Next Article in Journal
Assessing the Impact of AR HUDs and Risk Level on User Experience in Self-Driving Cars: Results from a Realistic Driving Simulation
Previous Article in Journal
Reliability Prediction and FMEA of Loading and Unloading Truss Robot for CNC Punch
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 8
10.3390/app13084953
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Distributed Blockchain-SDN Secure IoT System Based on ANN to Mitigate DDoS Attacks

Appl. Sci. 2023, 13(8), 4953; https://doi.org/10.3390/app13084953
by Rihab Jmal 1,2,*, Walid Ghabri 1,2, Ramzi Guesmi 3,4,*, Badr M. Alshammari 5, Ahmed S. Alshammari 5 and Haitham Alsaif 5
Reviewer 1: Anonymous
Reviewer 3:
Paul Loh
Appl. Sci. 2023, 13(8), 4953; https://doi.org/10.3390/app13084953
Submission received: 1 March 2023 / Revised: 12 April 2023 / Accepted: 12 April 2023 / Published: 14 April 2023

Round 1

Reviewer 1 Report

In this research paper, the authors present an extensive analysis of DDoS attacks in both IoT and SDN. Various methods for detecting and mitigating such attacks, utilizing SDN, Blockchain, and Machine learning models, are reviewed. Furthermore, the authors suggest a comprehensive secure IoT system that employs a multi-controller SDN architecture.

 

 

Comments for author:

 

1. The paper is written in a clear and understandable manner. The logical flow of the content is easily comprehensible.

 

2. The introduction section of the paper might require revision. It contains too many buzzwords and lacks focus, which may confuse the readers.

 

3. The author discusses a Distributed Blockchain-SDN Secure IoT System. However, it should be noted that SDN is a centralized networking technology and Blockchain technology is decentralized. It remains unclear how the centralized capabilities of SDN and the decentralized nature of Blockchain are integrated to counter DDoS attacks in the proposed system.

 

4. The author ought to furnish more information about the data set used in the ANN analysis, including details on data collection, data size, and features. Additional information on the data set would enhance the clarity and validity of the research findings.

 

5. It is unclear from Figures 7 and 8 whether the dataset used in the study consists mainly of easy cases. In real-world scenarios, achieving such high levels of performance may be unrealistic for the model.

Author Response

Response to Reviewer 1 Comments

We want to express our appreciation for taking the necessary time and effort to provide such insightful guidance. Your comments have greatly aided us to improve the paper and we thank you for that. We have addressed each comment separately and in detail.

Comment 1:

  1. The paper is written in a clear and understandable manner. The logical flow of the content is easily comprehensible.

Response:

We appreciate your comment.

Comment 2:

  1. The introduction section of the paper might require revision. It contains too many buzzwords and lacks focus, which may confuse the readers.

Response:

The introduction is now revised regarding the reviewers’ comments as illustrated in the manuscript.

 Comment 3:

  1. The author discusses a Distributed Blockchain-SDN Secure IoT System. However, it should be noted that SDN is a centralized networking technology and Blockchain technology is decentralized. It remains unclear how the centralized capabilities of SDN and the decentralized nature of Blockchain are integrated to counter DDoS attacks in the proposed system.

Response:

We added in the introduction:

“To overcome the limits of the centralized aspect of SDN, distributed SDN is considered based on multiple controllers. However, the communication between SDN controllers is still challenging and raises security issues. In this context, adopting Blockchain on the control plane of SDN architecture can increase the benefit of this paradigm for the management of IoT environment while guaranteeing the security of communication between multiple controllers.”

We added in section 7 “Proposed Solution”, the following text:

“Having multiple controllers in an SDN-managed IoT network facilitates to scale up or down the network by adding or removing controllers as needed. This makes the management of large IoT networks easier, and allows for greater flexibility in network design. Also, such distributed SDN networks allow fault tolerance: in the event of a failure or malfunction of one controller, other controllers can take over the network management tasks, ensuring that the network remains operational and secure. In addition, the distribution of network management tasks allows load balancing that could reduce the burden on one controller and improve network performance.”

