Figure - available from: Transactions on Emerging Telecommunications Technologies
This content is subject to copyright. Terms and conditions apply.
Source publication
Software defined networking (SDN) is the next‐generation network. SDN enhances the programming flexibility, speed and automation to improve the network's performance. In recent times SDN has played a vital role in networking technology. It communicates with underlying hardware infrastructure and directs traffic on a network. The most complicated is...
Citations
... In [16], a new ID and prevention system (IDPS) was modelled in the presented method for solving SDN's problems stated above. In this technique, a graded rated unit (GRU) DL technique and LSTM method were modelled as the "Block-Attack" method. ...
Distributed Denial of Service (DDoS) attacks pose a challenging threat to the availability and performance of cloud-based Software-Defined Networks (SDNs). Detection and classification of DDoS attacks in such dynamic and highly virtualized environments is critical to maintaining network stability and ensuring uninterrupted services. Therefore, this study develops a metaheuristic with Multi-Layer Ensemble Deep Reinforcement Learning for DDoS Attack Detection and Mitigation (MMEDRL-ADM) technique in the Cloud SDN Environment. The presented MMEDRL-ADM technique leverages metaheuristics with deep learning model for the recognition of DDoS attacks in the SDN data plane. To accomplish this, the presented MMEDRL-ADM technique initially preprocesses the network data. Next, the MMEDRL-ADM technique designs African buffalo optimization algorithm-based feature selection (ABO-FS) to reduce the computation complexity and increase the detection rate. For DDoS attack detection, the multilayer ensemble deep reinforcement learning (MEDRL) technique is used. To adjust the hyperparameter values of the MEDRL technique, an improved grasshopper optimization algorithm (IGOA) is exploited. The design of MEDRL approach with IGOA based hyperparameter tuning demonstrates the novelty of the work. The experimental validation of the MMEDRL-ADM system is tested under a benchmark dataset. The comparison study highlighted the improved performance of the MMEDRL-ADM technique over other models.
... The last encoding process generates a lowdimension feature as the input to train the OC-SVM to classify malicious traffic. The authors [27] proposed DL-based block attack models, such as LSTM and gated recurrent unit (GRU), to address DDoS attacks. The main objective of employing GRU and LSTM in the proposed approach is to enhance the accuracy of identifying DDoS attacks in an SDN environment. ...
... To overcome statistical methods, ML and DL techniques were applied. For instance, [22], [25] discuss ML techniques, and [5], [26], [27] present DL techniques to detect malicious network activities in SDN ecosystems. In [22], [25], they employed decision tree (DT), k-nearest neighbor (k-NN), naive Bayes (NB), random forest (RF), and support vector machine (SVM) ML models to detect and classify cyber-attacks. ...
... However, these models need to be more reliable for more attack classes. In [5], [26], [27], various DL techniques were implemented using DNN, CNN, LSTM, and GRU models. However, most DL techniques have a high computation cost and more memory consumption. ...
Unauthorized users may attack centralized controllers as an attractive target in software-defined networking (SDN)-based industrial cyber-physical systems (CPS). Managing high-complexity deep learning (DL)-based intrusion classification to recognize and prevent attacks in the industrial Internet of Things (IIoT) networks with low-latency requirements is challenging. Moreover, a centralized DL-based intrusion detection system (IDS) leads to privacy concerns and communication overhead issues during data uploading to a cloud server for training processes in IIoT environments. This study proposes federated learning (FL)-based low-complexity intrusion detection and classification in SDN-enabled industrial CPS. This framework utilizes Chi-square and Pearson correlation coefficient (PCC) feature selection methods to select potential features, which help reduce the model’s complexity and boost performance. The proposed model evaluated the SDN and IIoT-related InSDN and Edge-IIoTset datasets. The model measurement shows that the proposed model achieves high accuracy, low computational cost, and a low-complexity model architecture compared with state-of-the-art approaches.
... Jagtap et al. [21] proposed a novel intrusion detection and prevention system to prevent DDoS a acks. The authors introduced a long short-term memory (LSTM) and graded rated unit (GRU) deep learning model as the "block-a ack" model, where the LSTM and GRU contribute to enhancing the rate of accuracy in detecting DDoS a acks in an SDN environment. ...
