Distributed Denial of Service Classification for Software-Defined Networking Using Grammatical Evolution

IF 2.8 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Future Internet Pub Date : 2023-12-13 DOI:10.3390/fi15120401

E. Spyrou, Ioannis Tsoulos, C. Stylios

{"title":"Distributed Denial of Service Classification for Software-Defined Networking Using Grammatical Evolution","authors":"E. Spyrou, Ioannis Tsoulos, C. Stylios","doi":"10.3390/fi15120401","DOIUrl":null,"url":null,"abstract":"Software-Defined Networking (SDN) stands as a pivotal paradigm in network implementation, exerting a profound influence on the trajectory of technological advancement. The critical role of security within SDN cannot be overstated, with distributed denial of service (DDoS) emerging as a particularly disruptive threat, capable of causing large-scale disruptions. DDoS operates by generating malicious traffic that mimics normal network activity, leading to service disruptions. It becomes imperative to deploy mechanisms capable of distinguishing between benign and malicious traffic, serving as the initial line of defense against DDoS challenges. In addressing this concern, we propose the utilization of traffic classification as a foundational strategy for combatting DDoS. By categorizing traffic into malicious and normal streams, we establish a crucial first step in the development of effective DDoS mitigation strategies. The deleterious effects of DDoS extend to the point of potentially overwhelming networked servers, resulting in service failures and SDN server downtimes. To investigate and address this issue, our research employs a dataset encompassing both benign and malicious traffic within the SDN environment. A set of 23 features is harnessed for classification purposes, forming the basis for a comprehensive analysis and the development of robust defense mechanisms against DDoS in SDN. Initially, we compare GenClass with three common classification methods, namely the Bayes, K-Nearest Neighbours (KNN), and Random Forest methods. The proposed solution improves the average class error, demonstrating 6.58% error as opposed to the Bayes method error of 32.59%, KNN error of 18.45%, and Random Forest error of 30.70%. Moreover, we utilize classification procedures based on three methods based on grammatical evolution, which are applied to the aforementioned data. In particular, in terms of average class error, GenClass exhibits 6.58%, while NNC and FC2GEN exhibit average class errors of 12.51% and 15.86%, respectively.","PeriodicalId":37982,"journal":{"name":"Future Internet","volume":"2 4","pages":""},"PeriodicalIF":2.8000,"publicationDate":"2023-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/fi15120401","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Software-Defined Networking (SDN) stands as a pivotal paradigm in network implementation, exerting a profound influence on the trajectory of technological advancement. The critical role of security within SDN cannot be overstated, with distributed denial of service (DDoS) emerging as a particularly disruptive threat, capable of causing large-scale disruptions. DDoS operates by generating malicious traffic that mimics normal network activity, leading to service disruptions. It becomes imperative to deploy mechanisms capable of distinguishing between benign and malicious traffic, serving as the initial line of defense against DDoS challenges. In addressing this concern, we propose the utilization of traffic classification as a foundational strategy for combatting DDoS. By categorizing traffic into malicious and normal streams, we establish a crucial first step in the development of effective DDoS mitigation strategies. The deleterious effects of DDoS extend to the point of potentially overwhelming networked servers, resulting in service failures and SDN server downtimes. To investigate and address this issue, our research employs a dataset encompassing both benign and malicious traffic within the SDN environment. A set of 23 features is harnessed for classification purposes, forming the basis for a comprehensive analysis and the development of robust defense mechanisms against DDoS in SDN. Initially, we compare GenClass with three common classification methods, namely the Bayes, K-Nearest Neighbours (KNN), and Random Forest methods. The proposed solution improves the average class error, demonstrating 6.58% error as opposed to the Bayes method error of 32.59%, KNN error of 18.45%, and Random Forest error of 30.70%. Moreover, we utilize classification procedures based on three methods based on grammatical evolution, which are applied to the aforementioned data. In particular, in terms of average class error, GenClass exhibits 6.58%, while NNC and FC2GEN exhibit average class errors of 12.51% and 15.86%, respectively.

查看原文本刊更多论文

利用语法进化为软件定义网络进行分布式拒绝服务分类

软件定义网络（SDN）是网络实施的关键范例，对技术进步的轨迹产生了深远影响。分布式拒绝服务（DDoS）是一种特别具有破坏性的威胁，能够造成大规模的网络中断。DDoS 通过模拟正常网络活动生成恶意流量，导致服务中断。当务之急是部署能够区分良性和恶意流量的机制，作为应对 DDoS 挑战的第一道防线。为解决这一问题，我们建议利用流量分类作为对抗 DDoS 的基础策略。通过将流量分为恶意流和正常流，我们为制定有效的 DDoS 缓解策略迈出了关键的第一步。DDoS 的有害影响可能会使网络服务器不堪重负，从而导致服务故障和 SDN 服务器宕机。为了研究和解决这一问题，我们的研究采用了一个数据集，其中包括 SDN 环境中的良性流量和恶意流量。我们利用一组 23 个特征进行分类，为全面分析和开发针对 SDN 中 DDoS 的强大防御机制奠定了基础。最初，我们将 GenClass 与贝叶斯、K-近邻（KNN）和随机森林三种常见分类方法进行了比较。与贝叶斯方法 32.59% 的误差、KNN 方法 18.45% 的误差和随机森林方法 30.70% 的误差相比，所提出的解决方案改善了平均分类误差，误差率为 6.58%。此外，我们还利用了基于语法演变的三种方法的分类程序，并将其应用于上述数据。其中，GenClass 的平均分类错误率为 6.58%，而 NNC 和 FC2GEN 的平均分类错误率分别为 12.51% 和 15.86%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Future Internet Computer Science-Computer Networks and Communications

CiteScore

7.10

自引率

5.90%

发文量

303

审稿时长

11 weeks

期刊介绍： Future Internet is a scholarly open access journal which provides an advanced forum for science and research concerned with evolution of Internet technologies and related smart systems for “Net-Living” development. The general reference subject is therefore the evolution towards the future internet ecosystem, which is feeding a continuous, intensive, artificial transformation of the lived environment, for a widespread and significant improvement of well-being in all spheres of human life (private, public, professional). Included topics are: • advanced communications network infrastructures • evolution of internet basic services • internet of things • netted peripheral sensors • industrial internet • centralized and distributed data centers • embedded computing • cloud computing • software defined network functions and network virtualization • cloud-let and fog-computing • big data, open data and analytical tools • cyber-physical systems • network and distributed operating systems • web services • semantic structures and related software tools • artificial and augmented intelligence • augmented reality • system interoperability and flexible service composition • smart mission-critical system architectures • smart terminals and applications • pro-sumer tools for application design and development • cyber security compliance • privacy compliance • reliability compliance • dependability compliance • accountability compliance • trust compliance • technical quality of basic services.