Federated Learning Based DDoS Attacks Detection in Large Scale Software-Defined Network

IF 3.6 2区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Computers Pub Date : 2024-10-04 DOI:10.1109/TC.2024.3474180

Yannis Steve Nsuloun Fotse;Vianney Kengne Tchendji;Mthulisi Velempini

{"title":"Federated Learning Based DDoS Attacks Detection in Large Scale Software-Defined Network","authors":"Yannis Steve Nsuloun Fotse;Vianney Kengne Tchendji;Mthulisi Velempini","doi":"10.1109/TC.2024.3474180","DOIUrl":null,"url":null,"abstract":"Software-Defined Networking (SDN) is an innovative concept that segments the network into three planes: a control plane comprising of one or multiple controllers; a data plane responsible for data transmission; and an application plane which enables the reconfiguration of network functionalities. Nevertheless, this approach has exposed the controller as a prime target for malicious elements to attack it, such as Distributed Denial of Service (DDoS) attacks. Current DDoS defense schemes often increased the controller load and resource consumption. These schemes are typically tailored for single-controller architectures, a significant limitation when considering the scalability requirements of large-scale SDN. To address these limitations, we introduce an efficient Federated Learning approach, named “FedLAD,” designed to counter DDoS attacks in SDN-based large-scale networks, particularly in multi-controller architectures. Federated learning is a decentralized approach to machine learning where models are trained across multiple devices as controllers store local data samples, without exchanging them. The evaluation of the proposed scheme's performance, using InSDN, CICDDoS2019, and CICDoS2017 datasets, shows an accuracy exceeding 98%, a significant improvement compared to related works. Furthermore, the evaluation of the FedLAD protocol with real-time traffic in an SDN context demonstrates its ability to detect DDoS attacks with high accuracy and minimal resource consumption. To the best of our knowledge, this work introduces a new technique in applying FL for DDoS attack detection in large-scale SDN.","PeriodicalId":13087,"journal":{"name":"IEEE Transactions on Computers","volume":"74 1","pages":"101-115"},"PeriodicalIF":3.6000,"publicationDate":"2024-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10705345","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computers","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10705345/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Software-Defined Networking (SDN) is an innovative concept that segments the network into three planes: a control plane comprising of one or multiple controllers; a data plane responsible for data transmission; and an application plane which enables the reconfiguration of network functionalities. Nevertheless, this approach has exposed the controller as a prime target for malicious elements to attack it, such as Distributed Denial of Service (DDoS) attacks. Current DDoS defense schemes often increased the controller load and resource consumption. These schemes are typically tailored for single-controller architectures, a significant limitation when considering the scalability requirements of large-scale SDN. To address these limitations, we introduce an efficient Federated Learning approach, named “FedLAD,” designed to counter DDoS attacks in SDN-based large-scale networks, particularly in multi-controller architectures. Federated learning is a decentralized approach to machine learning where models are trained across multiple devices as controllers store local data samples, without exchanging them. The evaluation of the proposed scheme's performance, using InSDN, CICDDoS2019, and CICDoS2017 datasets, shows an accuracy exceeding 98%, a significant improvement compared to related works. Furthermore, the evaluation of the FedLAD protocol with real-time traffic in an SDN context demonstrates its ability to detect DDoS attacks with high accuracy and minimal resource consumption. To the best of our knowledge, this work introduces a new technique in applying FL for DDoS attack detection in large-scale SDN.

查看原文本刊更多论文

大规模软件定义网络中基于联邦学习的DDoS攻击检测

软件定义网络（SDN）是一种创新概念，它将网络划分为三个平面：由一个或多个控制器组成的控制平面；负责数据传输的数据平面；和一个应用程序平面，使网络功能的重新配置。然而，这种方法将控制器暴露为恶意元素攻击的主要目标，例如分布式拒绝服务（DDoS）攻击。当前的DDoS防御方案往往会增加控制器的负载和资源消耗。这些方案通常是为单控制器架构量身定制的，在考虑大规模SDN的可伸缩性需求时，这是一个重大的限制。为了解决这些限制，我们引入了一种高效的联邦学习方法，名为“federad”，旨在对抗基于sdn的大规模网络中的DDoS攻击，特别是在多控制器架构中。联邦学习是一种分散的机器学习方法，其中模型在多个设备上进行训练，因为控制器存储本地数据样本，而不交换它们。使用InSDN、CICDDoS2019和CICDoS2017数据集对所提出方案的性能进行评估，结果表明准确率超过98%，与相关工作相比有显着提高。此外，在SDN环境下对实时流量的federad协议的评估表明，它能够以高精度和最小的资源消耗检测DDoS攻击。据我们所知，这项工作介绍了一种将FL应用于大规模SDN中DDoS攻击检测的新技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Computers 工程技术-工程：电子与电气

CiteScore

6.60

自引率

5.40%

发文量

199

审稿时长

6.0 months

期刊介绍： The IEEE Transactions on Computers is a monthly publication with a wide distribution to researchers, developers, technical managers, and educators in the computer field. It publishes papers on research in areas of current interest to the readers. These areas include, but are not limited to, the following: a) computer organizations and architectures; b) operating systems, software systems, and communication protocols; c) real-time systems and embedded systems; d) digital devices, computer components, and interconnection networks; e) specification, design, prototyping, and testing methods and tools; f) performance, fault tolerance, reliability, security, and testability; g) case studies and experimental and theoretical evaluations; and h) new and important applications and trends.