Then, we added in the same section: “The Blockchain serves as a distributed ledger that maintains a secure and tamper-proof record of the traffic type (normal or malicious). By using a Blockchain at the control plane level, it is possible to ensure that each switch has a consistent and up-to-date version of rules, and that any change or update made to the rules are recorded and verified across the network. Once the ANN model identifies an attack, the Blockchain is updated with the information on the attack, and the information is shared securely with the other controllers. Hence, any traffic that matches the characteristics of the attack, will be denied to reach network resources and illegitimate traffic of DDoS attacks could be detected and blocked by Firewalls of the data plane. Consequently, the ANN model helps in optimizing traffic payload which reduces network congestion and improves the overall performance of the network. “

 Comment 4:

  1. The author ought to furnish more information about the data set used in the ANN analysis, including details on data collection, data size, and features. Additional information on the data set would enhance the clarity and validity of the research findings.

Response:

We added a subsubsection “7.1.1 Dataset description”

The "Novel SDN Dataset for Intrusion Detection in IoT Networks" [52] is used in this work. This dataset is designed to support research in intrusion detection for IoT net-works using SDN. It contains network traffic captured from a software-defined network (SDN) in an Internet of Things (IoT) environment during various cyber-attacks launched by four attacker hosts against a server and other simulated IoT devices exchanging a large amount of data. The attacks include DoS, DDoS, port scanning, OS fingerprinting, and fuzzing, and were per-formed with different configurations 10 to 12 times each, depending on the attack type. The testbed used in the experiment was set up using Mininet to simulate an IoT network. It was similar to the Bot-IoT setup and managed by the ONOS controller. The size of the normal traffic is about 2.67M representing 8.84% of the whole traffic, while DDoS traffic size is around 182K, the rest of the traffic is related to the other attacks.

 This dataset provides a rich set of features that can be used to develop and evaluate intrusion detection systems for IoT networks such as packet counts, byte counts, source and destination IP addresses, port numbers, category, and more. These features are used to develop machine learning models or other analytical techniques that can automatically identify and flag anomalous network activity.

Comment 5:

  1. It is unclear from Figures 7 and 8 whether the dataset used in the study consists mainly of easy cases. In real-world scenarios, achieving such high levels of performance may be unrealistic for the model.

Response:

We added a subsubsection “7.1.1 Dataset description” to clarify this point.

Reviewer 2 Report

The paper does an excellent job of highlighting the benefits of using SDN for IoT network management, but it would be helpful to have a more detailed discussion of the potential drawbacks and limitations of this approach. For example, are there certain types of IoT devices or applications that may not be well-suited to SDN management, and if so, what are the implications of this for the overall security and functionality of the network?

 

The section on DDoS attacks is quite comprehensive, but it would be beneficial to see more discussion of other types of security threats that may be relevant to IoT networks, such as malware, ransomware, or phishing attacks. Including a broader range of security issues could help to contextualize the importance of DDoS prevention and mitigation within the larger landscape of IoT security.

 

While the proposed solution for a secure IoT system based on SDN with a multi-controller and Blockchain is intriguing, it would be helpful to have a more detailed discussion of the practical challenges involved in implementing such a system. For example, what are the potential costs and resource requirements of deploying multiple controllers for network management, and how might the use of Blockchain impact network performance or scalability?

 

The review of detection and mitigation techniques based on SDN, Blockchain, and machine learning models is quite informative, but it would be beneficial to see more discussion of how these different approaches could be combined or integrated to create a more comprehensive security solution for IoT networks. For example, how might machine learning algorithms be used to improve the accuracy and efficiency of DDoS detection within an SDN-managed IoT network that also utilizes Blockchain for secure communication?

There are not enough citations in the introduction section. Using the below four key references in the introduction section, discuss a few sentences about the paper's topic and new state-of-the-art subjects.

https://ieeexplore.ieee.org/abstract/document/10023500

https://link.springer.com/article/10.1007/s10586-022-03776-z

https://www.mdpi.com/1424-8220/22/11/4182

https://www.mdpi.com/2076-3417/12/9/4245

Finally, the paper would benefit from a more detailed discussion of the implications of the proposed secure IoT system for end-users and other stakeholders. For example, how might the implementation of this system impact the user experience of IoT devices, and what steps might need to be taken to ensure that end-users are able to easily understand and interact with the system's security features? Additionally, what are the potential economic and regulatory implications of deploying such a system on a large scale, and how might these factors impact its overall feasibility and adoption?