Smart cities have experienced significant growth in recent years, transforming people’s lives into a more futuristic version. The smart city initiative includes a diverse collection of specifications, encompassing a large number of users whose requirements vary significantly and heterogeneously. Each device in smart cities generates a significant amount of data, which places a load on the gateways. Smart cities face a major challenge due to the enormous amount of data they generate. Through software-defined networking (SDN), network information paths are optimized, ensuring that traffic flow is evenly distributed across all network nodes. A considerable number of IoT devices with limited resources are susceptible to various security threats, such as device hijacking, ransomware, man-in-the-middle (MiM) attacks, and distributed denial-of-service (DDoS) attacks. These threats can pose a severe challenge to network security. Additionally, DDoS attacks have disrupted web businesses, resulting in the loss of valuable data. To counter DDoS attacks in a smart city, several options exist, yet many challenges remain. This research presents a secure and intelligent system to combat DDoS attacks on smart cities. SDN security controllers and machine learning models with optimization are employed in this study to reduce the impact of common DDoS attacks on smart cities. This work utilizes an SDN based on security controllers and a detection mechanism rooted in a machine learning model with optimization to mitigate various types of prevalent DDoS attacks within smart cities. Employing binary classification, XGBoost achieved an accuracy of 99.99%, precision of 97%, recall of 99%, an F1 score of 98%, and a false-positive rate of 0.05. In multiclass classification, the average accuracy is 99.29%, precision is 97.7%, recall is 96.69%, and the F1 score is 97.51%. These results highlight the superiority of this approach over other existing machine learning techniques.
... Authors in Reference [41] used the K-medoid technique to handle the CICDDoS2019 dataset features. Moreover, SVM is effective in preventing DDoS attacks in a Mininet-based emulation. ...
The growing popularity of Software Defined Networks (SDN) and the Internet of Things (IoT) has led to the emergence of Software Defined Internet of Things (SDIoT) based on centralized network management by the Control Plane, which can handle the dynamic nature of IoT devices and the high volume of network traffic. However, due to their specific design, SDIoTs are the ideal target for Distributed Denial of Service (DDoS) attacks, becoming one of the most destructive threats. Machine learning (ML) techniques are best suited to solve this problem due to the recent growth and sophistication of DDoS attacks. In this study, we propose an enhanced deep learning approach based on combining AutoEncoder (AE) and Extreme Gradient Boosting (XGBoost). First, we applied the SHapley Additive exPlanations (SHAP) feature selection method to select the appropriate features subset according to their correlation results. Next, the AE is trained on the previous subset to learn a compact representation of the input features. The latent representation generated by the AE is then used as input for the XGBoost model, which is trained to predict the target variable and classify the traffic as usual or attack. In parallel, Grid Search Cross Validation (GSCV) is used to find the optimal hyperparameters for the AE‐XGBoost. The experimental results using two publicly available realistic SDN‐Iot datasets demonstrate that the proposed approach enables precise identification of DDoS attacks in SDIoT networks, achieving a 99.9920% accuracy, an F1 score of 0.999917, and a low false positive rate. Furthermore, the proposed model's performance exceeds that of the models used for comparison.
Software Defined Networking (SDN) has become popular due to its flexibility and agility in network management, enabling rapid adaptation to changing business requirements, enhancing network performance, and reducing operational costs. However, the ubiquity of internet-based services has given rise to an alarming increase in cyber-attacks, posing serious threats to the security and stability of modern networks. Among these attacks, Distributed Denial of Service (DDoS) attacks have emerged as one of the most devastating, capable of disrupting critical services. Recent studies have shown that Deep Learning (DL) techniques with Software-defined networking have the potential to mitigate these threats effectively. However, existing solutions suffer from issues such as reliance on pre-defined rules and signatures, computational efficiency, low detection rates, and inefficient notification mechanisms, making them ineffective in detecting DDoS attacks. This paper proposes an efficient approach (BRS + CNN) using Balanced Random Sampling (BRS) and Convolutional Neural Networks (CNNs) to detect DDoS attacks in SDN environments. We have applied various mitigation techniques to mitigate these threats, such as filtering, rate limiting, and iptables rule for blocking spoofed IPs. In addition, we introduce a monitoring system that utilizes rate-limiting to oversee blocked IP addresses, ensuring that legitimate traffic is processed efficiently. The proposed model achieves high performance in binary and multi-classification, with an accuracy of over 99.99% for binary classification and 98.64% for multi-classification. Our proposed DDoS detection system not only detects the attack but also sends detailed contextual information to a designated email address. We compare our model with existing literature and demonstrate its superiority using Area Under The Curve (AUC) analysis. Moreover, we evaluated the efficiency and effectiveness of our proposed DDoS mitigation system by conducting a series of experiments across three distinct scenarios: Attack-Free, Attack-No Mitigation, and Attack-Mitigation. These results demonstrate the robustness of our proposed mitigation system in effectively combating DDoS attacks while also safeguarding the seamless continuity of regular network operations.
