Software-Defined Network (SDN) has recently emerged as a network paradigm due to its high network programmability and flexibility which can overcome the problem in traditional networks by decoupling the control plane from the data plane. The data plane will forward the packets as per the decision made by the controller in the control plane. This centralized control will help to provide the abstract view of the entire network infrastructure. Since the controller is a core part of SDN, it is more prone for attacks and turns as a major threat to the entire network. Distributed Denial of Service (DDoS) attack can then overload the SDN controller and switch flow table which leads to a performance degrade of the network. To address this problem, we have deployed two level security mechanisms. In level one, an entropy-based mechanism is proposed to detect the DDoS flooding attack in the early stage by temporarily holding the particular flow. In level two, a machine learning-based C4.5 technique is proposed to detect the attack by analysing additional features and send a permanent alert to drop the packets. The results are analysed with K-fold validation technique in terms of sensitivity, specificity and accuracy.
A.Alshamrani, A.Chowdhary, S.Pisharody, D.Lu and D.Huang, A defense system for defeating ddos attacks in sdn based networks, in: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, ACM, 2017, pp. 83–92.
2.
L.Barki, A.Shidling, N.Meti, D.G.Narayan and M.M.Mulla, Detection of distributed denial of service attacks in software defined networks, in: 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 2016, pp. 2576–2581.
3.
N.Z.Bawany, J.A.Shamsi and K.Salah, DDoS attack detection and mitigation using SDN: Methods, practices, and solutions, Arabian Journal for Science and Engineering42(2) (2017), 425–441. doi:10.1007/s13369-017-2414-5.
4.
R.Braga, E.Mota and A.Passito, Lightweight DDoS flooding attack detection using NOX/OpenFlow, in: IEEE Local Computer Network Conference, IEEE, 2010, pp. 408–415. doi:10.1109/LCN.2010.5735752.
5.
T.Chin, X.Mountrouidou, X.Li and K.Xiong, An SDN-supported collaborative approach for DDoS flooding detection and containment, in: MILCOM 2015 – 2015 IEEE Military Communications Conference, IEEE, 2015, pp. 659–664. doi:10.1109/MILCOM.2015.7357519.
6.
G.D’Angelo, F.Palmieri and S.Rampone, Detecting unfair recommendations in trust-based pervasive environments, Information Sciences486 (2019), 31–51. doi:10.1016/j.ins.2019.02.015.
7.
L.Dridi and M.F.Zhani, SDN-guard: DoS attacks mitigation in SDN networks, in: 2016 5th IEEE International Conference on Cloud Networking (Cloudnet), IEEE, 2016, pp. 212–217.
8.
L.Dridi and M.F.Zhani, A holistic approach to mitigating DoS attacks in SDN networks, International Journal of Network Management28(1) (2018), e1996. doi:10.1002/nem.1996.
9.
K.Giotis, C.Argyropoulos, G.Androulidakis, D.Kalogeras and V.Maglaris, Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments, Computer Networks62 (2014), 122–136. doi:10.1016/j.bjp.2013.10.014.
10.
M.Haapajärvi, Trusted communication in SDN OpenFlow channel: Investigating assumed trusted communication between SDN controller and switch and possible attack scenarios, 2017.
11.
V.Y.Hnatyshin and A.F.Lobo, Undergraduate data communications and networking projects using opnet and wireshark software, ACM SIGCSE Bulletin40(1) (2008), 241–245. doi:10.1145/1352322.1352222.
12.
T.Y.Huang, V.Jeyakumar, B.Lantz, N.Feamster, K.Winstein and A.Sivaraman, Teaching computer networking with mininet, in: ACM SIGCOMM, 2014.
13.
K.Kato and V.Klyuev, An intelligent DDoS attack detection system using packet analysis and support vector machine, IJICR (2014), 478–485.
14.
S.Kaur, J.Singh and N.S.Ghumman, Network programmability using POX controller, in: ICCCS International Conference on Communication, Computing & Systems, Vol. 138, IEEE, 2014.
