evaluation of Openflow SDN Controllers. 10.1007/978-3-319-76348-4_87.
Modi, M., Abd Allah, M., & Tawfik, B. (2012). Intrusion detection model using naive bayes and deep learning technique. Int. Arab J.
Myint oo, S., & Kaur, G. (2019). SVM Implementation for DDoS Attacks in Software Defined Networks. International Journal of Innovative Technology and Exploring Engineering
Nakandala, S., Zhang, Y., & Kumar, A. (2020). Cerebro: A data system for optimized deep learning model selection. Proceedings of the VLDB Endowment, 13(12), 2159-2173.
Neupane, R.L., Neely, T., Chettri, N., Vassell, M., Zhang, Y., Calyam, P., Durairajan, R.: Dolus, 2018. In: Proceedings of the 19th International Conference on Distributed Computing and Networking - ICDCN ’18. pp. 1–10. ACM Press, New York, New York, USA
"NSL-KDD | Datasets | Research | Canadian Institute for Cybersecurity | UNB." https://www.unb.ca/cic/datasets/nsl.html (accessed May 07, 2023).
Nunez, A., Ayoka, J., Islam, M. Z., & Ruiz, P. (2023). A Brief Overview of Software-Defined Networking. arXiv preprint arXiv:2302.00165.
P. FARINA, E. CAMBIASO, G. PAPALEO and M. AIELLO, 2015 “Understanding DDoS Attacks from Mobile Devices” 3rd International Conference on Future Internet of Things and Cloud, Rome
Preprocessing data — scikit-learn 0.22.2 documentation. retrieved: https:// scikit-learn.org/stable/modules/preprocessing.html (visited on 03/06/2023)
R. T. Kokila, S. T. Selvi and K. Govindarajan 2014, “DDoS detection and analysis in SDN-based environment using support vector machine classifier,” IEEE sixth international conference on advanced computing (ICoAC) (pp. 205-210).
Rajendra Patil, Harsha Dudeja, Snehal Gawade, et al. “Protocol Specific MultiThreaded Network Intrusion Detection System (PM-NIDS) for DoS/DDoS Attack Detection in Cloud”. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT). ISSN: null. July 2018, pp. 1–7. doi: 10.1109/ICCCNT.2018.8494130.
Ring, M., Wunderlich, S., Scheuring, D., Landes, D., & Hotho, A. (2019). A survey of network-based intrusion detection data sets. Computers & Security, 86, 147-167.
Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229-238).
S. KUMAR and K. M. CARLEY 2016, Understanding DDoS cyber-attacks using social media analytics, 2016 IEEE Conference on Intelligence and Security Informatics (ISI), Tucson, AZ, pp. 231–236,
Sahay, and G. Blanc 2017, “ArOMA: An SDN based autonomic DDoS mitigation framework,” computers & security, 70, 482-49
Santos, R., Souza, D., Santo, W., Ribeiro, A. and Moreno, E. (2019). Machine learning algorithms to detect ddos attacks in sdn, Concurrency and Computation: Practice and Experience p. e5402. JCR Impact Factor: 1.167 (2019).
Sarioguz, O., & Miser, E. (2024). Artificial intelligence and participatory leadership: The role of technological transformation in business management and its impact on employee participation. International Research Journal of Modernization in Engineering, Technology and Science, 6(2), Article 1618. https://www.doi.org/10.56726/IRJMETS49539
Schneider, P. (2015). SDN security : Nokia Research perspective . Nokia Solutions and Networks
sdxcentral. (n.d.). Why SDN or NFV Now? www.sdxcentral.com: https://www.sdxcentral.com/sdn/definitions/why-sdn-software-definednetworking-or-nfv-network-functions-virtualization-now/, Access Date:15.06.2023
Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. (2019, October). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST) (pp. 1-8). IEEE.
Shoeb, A., & Chithralekha, T. (2016, March). Resource management of switches and Controller during saturation time to avoid DDoS in SDN. In 2016 IEEE International Conference on Engineering and Technology (ICETECH) (pp. 152-157). IEEE.
Simkin, S. (2017). What Is An Intrusion Detection System? https://www.paloaltonetworks.com: https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusiondetection-system-ids
Sinha, S., Sinha, S., & Karkal. (2018). Beginning Ethical Hacking with Kali Linux. Apress.
Tama, B. A., Patil, A. S., & Rhee, K. H. (2017, August). An improved model of anomaly detection using two-level classifier ensemble. In 2017 12th Asia joint conference on information security (AsiaJCIS) (pp. 1-4). IEEE.
Tandon, Rajat. (2020). A Survey of Distributed Denial of Service Attacks and Defenses. 10.48550/arXiv.2008.01345.
Tang, T. et al., (2016, October). Deep learning approach for network intrusion detection in software defined networking. In 2016 international conference on wireless networks and mobile communications (WINCOM) (pp. 258-263). IEEE.
Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009, July). A detailed analysis of the KDD CUP 99 data set. In 2009 IEEE symposium on computational intelligence for security and defense applications (pp. 1-6). Ieee.
Tom Fawcett. “An introduction to ROC analysis”. en. In: Pattern Recognition Letters 27.8 (June 2020), pp. 861–874. issn: 01678655. doi: 10.1016/j. patrec.2005.10.010. url: https://linkinghub.elsevier.com/retrieve/ pii/S016786550500303X (visited on 02/26/2023)
Visual Studio Code—Code Editing. Redefined. (n.d.). Retrieved May 12, 2023, from https://code.visualstudio.com/
Vinayakumar, R., Soman, K. P., & Poornachandran, P. (2017, September). Applying convolutional neural network for network intrusion detection. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (pp. 1222-1228). IEEE
Vnware. (s.d.). What is an intrusion prevention system? Accessed at https://www.vmware.com/topics/glossary/content/intrusion-prevention-system.html
Walkowski, D. (2019). What is the CIA Triad. F5 Labs, 9.
Werlinger, R., Hawkey, K., Muldner, K., Jaferian, P., & Beznosov, K. (2008, July). The challenges of using an intrusion detection system: is it worth the effort?. In Proceedings of the 4th symposium on Usable privacy and security (pp. 107-118).
Yang, C., Liu, J., Kristiani, E., Liu, M., You, I., and Pau, G. (2020). Netflow monitoring and cyberattack detection using deep learning with ceph. IEEE Access, 8, 7842-7850. 10.1109/ACCESS.2019.2963716
Zhang, N., Jaafar, F., & Malik, Y. (2019, June). Low-rate DoS attack detection using PSD based entropy and machine learning. In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) (pp. 59-62). IEEE.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Suh Charles Forbacha, Maah Kelvin Kinteh, Eng. Mohamadou Hamza
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