DDoS attacks, powered by botnets to flood network resources, pose a significant threat to traditional network setups. Software-Defined Networking (SDN) boosts network adaptability and programmability by separating the control and data planes. However, the centralized control in SDN can be a vulnerability, allowing attackers to exploit security flaws and launch DDoS attacks. These attacks overwhelm network controllers and switches, consuming bandwidth and server resources, and disrupting regular user access. In response to the threat, we've implemented an online SDN defence system designed to detect and counter such attacks. This system includes modules for both spotting anomalies and handling them. The anomaly detection model combines Convolutional Neural Network and Long Short-Term Memory (CNN-LSTM) techniques to effectively spot irregular traffic patterns. For mitigation, the model identifies abnormal traffic by implementing flow rule orders from the controller and traces back to the attacker via IP tracing. To measure our approach's effectiveness, we used various evaluation metrics like Accuracy, F-measure, Precision, Recall, ROC Curve, and Precision-Recall Curve. Our methodology displayed impressive results, achieving a 99.83% accuracy in multiclass classification and 99.17% accuracy in binary classification. In comparison with existing DDoS detection systems, our AI-driven mitigation techniques demonstrated their superiority. Overall, our research aims to streamline the detection and mitigation of DDoS attacks.
With the explosive growth of Internet traffic, large sensitive and valuable information is at risk of cyber attacks, which are mostly preceded by network reconnaissance. A moving target defense technique called host address mutation (HAM) helps facing network reconnaissance. However, there still exist several fundamental problems in HAM: 1) current approaches cannot be self-adaptive to adversarial strategies. 2) network state is time-varying because each host decides whether to mutate IP address. 3) most methods mainly focus on enhancing security, but ignore the survivability of existing connections. In this paper, an Intelligence-Driven Host Address Mutation (ID-HAM) scheme is proposed to address aforementioned challenges. We firstly model a Markov decision process (MDP) to describe the mutation process, and design a seamless mutation mechanism. Secondly, to remove infeasible actions from the action space of MDP, we formulate address-to-host assignments as a constrained satisfaction problem. Thirdly, we design an advantage actor-critic algorithm for HAM, which aims to learn from scanning behaviors. Finally, security analysis and extensive simulations highlight the effectiveness of ID-HAM. Compared with state-of-the-art solutions, ID-HAM can decrease maximum 25% times of scanning hits while only influencing communication slightly. We also implemented a proof-of-concept prototype system to conduct experiments with multiple scanning tools.
With rapid development of emerging technologies for Internet of Things (IoT), digital twins (DT) have been proposed to support a wide variety of applications. A mobile network is expected to be integrated with DT to form a DT mobile network (DTMN). Unfortunately, DTMN still faces security threats, which have attracted great research attention. Current defense mechanisms are mostly static, i.e., responding after attacks happening. To solve the aforementioned problem, moving target defense (MTD) has been proposed as an innovative solution. However, there exist three major challenges when applying MTD into DTMN. Firstly, less emphasis was paid to collaborative scheduling between multiple MTD schemes, which can improve the security of DTMN. Secondly, MTD schemes require lots of network resources, but few works focus on the time allocation of multiple MTD schemes to reduce network resource consumption. Thirdly, existing defense strategies only rely on current information, but do not consider future information. In this paper, we propose a collaborative mutation-based MTD (CM-MTD) in DTMN. We mainly consider two MTD schemes called host address mutation (HAM) and route mutation (RM), respectively, which adjust network properties and invalidate different stages of cyber kill chain. We firstly formulate a semi-Markov decision process (SMDP) to model time-varying security events and dynamic deployment of multiple MTD schemes. Then, security events are predicted by long short-term memory (LSTM), which are regarded as network states in SMDP. Next, infeasible actions that do not satisfy network constraints will be removed from the action space of the SMDP. Lastly, we design a hierarchical deep reinforcement learning algorithm for collaborative scheduling. Simulation results highlight the effectiveness of CM-MTD compared with baseline solutions.