Author Response

Response to Reviewer 2 Comments

We would like to thank you for your valuable comments. We have found that your remarks are very constructive and lead to the paper’s improvement. All suggested changes have been incorporated as shown in the revised manuscript.

Comment 1:

The paper does an excellent job of highlighting the benefits of using SDN for IoT network management, but it would be helpful to have a more detailed discussion of the potential drawbacks and limitations of this approach. For example, are there certain types of IoT devices or applications that may not be well-suited to SDN management, and if so, what are the implications of this for the overall security and functionality of the network?

Response:

We moved the results analysis to a new subsection 7.3 and added the following text to section 8 “Discussion”:

The IoT presents a set of security challenges due its wide application areas and the large number of devices involved. Researchers have proposed a range of solutions to be integrated into the IoT network to enhance its management and to mitigate potential threats, those studied in this paper are mainly: SDN, machine learning, and blockchain. While these approaches show promise, it is important to also consider their potential drawbacks to ensure that they can be integrated effectively and provide robust security for IoT networks. Among these drawbacks, we cite the device compatibility. Regarding the design of some IoT devices conceived for conventional networks, it causes an inconvenience while integrating SDN paradigm. To overcome such issue, the adoption of specific protocols allowing such adaptation between SDN and IoT devices presents a solution. Besides, while SDN management can provide greater security and control over the network, it can also introduce new security risks. For example, if the SDN controllers or switches are compromised, the entire network may be at risk. Additionally, the use of centralized controllers can create a single point of failure, making the network more vulnerable to attacks. It is important to implement strong security measures and protocols to mitigate these risks. Another potential limitation of using SDN management for IoT networks is its scalability. While SDN management can provide greater control and flexibility over the network, it may not be as easily scalable as other network management approaches. This can limit the ability of the network to grow and evolve over time, and may require additional resources or restructuring to accommodate future expansion. In summary, while SDN management can provide many benefits for IoT networks in terms of security, control, and flexibility, there are also potential drawbacks and limitations to consider. It is important to carefully evaluate the specific needs and requirements of the network, and to implement strong security measures and protocols to mitigate potential risks.

 Comment 2:

The section on DDoS attacks is quite comprehensive, but it would be beneficial to see more discussion of other types of security threats that may be relevant to IoT networks, such as malware, ransomware, or phishing attacks. Including a broader range of security issues could help to contextualize the importance of DDoS prevention and mitigation within the larger landscape of IoT security.

Response:

We added in section 2 “ DDoS attack in IoT” the following text as well as some relevant references discussing the IoT threats like [29]:

“IoT networks are vulnerable to a wide range of security threats, including malware, ransomware, phishing attacks, and Distributed denial of service (DDoS) attacks. Malware attacks can exploit vulnerabilities in IoT devices and can be used to gain unauthorized access to the device or to other parts of the network. Ransomware attacks involve the encryption of data on IoT devices and can be particularly damaging in IoT networks. Phishing attacks can be used to gain access to IoT devices or to launch other types of attacks, such as DDoS attacks.

DDoS attacks in IoT networks are different from other IoT attacks in several ways. It can involve a large number of compromised devices, making them capable of generating massive amounts of traffic. This can make them more difficult to be detected and mitigated which can cause widespread disruption to network services. Unlike other types of IoT attacks that may focus on stealing data or gaining control of devices, DDoS attacks in IoT networks can directly impact the availability of network services and devices, causing significant disruption to business operations or even critical infrastructure. DDoS attacks in IoT networks often involve the use of botnets, which are networks of compromised devices that can be controlled remotely by the attacker. Botnets are difficult to be detected, and can be used for other types of attacks as well. IoT devices are often designed with limited security controls, making them vulnerable to exploitation by attackers.”

