An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers
- A new dataset comprising of normal and malicious (DDoS) traffic developed using Mininet and the Floodlight controller is collated.
- A DDoS defence mechanism based on the trained model for the identification and mitigation of DDoS attacks on the SDN controller is introduced.
- The performance of the selected deep learning candidate is compared with that of other machine learning linear models. These models are k-nearest neighbor (KNN), logistic regression, linear support vector classifier (LinearSVC), support vector classifier (SVC), decision tree, random forest, gradient boosting, Gaussian naïve Bayes (NB), Bernoulli NB, and multinomial NB. These models and the selected candidate model are trained based on the same generated dataset.
- The performance analysis of linear-based ML and neural network models in the detection and mitigation of DDoS flood attacks was done using various train–test split ratios (60/40, 70/30, and 80/20).
2. Related Work
- The number of packets received at each switch
- The number of packets transmitted at each switch
- Packet count (number of packets of each flow)
- Protocol type (TCP, UDP or ICMP)
- Source IP
- Destination IP
- The normal operation of the network is constant (the exchange of information between nodes has a particular profile), which forms the basis of our anomaly detection and defence mechanism.
- The training of the detection engine is done off-device; the model is only exported and used on the controller.
3.2. Simulation Test Bed
- Number of hosts connected to each OpenFlow switch
- Number of packets (transmit and receive) of each OpenFlow switch
- Delay in millisecond (Round-Trip Time)
- Type of Transmission Protocol (TCP, UDP, or ICMP)
- Source IP
- Destination IP
3.3. Scenarios Considered
3.4. Detection and Defence Mechanism
4. Results and Discussion
4.1. Detection of DDoS Attack Using LSTM Model
4.2. Mitigation of DDoS Attack Using LSTM Model
4.3. Comparison of the LSTM Model with the Best Performing Linear-Based ML Models
5. Conclusions and Future Work
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
- McKeown, N.; Anderson, T.; Balakrishnan, H.; Parulkar, G.; Peterson, L.; Rexford, J.; Shenker, S.; Turner, J. OpenFlow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 2008, 38, 69–74. [Google Scholar] [CrossRef]
- Sangodoyin, A.; Sigwele, T.; Pillai, P.; Hu, Y.F.; Awan, I.; Disso, J. DoS Attack Impact Assessment on Software Defined Networks. In Proceedings of the International Conference on Wireless and Satellite Systems, WiSATS 2017: Wireless and Satellite Systems, Oxford, UK, 14–15 September 2017; pp. 11–22. [Google Scholar]
- Abhiroop, T.; Babu, S.; Manjo, B.S. A Machine Learning Approach for Detecting DoS Attacks in SDN Switches. In Proceedings of the Twenty Fourth National Conference on Communications (NCC), Hyderabad, India, 25–28 February 2018; pp. 1–8. [Google Scholar]
- Conti, M.; Gangwal, A.; Gaur, M.S. A comprehensive and effective mechanism for DDoS detection in SDN. In Proceedings of the IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Rome, Italy, 9–11 October 2017; pp. 1–8. [Google Scholar] [CrossRef]
- Dotcenko, S.; Vladyko, A.; Letenko, I. A fuzzy logic-based information security management for software-defined networks. In Proceedings of the 16th International Conference on Advanced Communication Technology, Pyeongchang, Korea, 16–19 February 2014; pp. 167–171. [Google Scholar] [CrossRef][Green Version]
- Prakash, A.; Priyadarshini, R. An Intelligent Software defined Network Controller for preventing Distributed Denial of Service Attack. In Proceedings of the Second International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, India, 20–21 April 2018; pp. 585–589. [Google Scholar] [CrossRef]
- Phan, T.V.; Toan, T.V.; Tuyen, D.V.; Huong, T.T.; Thanh, N.H. OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks. In Proceedings of the IEEE Sixth International Conference on Communications and Electronics (ICCE), Ha Long, Vietnam, 27–29 July 2016; pp. 13–18. [Google Scholar] [CrossRef]
- Ye, J.; Cheng, X.; Zhu, J.; Feng, L.; Song, L. A DDoS Attack Detection Method Based on SVM in Software Defined Network. Secur. Commun. Netw. 2018, 2018, 1–8. [Google Scholar] [CrossRef]
- Sahoo, K.S.; Iqbal, A.; Maiti, P.; Sahoo, B. A Machine Learning Approach for Predicting DDoS Traffic in Software Defined Networks. In Proceedings of the International Conference on Information Technology (ICIT), Bhubaneswar, India, 19–21 December 2018; pp. 199–203. [Google Scholar] [CrossRef]
- Mohammed, S.S. A New Machine Learning-based Collaborative DDoS Mitigation Mechanism in Software-Defined Network. In Proceedings of the 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Limassol, Cyprus, 15–17 October 2018; pp. 1–8. [Google Scholar] [CrossRef]
- Yang, L.; Zhao, H. DDoS Attack Identification and Defense Using SDN Based on Machine Learning Method. In Proceedings of the 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), Yichang, China, 16–18 October 2018; pp. 174–178. [Google Scholar] [CrossRef]
- Meti, N.; Narayan, D.G.; Baligar, V.P. Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In Proceedings of the International Conference on Advances in Computing, Communications and Informatics (ICACCI), Udupi, India, 13–16 September 2017; pp. 1366–1371. [Google Scholar] [CrossRef]
- He, B.; Zou, F.; Wu, Y. Multi-SDN Based Cooperation Scheme for DDoS Attack Defense. In Proceedings of the Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC), Shanghai, China, 18–19 October 2018; pp. 1–7. [Google Scholar] [CrossRef]
