Abstract
Software-Defined Networking (SDN) outperforms conventional networks in terms of programmability, management, flexibility, and efficiency. This is because SDN separates the control and data planes. The centralised control of devices aids in the prevention of Distributed Denial of Service (DDoS) attacks. The controller has a larger network perspective and has the ability to filter network traffic in order to detect harmful flows. The separation of the control and data planes provided benefits, but it is vulnerable to DDoS attacks. DDoS assaults are difficult to detect and resist in real-time. This is only possible if appropriate features for attack detection are chosen. We intend to employ feature selection methods such as BORUTA, IRelief, Random Forest, Information Gain and Chi-Square Test to obtain the most relevant features for DDoS detection. Moreover, we have devised a strategy to detect and mitigate DDoS attack using tracebacking approach through ONOS Flood Defender (OFD) Application. The application effectively detects different DDoS attack traffic using XGBoost and Multilayer Perceptron algorithms with 99% accuracy and least testing times without adding unnecessary load to the system and mitigates the attack in approximately 3.2 s using tracebacking approach. We have performed our experiment on four benchmark datasets CIC-DoS 2017, CIC-DDoS 2019, CIC-IDS 2018 and InSDN. We have evaluated the trade-off between detection accuracy and testing time in order to determine the most effective detection model for addressing DDoS attacks on SDN networks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Availability of Data and Materials
This article contains all of the data examined during this research work.
References
Alomari, Z., Zhani, M. F., Aloqaily, M., & Bouachir, O. (2020). On minimizing synchronization cost in nfv-based environments. In 2020 16th International Conference on Network and Service Management (CNSM) (pp. 1–9). IEEE.
Aslam, N., Srivastava, S., & Gore, M. (2022) ONOS flood defender: An intelligent approach to mitigate DDoS attack in SDN. Transactions on Emerging Telecommunications Technologies (p e4534)
Aslam, N., Srivastava, S., & Gore, M. (2023) A comprehensive analysis of machine learning-and deep learning-based solutions for DDoS attack detection in SDN. Arabian Journal for Science and Engineering (pp. 1–41).
Assis, M. V., Carvalho, L. F., Lloret, J., & Proença, M. L, Jr. (2021). A GRU deep learning system against attacks in software defined networks. Journal of Network and Computer Applications, 177,
Bindra, N., & Sood, M. (2019). Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset. Automatic Control and Computer Sciences, 53(5), 419–428.
Botta, A., Dainotti, A., & Pescapè, A. (2012). A tool for the generation of realistic network workload for emerging networking scenarios. Computer Networks, 56(15), 3531–3547.
Dotfighter (2021) Torshammer. https://github.com/dotfighter/torshammer, [Online]
Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., & Ghorbani, A. A. (2016, February). Characterization of encrypted and vpn traffic using time-related. In Proceedings of the 2nd international conference on information systems security and privacy (ICISSP) (pp. 407–414).
El Sayed, M. S., Le-Khac, N. A., Azer, M. A., & Jurcut, A. D. (2022). A flow-based anomaly detection approach with feature selection method against ddos attacks in sdns. IEEE Transactions on Cognitive Communications and Networking, 8(4), 1862–1880.
Elsayed, M. S., Le-Khac, N. A., & Jurcut, A. D. (2020). Insdn: A novel SDN intrusion dataset. IEEE Access, 8, 165263–165284.
Grafov (2021) Hulk (http unbearable load king) tool. https://github.com/grafov/hulk, [Online]
Haas, H. (2021) Mausezahn(8) - Linux manual page. https://man7.org/linux/man-pages/man8/mausezahn.8.html. [Online]
Idhammad, M., Afdel, K., & Belouch, M. (2018). Semi-supervised machine learning approach for DDoS detection. Applied Intelligence, 48, 3193–3208.
Jazi, H. H., Gonzalez, H., Stakhanova, N., & Ghorbani, A. A. (2017). Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121, 25–36.
Jiang, Y., Zhang, X., Zhou, Q., & Cheng, Z. (2018). An entropy-based DDoS defense mechanism in software defined networks. In Communications and Networking: 11th EAI International Conference, ChinaCom 2016, Chongqing, China, September 24–26, 2016, Proceedings, Part I 11 (pp. 169–178). Springer International Publishing.
Jose, T., & Kurian, J. (2015). Survey on SDN security mechanisms. International Journal of Computer Applications, 132(14), 0975–8887.