Comment 3:

While the proposed solution for a secure IoT system based on SDN with a multi-controller and Blockchain is intriguing, it would be helpful to have a more detailed discussion of the practical challenges involved in implementing such a system. For example, what are the potential costs and resource requirements of deploying multiple controllers for network management, and how might the use of Blockchain impact network performance or scalability?

Response:

We moved the results analysis to a new subsection 7.3 and added the following text to section 8 “Discussion”:

Consequently, while the proposed solution for securing IoT systems using SDN with a multi-controller and blockchain technology is promising, there are practical challenges that must be considered when implementing such a system.
Among these challenges, we cite the potential cost and resource requirements of deploying multiple controllers for network management. The deployment of multiple controllers can require significant resources, including hardware, software, and network infrastructure. Additionally, it may be necessary to employ skilled personnel to manage and supervise the controller's operation. It is important to carefully evaluate the cost-benefit trade-offs of using multiple controllers in the context of the specific IoT deployment. Thus, the number of controllers to be deployed should be effective and efficient to optimize in required resources and costs.

Besides, another challenge that must be considered is the impact of blockchain technology on network performance and scalability. The use of blockchain technology introduces additional overhead and latency to the network, which can impact the performance of the system and the user experience. This can be particularly challenging in IoT environments, where real-time data processing and low latency are often critical requirements. In addition, the use of blockchain technology can impact the scalability of the system. Specifically, while the number of transactions and nodes is increased in public blockchain, a scalability issue is raised.  For this purpose, the proposed system considers a private blockchain to manage the secure communications between the multiple controllers. The number of transactions is also moderated since the ANN model is handling the data to be exchanged in a secure way via blockchain.

To address these challenges, it is important to carefully evaluate the specific requirements and constraints of the IoT system and to consider the compromise between security, cost, and performance. This could involve conducting a thorough risk assessment to identify potential security threats and vulnerabilities, and adopting new system architecture that balances security requirements with the available resources and performance constraints. It could also involve leveraging techniques and methods related to the adaptation of blockchain and SDN controllers to optimize the system’s performance and to ensure that it meets the specific requirements of the IoT deployment."

Comment 4:

The review of detection and mitigation techniques based on SDN, Blockchain, and machine learning models is quite informative, but it would be beneficial to see more discussion of how these different approaches could be combined or integrated to create a more comprehensive security solution for IoT networks. For example, how might machine learning algorithms be used to improve the accuracy and efficiency of DDoS detection within an SDN-managed IoT network that also utilizes Blockchain for secure communication?

Response:

To the best of our knowledge, there is no existing work combining these technologies to address this issue.

Comment 5:

There are not enough citations in the introduction section. Using the below four key references in the introduction section, discuss a few sentences about the paper's topic and new state-of-the-art subjects.

https://ieeexplore.ieee.org/abstract/document/10023500

https://link.springer.com/article/10.1007/s10586-022-03776-z

https://www.mdpi.com/1424-8220/22/11/4182

https://www.mdpi.com/2076-3417/12/9/4245

Response:

We added the suggested references as well as other relevant ones.

Comment 6:

Finally, the paper would benefit from a more detailed discussion of the implications of the proposed secure IoT system for end-users and other stakeholders. For example, how might the implementation of this system impact the user experience of IoT devices, and what steps might need to be taken to ensure that end-users are able to easily understand and interact with the system's security features? Additionally, what are the potential economic and regulatory implications of deploying such a system on a large scale, and how might these factors impact its overall feasibility and adoption?

Response:

We addressed this issue in the revised manuscript through the  Section 8 “Discussion”.

Reviewer 3 Report

Line 325, need to explain how does having "multiple controllers" make the system "more flexible, allowing for easy management"? 

 

Line 334, need to explain how "Blockchain then blocks any traffic". Blockchain is a distributed ledger. Blockchain will not block traffic.

 

Line 346 to Line 348 need to be re-phrase. This statement does not make sense.

 

Line 357, stated "Data preprocessing" but Figure 5 stated "Data Preparation". It is not consistent.

 

Line 405, need to explain what is "category field"?

