A novel DDoS detection method using multi-layer stacking in SDN environment

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2024-10-17 DOI:10.1016/j.compeleceng.2024.109769

Tasnim Alasali, Omar Dakkak

{"title":"A novel DDoS detection method using multi-layer stacking in SDN environment","authors":"Tasnim Alasali, Omar Dakkak","doi":"10.1016/j.compeleceng.2024.109769","DOIUrl":null,"url":null,"abstract":"<div><div>Software Defined Network (SDN) offers virtualized services compatible with infrastructure hosted computing, presenting a flexible, adaptive, and economical network architecture. Switches used in SDN prioritize packet matching in flow tables above packet processing, leaving them open to Denial of Service (DoS) attacks. These attacks, exemplified by Distributed Denial of Service Attacks (DDoS), target a victim while using many infected workstations at once. Due to its scalability and programmability, SDN is being used more and more for network management. However, it has specific security concerns, such as the controller’s susceptibility to cyberattacks, which might result in a single point of failure and network-wide risks. This study proposes a novel DDoS prediction model by developing stacking classifier model consisting of multiple base classifiers for an SDN environment. The proposed model is built on stacking several classifiers at the base level and the Meta level, which mixes varied or heterogeneous learners to provide reliable model results. The findings demonstrate that the proposed stacking model outperforms other existing models with respect to accuracy, sensitivity, specificity, precision, and F1 score. Finally, the stacking classifier model is evaluated in terms of binary classification. The evaluation shows the highest AUC of 0.9537 whereas Random Forest, Decision Tree, and Logistic Regression achieve AUC values around 0.93–0.95.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"120 ","pages":"Article 109769"},"PeriodicalIF":4.0000,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790624006967","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Software Defined Network (SDN) offers virtualized services compatible with infrastructure hosted computing, presenting a flexible, adaptive, and economical network architecture. Switches used in SDN prioritize packet matching in flow tables above packet processing, leaving them open to Denial of Service (DoS) attacks. These attacks, exemplified by Distributed Denial of Service Attacks (DDoS), target a victim while using many infected workstations at once. Due to its scalability and programmability, SDN is being used more and more for network management. However, it has specific security concerns, such as the controller’s susceptibility to cyberattacks, which might result in a single point of failure and network-wide risks. This study proposes a novel DDoS prediction model by developing stacking classifier model consisting of multiple base classifiers for an SDN environment. The proposed model is built on stacking several classifiers at the base level and the Meta level, which mixes varied or heterogeneous learners to provide reliable model results. The findings demonstrate that the proposed stacking model outperforms other existing models with respect to accuracy, sensitivity, specificity, precision, and F1 score. Finally, the stacking classifier model is evaluated in terms of binary classification. The evaluation shows the highest AUC of 0.9537 whereas Random Forest, Decision Tree, and Logistic Regression achieve AUC values around 0.93–0.95.

查看原文本刊更多论文

在 SDN 环境中使用多层堆叠的新型 DDoS 检测方法

软件定义网络（SDN）提供与基础设施托管计算兼容的虚拟化服务，是一种灵活、自适应和经济的网络架构。SDN 中使用的交换机将流量表中的数据包匹配优先级置于数据包处理之上，从而使其容易受到拒绝服务 (DoS) 攻击。这些攻击以分布式拒绝服务攻击（DDoS）为例，目标是同时使用许多受感染工作站的受害者。由于具有可扩展性和可编程性，SDN 被越来越多地用于网络管理。然而，它也有一些特定的安全问题，如控制器易受网络攻击，可能导致单点故障和全网风险。本研究通过为 SDN 环境开发由多个基础分类器组成的堆叠分类器模型，提出了一种新型 DDoS 预测模型。所提出的模型是在基础层和元层堆叠多个分类器而建立的，它混合了不同或异构的学习者，以提供可靠的模型结果。研究结果表明，所提出的堆叠模型在准确度、灵敏度、特异性、精确度和 F1 分数方面都优于其他现有模型。最后，从二元分类的角度对堆积分类器模型进行了评估。评估结果显示，AUC 最高，为 0.9537，而随机森林、决策树和逻辑回归的 AUC 值约为 0.93-0.95。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.