Kachavimath, AV., & Narayan, D. (2021) A deep learning-based framework for distributed denial-of-service attacks detection in cloud environment. In Advances in Computing and Network Communications: Proceedings of CoCoNet 2020 (Vol. 1, pp. 605–618). Springer
Krishnan, P., Duttagupta, S., & Achuthan, K. (2019). Varman: Multi-plane security framework for software defined networks. Computer Communications, 148, 215–239.
Masolo, C. (2023) Cloudflare detects a record 71 million request-per-second DDoS attack. https://www.infoq.com/news/2023/02/cloudflare-ddos-attack/. Accessed: 10 May 2023
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., et al. (2008). OpenFlow: enabling innovation in campus networks. ACM SIGCOMM computer communication review, 38(2), 69–74.
Meitei, IL., Singh, KJ., & De, T. (2016) Detection of ddos dns amplification attack using classification algorithm. In Proceedings of the international conference on informatics and analytics. ACM (pp. 1–6).
Nygren, A. (2021) Openflow switch specification. https://www.opennetworking.org/wp- content/uploads/2014/10/openflow-switch-v1.5.1.pdf, [Online]
de Oliveira, G. W., Nogueira, M., dos Santos, A. L., & Batista, D. M. (2023). Intelligent VNF Placement to Mitigate DDoS Attacks on Industrial IoT. IEEE Transactions on Network and Service Management.
Pitropakis, N., Panaousis, E., Giannetsos, T., Anastasiadis, E., & Loukas, G. (2019). A taxonomy and survey of attacks against machine learning. Computer Science Review, 34, 100199.
Polat, H., Polat, O., & Cetin, A. (2020). Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability, 12(3), 1035.
Priyadarshini, R., & Barik, R. K. (2019). A deep learning based intelligent framework to mitigate DDoS attack in fog environment. Journal of King Saud University-Computer and Information Sciences, 34, 825–831.
Sanfilippo, S .(2021). hping3(8)-linux man page. https://linux.die.net/man/8/hping3, [Online]
Sharafaldin, I., Gharib, A., Lashkari, A. H., & Ghorbani, A. A. (2018). Towards a reliable intrusion detection benchmark dataset. Software Networking, 2018(1), 177–200.
Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1, 108–116.
Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. (2019, October). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST) (pp. 1–8). IEEE.
Tang, D., Yan, Y., Gao, C., Liang, W., & Jin, W. (2023). LtRFT: Mitigate the Low-Rate Data Plane DDoS Attack with Learning-To-Rank Enabled Flow Tables. IEEE Transactions on Information Forensics and Security.
Tuan, N. N., Hung, P. H., Nghia, N. D., Tho, N. V., Phan, T. V., & Thanh, N. H. (2020). A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN. Electronics, 9(3), 413.
Turner, J. (2017) 2017: The year of widespread SDN adoption and DDoS attack mitigation. https://www.networkworld.com/article/3156344/2017-widespread-sdn-adoption-and-ddos-attack-mitigation.html. Accessed: 2022-09-11
Wang, J., & Wang, L. (2022). SDN-defend: A lightweight online attack detection and mitigation system for DDoS attacks in SDN. Sensors, 22(21), 8287.
Xu, Z., Wang, X., & Zhang, Y. (2022). Towards persistent detection of DDoS attacks in NDN: A sketch-based approach. IEEE Transactions on Dependable and Secure Computing, 20, 3449–3465.
Yue, M., Wang, M., & Wu, Z. (2019). Low-high burst: A double potency varying-RTT based full-buffer shrew attack model. IEEE Transactions on Dependable and Secure Computing, 18(5), 2285–2300.
Yue, M., Li, J., Wu, Z., & Wang, M. (2021). High-potency models of ldos attack against cubic+ red. IEEE Transactions on Information Forensics and Security, 16, 4950–4965.
Yungaicela-Naula, N. M., Vargas-Rosales, C., & Perez-Diaz, J. A. (2021). SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning. IEEE Access, 9, 108495–108512.
Funding
The Department of Science and Technology (DST) - Interdisciplinary Cyber-Physical Systems (ICPS) has funded this research, with the research grant number DST/ICPS/CPS-Individual/2018-490 (G).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Ethical Approval
Not Applicable
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Aslam, N., Srivastava, S. & Gore, M.M. ONOS DDoS Defender: A Comparative Analysis of Existing DDoS Attack Datasets using Ensemble Approach. Wireless Pers Commun 133, 1805–1827 (2023). https://doi.org/10.1007/s11277-023-10848-9
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10848-9