- Ujjan, R.M.A.; Pervez, Z.; Dahal, K. Suspicious Traffic Detection in SDN with Collaborative Techniques of Snort and Deep Neural Networks. In Proceedings of the IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Exeter, UK, 28–30 June 2018; pp. 915–920. [Google Scholar] [CrossRef]
- Liu, Y.; Dong, M.; Ota, K.; Li, J.; Wu, J. Deep Reinforcement Learning based Smart Mitigation of DDoS Flooding in Software-Defined Networks. In Proceedings of the IEEE 23rd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), Barcelona, Spain, 17–19 September 2018; pp. 1–6. [Google Scholar] [CrossRef]
- Tang, T.A.; Mhamdi, L.; McLernon, D.; Zaidi, S.A.R.; Ghogho, M. Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks. In Proceedings of the 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), Montreal, QC, Canada, 25–29 June 2018; pp. 202–206. [Google Scholar] [CrossRef][Green Version]
- Dey, S.K.; Md Rahman, M. Flow Based Anomaly Detection in Software Defined Networking: A Deep Learning Approach With Feature Selection Method. In Proceedings of the 4th International Conference on Electrical Engineering and Information & Communication Technology (iCEEiCT), Dhaka, Bangladesh, 13–15 September 2018; pp. 630–635. [Google Scholar] [CrossRef]
- Tang, T.A.; Mhamdi, L.; McLernon, D.; Zaidi, S.A.R.; Ghogho, M. (2016) Deep learning approach for Network Intrusion Detection in Software Defined Networking. In Proceedings of the International Conference on Wireless Networks and Mobile Communications (WINCOM), Fez, Morocco, 26–29 October 2016; pp. 258–263. [Google Scholar] [CrossRef]
- Yin, C.; Zhu, Y.; Fei, J.; He, X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access 2017, 5, 21954–21961. [Google Scholar] [CrossRef]
- Asad, M.; Asim, M.; Javed, T.; Beg, M.O.; Mujtaba, H.; Abbas, S. DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning. Comput. J. 2019, bxz064. [Google Scholar] [CrossRef]
- Hping3. Available online: https://github.com/antirez/hping (accessed on 27 April 2020).
- NetFilterQueue. Available online: https://github.com/kti/python-netfilterqueue (accessed on 27 April 2020).
|No.||Paper Title||Research Method||Results||Strengths and Limitations|
|1.||OpenflowSIA: An optimized protection scheme for software-defined networks from flooding attacks ||Support Vector Machine (SVM) combined with their own proposed algorithm, idle timeout adjustment (IA)||They showed that their proposed approach differs from previous works and did better than the initial methods used to save the SDN resources|
|2.||A DDoS attack detection method based on SVM in a software-defined network ||Support Vector Machine (SVM)||Their results show an average accuracy rate of 95.24%|
|3.||A machine learning approach for detecting DoS attacks in SDN switches ||Neural Network, Naïve Bayes, SVM||Neural network and naive Bayes provided 100% accuracy with extracted features in their tests, while SVM provided 99% accuracy|
|4.||A machine learning approach for predicting DDoS traffic in software-defined networks ||Linear regression, Naïve Bayes, KNN, Decision tree, Random forest, SVM, ANN||Linear regression achieved high accuracy, precision, and recall results at 98.65%. Naïve Bayes showed the worst results at 97.45%. All others had accuracy between those of linear regression and naïve Bayes.|
|5.||A machine learning-based collaborative DDoS mitigation mechanism in the software-defined network ||Naïve Bayes||They had an average precision of 0.98 for training dataset with all features inclusive and had an average precision of 0.81 for training dataset with seven features removed.|
|6.||An intelligent software-defined network controller for DDoS attack ||KNN, SVM, Naïve Bayes||KNN was most suitable with 97% accuracy than the other two algorithms deployed. SVM had 82%, and Naïve Bayes had 83%|
|7.||DDoS attack identification and defence using SDN based on machine learning method ||SVM||The algorithm produced an accuracy of 0.998.|
|8.||Deep reinforcement learning-based smart mitigation of DDoS flooding in software-defined networks ||Deep reinforcement learning||Their findings demonstrated that the agent could effectively mitigate DDoS flooding attacks of various protocols.|
|9.||Detection of distributed denial of service attacks using machine learning algorithms in software-defined networks ||Naïve Bayes, SVM, Neural network.||The naïve Bayes had an accuracy of up to 70% and SVM and the neural network had the same accuracy of 80%|
|10.||Multi-SDN based cooperation scheme for DDoS attack defence ||SVM||It was observed that the SVM algorithm would achieve more than 98% accuracy on both the attacker and victim side of SYN flooding, ICMP flooding, and DNS reflection attack.|
|G. NAÏVE BAYES||73.49||74.76||74.75||90.30||91.12||91.08||61.50||62.80||62.90|
|B. NAÏVE BAYES||64.08||63.42||63.36||77.90||76.68||76.62||54.30||53.76||53.73|
|M. NAÏVE BAYES||82.61||82.16||82.26||86.90||85.32||86.66||79.60||79.85||79.06|
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Gadze, J.D.; Bamfo-Asante, A.A.; Agyemang, J.O.; Nunoo-Mensah, H.; Opare, K.A.-B. An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers. Technologies 2021, 9, 14. https://doi.org/10.3390/technologies9010014
Gadze JD, Bamfo-Asante AA, Agyemang JO, Nunoo-Mensah H, Opare KA-B. An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers. Technologies. 2021; 9(1):14. https://doi.org/10.3390/technologies9010014Chicago/Turabian Style
Gadze, James Dzisi, Akua Acheampomaa Bamfo-Asante, Justice Owusu Agyemang, Henry Nunoo-Mensah, and Kwasi Adu-Boahen Opare. 2021. "An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers" Technologies 9, no. 1: 14. https://doi.org/10.3390/technologies9010014