 

Line 406, there is a typo error "10iot architecture"

 

Author Response

Response to Reviewer 3 Comments

We want to thank you for all your helpful feedback. We have found that your comments are very interesting and contribute to the improvement of the paper. All suggested changes have been incorporated as shown in the revised manuscript.

Comment 1:

Line 325, need to explain how does having "multiple controllers" make the system "more flexible, allowing for easy management"?

Response:

We replaced “By having multiple controllers in the network, the system is more flexible, allowing for easy management of the network and dynamic configuration of the security policies.” by

 "Having multiple controllers in an SDN-managed IoT network facilitates to scale up or down the network by adding or removing controllers as needed. This makes the management of large IoT networks easier, and allows for greater flexibility in network design. Also, such distributed SDN networks allow fault tolerance: in the event of a failure or malfunction of one controller, other controllers can take over the network management tasks, ensuring that the network remains operational and secure. In addition, the distribution of network management tasks allows load balancing that could reduce the burden on one controller and improve network performance.”

Comment 2:

Line 334, need to explain how "Blockchain then blocks any traffic". Blockchain is a distributed ledger. Blockchain will not block traffic.

Response:

We agree with you that Blockchain is a distributed ledger and it can not block traffic by itself. Thus, to avoid any misunderstanding we modified the text as follows : “The Blockchain serves as a distributed ledger that maintains a secure and tamper-proof record of the traffic type (normal or malicious). By using a Blockchain at the control plane level, it is possible to ensure that each switch has a consistent and up-to-date version of rules, and that any change or update made to the rules are recorded and verified across the network. Once the ANN model identifies an attack, the Blockchain is updated with the information on the attack, and the information is shared securely with the other controllers. Hence, any traffic that matches the characteristics of the attack, will be denied to reach network resources and illegitimate traffic of DDoS attacks could be detected and blocked by Firewalls of the data plane. Consequently, the ANN model helps in optimizing traffic payload which reduces network congestion and improves the overall performance of the network. ”

 Comment 3:

Line 346 to Line 348 need to be re-phrase. This statement does not make sense.

Response:

 The mentioned lines are replaced by “In this paper, the  implementation of the ANN-based detection system is described and its results are analyzed in the following subsections”.

 Comment 4:

Line 357, stated "Data preprocessing" but Figure 5 stated "Data Preparation". It is not consistent.

Response:

 We changed “Data Preparation” in the figure to “Data preprocessing”.

 Comment 5:

Line 405, need to explain what is "category field"?

Response:

This field “category” presents a feature in the dataset, we added a subsubsection “7.1.1 Dataset description” that  contains the following text, to clarity the research findings :

The "Novel SDN Dataset for Intrusion Detection in IoT Networks" [52] is used in this work. This dataset is designed to support research in intrusion detection for IoT net-works using SDN. It contains network traffic captured from a software-defined network (SDN) in an Internet of Things (IoT) environment during various cyber-attacks launched by four attacker hosts against a server and other simulated IoT devices exchanging a large amount of data. The attacks include DoS, DDoS, port scanning, OS fingerprinting, and fuzzing. They were performed with different configurations 10 to 12 times each, depending on the attack type. The testbed used in the experiment was set up using Mininet to simulate an IoT network. It was similar to the Bot-IoT setup and managed by the ONOS controller. The size of the normal traffic is about 2.67M representing 8.84% of the whole traffic, while DDoS traffic size is around 182K, the rest of the traffic is related to the other attacks.

 This dataset provides a rich set of features that can be used to develop and evaluate intrusion detection systems for IoT networks such as packet counts, byte counts, source and destination IP addresses, port numbers, category, and more. These features are used to develop machine learning models or other analytical techniques that can automatically identify and flag anomalous network activity.

 Comment 6:

Line 406, there is a typo error "10iot architecture"

Response:

Yes, we corrected it.

Round 2

Reviewer 1 Report

The paper is suitable for publication in its current form.

Author Response

Thank you, we appreciate that you find our paper suitable for publication in its current form.

Reviewer 2 Report

It can be accepted now.

Author Response

Thank you, we appreciate that you find our paper suitable for publication in its current form.

Back to TopTop