15.
R.T.Kokila, S.T.Selvi and K.Govindarajan, DDoS detection and analysis in SDN-based environment using support vector machine classifier, in: 2014 Sixth International Conference on Advanced Computing (ICoAC), IEEE, 2014, pp. 205–210.
16.
D.Kreutz, F.M.Ramos, P.Verissimo, C.E.Rothenberg, S.Azodolmolky and S.Uhlig, Software-defined networking: A comprehensive survey, Proceedings of the IEEE103(1) (2015), 14–76. doi:10.1109/JPROC.2014.2371999.
17.
M.Latah and L.Toker, Artificial intelligence enabled software-defined networking: A comprehensive overview, IET Networks8(2) (2018), 79–99. doi:10.1049/iet-net.2018.5082.
18.
S.Lim, J.Ha, H.Kim, Y.Kim and S.Yang, A SDN-oriented DDoS blocking scheme for botnet-based attacks, in: 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN), IEEE, 2014, pp. 63–68.
19.
Y.Lu and M.Wang, An easy defense mechanism against botnet-based DDoS flooding attack originated in SDN environment using sFlow, in: Proceedings of the 11th International Conference on Future Internet Technologies, ACM, 2016, pp. 14–20.
20.
S.A.Mehdi, J.Khalid and S.A.Khayam, Revisiting traffic anomaly detection using software defined networking, in: International Workshop on Recent Advances in Intrusion Detection, Springer, Berlin, Heidelberg, 2011, pp. 161–180. doi:10.1007/978-3-642-23644-0_9.
21.
S.A.Mehdi, J.Khalid and S.A.Khayam, Revisiting traffic anomaly detection using software defined networking, in: International Workshop on Recent Advances in Intrusion Detection, Springer, Berlin, Heidelberg, 2011, pp. 161–180. doi:10.1007/978-3-642-23644-0_9.
22.
N.Meti, D.G.Narayan and V.P.Baligar, Detection of distributed denial of service attacks using machine learning algorithms in software defined networks, in: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 2017, pp. 1366–1371.
23.
S.M.Mousavi and M.St-Hilaire, Early detection of DDoS attacks against software defined network controllers, Journal of Network and Systems Management (2018), 1–19.
24.
F.Palmieri, U.Fiore and A.Castiglione, A distributed approach to network anomaly detection based on independent component analysis, Concurrency and Computation: Practice and Experience26(5) (2014), 1113–1129. doi:10.1002/cpe.3061.
25.
F.Palmieri, S.Ricciardi, U.Fiore, M.Ficco and A.Castiglione, Energy-oriented denial of service attacks: An emerging menace for large cloud infrastructures, The Journal of Supercomputing71(5) (2015), 1620–1641. doi:10.1007/s11227-014-1242-6.
26.
K.Polat and S.Güneş, A novel hybrid intelligent method based on C4.5 decision tree classifier and one-against-all approach for multi-class classification problems, Expert Systems with Applications36(2) (2009), 1587–1592. doi:10.1016/j.eswa.2007.11.051.
27.
N.G.Relan and D.R.Patil, Implementation of network intrusion detection system using variant of decision tree algorithm, in: 2015 International Conference on Nascent Technologies in the Engineering Field (ICNTE), IEEE, 2015, pp. 1–5.
28.
L.Rokach and O.Z.Maimon, Data Mining with Decision Trees: Theory and Applications, Vol. 69, World Scientific, 2008.
29.
F.Tariq and S.Baig, Botnet classification using centralized collection of network flow counters in software defined networks, International Journal of Computer Science and Information Security14(8) (2016), 1075.
30.
R.Wang, Z.Jia and L.Ju, An entropy-based distributed DDoS detection mechanism in software-defined networking, in: 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1, IEEE, 2015, pp. 310–317. doi:10.1109/Trustcom.2015.389.
