BSDN-HMTD: A blockchain supported SDN framework for detecting DDoS attacks using deep learning method

IF 5 3区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Egyptian Informatics Journal Pub Date : 2024-08-09 DOI:10.1016/j.eij.2024.100515

Parthasarathy Ramadass , Raja shree Sekar , Saravanan Srinivasan , Sandeep Kumar Mathivanan , Basu Dev Shivahare , Saurav Mallik , Naim Ahmad , Wade Ghribi

{"title":"BSDN-HMTD: A blockchain supported SDN framework for detecting DDoS attacks using deep learning method","authors":"Parthasarathy Ramadass , Raja shree Sekar , Saravanan Srinivasan , Sandeep Kumar Mathivanan , Basu Dev Shivahare , Saurav Mallik , Naim Ahmad , Wade Ghribi","doi":"10.1016/j.eij.2024.100515","DOIUrl":null,"url":null,"abstract":"<div><p>The surge in Distributed Denial of Service (DDoS) attacks within SDN environments demands more potent defense strategies. While Moving Target Defense (MTD) holds promise, current MTD approaches against DDoS suffer from security gaps due to overwhelming malicious traffic and static detection areas. In order to tackle these difficulties, we have implemented BSDN-HMTD, a combination of deep learning and blockchain technologies within SDN environments, as a framework. Our strategy starts by employing blockchain technology to authenticate users. We use the NTRU-based Nyberg Rueppel Digital Signature Algorithm for this purpose. This ensures that only authenticated user flows are allowed for validation and forwarding. Within the forwarding layer, Quantum Convolutional Neural Networks (QCNN) evaluate authentic flows by analyzing many characteristics, effectively differentiating between regular, malicious, and dubious flows. Utilizing an Enhanced Spotted Hyena Optimization (EHSO) method to activate switches in real-time modifies the vulnerable points of attack, so impeding attackers and simultaneously decreasing energy usage. The Forwarding Layer Organizer (FLO) oversees the detection of possible attacker surveillance activities and transmits the collected information to local controllers in the control layer. The controllers, functioning in a structured controller network, carry out proactive Moving Target Defense (MTD) techniques, such as host virtual IP hopping, which make attacker plans more complex and raise their operational expenses. Reactive MTD actions are implemented based on the results of flow validation. These actions utilize techniques such as secure honeypots and host virtual IP hopping to effectively prevent attacks. The blockchain securely logs all processed data related to packet validation, authentication, and honeypot activities to ensure the protection of data privacy. Our studies, conducted using Network Simulator-3.26 (NS-3.26), show that our proposed framework outperforms existing techniques in terms of several validation criteria.</p></div>","PeriodicalId":56010,"journal":{"name":"Egyptian Informatics Journal","volume":null,"pages":null},"PeriodicalIF":5.0000,"publicationDate":"2024-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1110866524000781/pdfft?md5=106b56b65cce02c0e4993fa51d38b93a&pid=1-s2.0-S1110866524000781-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Egyptian Informatics Journal","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1110866524000781","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The surge in Distributed Denial of Service (DDoS) attacks within SDN environments demands more potent defense strategies. While Moving Target Defense (MTD) holds promise, current MTD approaches against DDoS suffer from security gaps due to overwhelming malicious traffic and static detection areas. In order to tackle these difficulties, we have implemented BSDN-HMTD, a combination of deep learning and blockchain technologies within SDN environments, as a framework. Our strategy starts by employing blockchain technology to authenticate users. We use the NTRU-based Nyberg Rueppel Digital Signature Algorithm for this purpose. This ensures that only authenticated user flows are allowed for validation and forwarding. Within the forwarding layer, Quantum Convolutional Neural Networks (QCNN) evaluate authentic flows by analyzing many characteristics, effectively differentiating between regular, malicious, and dubious flows. Utilizing an Enhanced Spotted Hyena Optimization (EHSO) method to activate switches in real-time modifies the vulnerable points of attack, so impeding attackers and simultaneously decreasing energy usage. The Forwarding Layer Organizer (FLO) oversees the detection of possible attacker surveillance activities and transmits the collected information to local controllers in the control layer. The controllers, functioning in a structured controller network, carry out proactive Moving Target Defense (MTD) techniques, such as host virtual IP hopping, which make attacker plans more complex and raise their operational expenses. Reactive MTD actions are implemented based on the results of flow validation. These actions utilize techniques such as secure honeypots and host virtual IP hopping to effectively prevent attacks. The blockchain securely logs all processed data related to packet validation, authentication, and honeypot activities to ensure the protection of data privacy. Our studies, conducted using Network Simulator-3.26 (NS-3.26), show that our proposed framework outperforms existing techniques in terms of several validation criteria.

查看原文本刊更多论文

BSDN-HMTD：利用深度学习方法检测 DDoS 攻击的区块链支持 SDN 框架

在 SDN 环境中，分布式拒绝服务（DDoS）攻击激增，需要更有力的防御策略。虽然移动目标防御（MTD）前景广阔，但目前针对 DDoS 的 MTD 方法存在安全漏洞，原因是恶意流量过大和检测区域静态。为了解决这些难题，我们实施了 BSDN-HMTD，将 SDN 环境中的深度学习和区块链技术结合起来作为一个框架。我们的策略首先采用区块链技术来验证用户身份。为此，我们使用了基于 NTRU 的 Nyberg Rueppel 数字签名算法。这可以确保只有经过验证的用户流才允许进行验证和转发。在转发层中，量子卷积神经网络（QCNN）通过分析许多特征来评估真实流量，从而有效区分正常流量、恶意流量和可疑流量。利用增强型斑点鬣狗优化（EHSO）方法实时激活交换机，修改易受攻击点，从而阻止攻击者，同时减少能源使用。转发层组织器（FLO）负责检测可能的攻击者监视活动，并将收集到的信息传送给控制层的本地控制器。控制器在一个结构化的控制器网络中运行，执行主动的移动目标防御（MTD）技术，如主机虚拟 IP 跳转，这使攻击者的计划更加复杂，并提高了他们的运营成本。根据流量验证结果实施反应式 MTD 行动。这些行动利用安全 "巢穴 "和主机虚拟 IP 跳转等技术来有效防止攻击。区块链会安全记录所有与数据包验证、身份验证和 "巢穴 "活动相关的处理数据，以确保数据隐私得到保护。我们使用网络模拟器-3.26（NS-3.26）进行的研究表明，我们提出的框架在多个验证标准方面优于现有技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Egyptian Informatics Journal Decision Sciences-Management Science and Operations Research

CiteScore

11.10

自引率

1.90%

发文量

审稿时长

110 days

期刊介绍： The Egyptian Informatics Journal is published by the Faculty of Computers and Artificial Intelligence, Cairo University. This Journal provides a forum for the state-of-the-art research and development in the fields of computing, including computer sciences, information technologies, information systems, operations research and decision support. Innovative and not-previously-published work in subjects covered by the Journal is encouraged to be submitted, whether from academic, research or commercial sources.