Real-time DDoS Detection and Mitigation in Software Defined Networks using Machine Learning Techniques

Q3 Computer Science

International Journal of Computing Pub Date : 2022-09-30 DOI:10.47839/ijc.21.3.2691

S. R, A. Kanavalli, Anshul Gupta, Ashutosh Pattanaik, Sashank Agarwal

{"title":"Real-time DDoS Detection and Mitigation in Software Defined Networks using Machine Learning Techniques","authors":"S. R, A. Kanavalli, Anshul Gupta, Ashutosh Pattanaik, Sashank Agarwal","doi":"10.47839/ijc.21.3.2691","DOIUrl":null,"url":null,"abstract":"Software Defined Network (SDN) is the new era of networking technology based on a centralized controller that separates the switch hardware from its operating software. The most important challenge is the security of SDN and the most prominent attack is the Distributed Denial of Service (DDoS) attack. Some of the research work done so far detects DDoS attacks using a threshold, which is usually assumed without proper scientific reason and hence may not be always accurate. The mitigation techniques used by some researchers block the host from sending the network traffic beyond a threshold, by installing drop rules in the flow table of the switch connected to that host. Doing so will not only block the attack traffic but also the genuine ones from other applications of that host. In this paper, we propose a model that calculates the threshold limit for the type of applications sending data to a particular switch, in real-time using a machine learning (ML) model, and determines whether that application traffic is DDoS traffic. After the detection, only application type sending DDoS traffic is blocked while other genuine applications are allowed to send the network traffic without any interruption. The use of a dynamic threshold, based on the current network traffic, will help in detecting DDoS efficiently.","PeriodicalId":37669,"journal":{"name":"International Journal of Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.47839/ijc.21.3.2691","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 3

Abstract

Software Defined Network (SDN) is the new era of networking technology based on a centralized controller that separates the switch hardware from its operating software. The most important challenge is the security of SDN and the most prominent attack is the Distributed Denial of Service (DDoS) attack. Some of the research work done so far detects DDoS attacks using a threshold, which is usually assumed without proper scientific reason and hence may not be always accurate. The mitigation techniques used by some researchers block the host from sending the network traffic beyond a threshold, by installing drop rules in the flow table of the switch connected to that host. Doing so will not only block the attack traffic but also the genuine ones from other applications of that host. In this paper, we propose a model that calculates the threshold limit for the type of applications sending data to a particular switch, in real-time using a machine learning (ML) model, and determines whether that application traffic is DDoS traffic. After the detection, only application type sending DDoS traffic is blocked while other genuine applications are allowed to send the network traffic without any interruption. The use of a dynamic threshold, based on the current network traffic, will help in detecting DDoS efficiently.

查看原文本刊更多论文

软件定义网络中使用机器学习技术的实时DDoS检测和缓解

软件定义网络(SDN)是基于将交换机硬件与其操作软件分离的集中式控制器的网络技术的新时代。最重要的挑战是SDN的安全性，最突出的攻击是分布式拒绝服务(DDoS)攻击。迄今为止所做的一些研究工作使用阈值来检测DDoS攻击，通常没有适当的科学理由，因此可能并不总是准确的。一些研究人员使用的缓解技术通过在连接到该主机的交换机的流表中安装drop规则来阻止主机发送超过阈值的网络流量。这样做不仅可以阻止攻击流量，还可以阻止来自该主机上其他应用程序的真实流量。在本文中，我们提出了一个模型，该模型使用机器学习(ML)模型实时计算向特定交换机发送数据的应用程序类型的阈值限制，并确定该应用程序流量是否为DDoS流量。检测完成后，只阻断发送DDoS流量的应用类型，不阻断其他正常类型的应用发送网络流量。使用基于当前网络流量的动态阈值有助于有效地检测DDoS。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Computing Computer Science-Computer Science (miscellaneous)

CiteScore

2.20

自引率

0.00%

发文量

期刊介绍： The International Journal of Computing Journal was established in 2002 on the base of Branch Research Laboratory for Automated Systems and Networks, since 2005 it’s renamed as Research Institute of Intelligent Computer Systems. A goal of the Journal is to publish papers with the novel results in Computing Science and Computer Engineering and Information Technologies and Software Engineering and Information Systems within the Journal topics. The official language of the Journal is English; also papers abstracts in both Ukrainian and Russian languages are published there. The issues of the Journal are published quarterly. The Editorial Board consists of about 30 recognized worldwide scientists.