欺骗和云集成：在SD-IoT网络中用于DDoS检测、缓解和攻击面最小化的多层方法

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-06-20 DOI:10.1016/j.compeleceng.2025.110543

Ameer El-Sayed , Ahmed A. Toony , Amr Tolba , Fayez Alqahtani , Yasser Alginahi , Wael Said

{"title":"欺骗和云集成：在SD-IoT网络中用于DDoS检测、缓解和攻击面最小化的多层方法","authors":"Ameer El-Sayed , Ahmed A. Toony , Amr Tolba , Fayez Alqahtani , Yasser Alginahi , Wael Said","doi":"10.1016/j.compeleceng.2025.110543","DOIUrl":null,"url":null,"abstract":"<div><div>Detecting Distributed Denial of Service (DDoS) attacks in Software-Defined Internet of Things (SD-IoT) networks is challenging due to vulnerabilities in single-controller architectures, the limitations of the OpenFlow protocol, evolving DDoS strategies, and resource constraints. This research proposes a multi-layered security framework that integrates deception-based security, cloud-integrated machine learning (ML), a new hierarchically distributed multi-controller (HDMC) architecture, P4-enabled real-time traffic monitoring, and adaptive mitigation. The framework includes dynamic time-based windowing for enhanced detection, a decoy network to divert attackers, and a cloud-based multi-task ML model (MT-EDD) for attack classification. It also features a synchronized multi-control design for secure communication and coordinated actions among multiple controllers and a dynamic monitoring algorithm for real-time traffic analysis. P4 switches extract features from network traffic and send them to a cloud-based server for preprocessing and analysis by a pre-trained ensemble learning model (MT-EDD), which predicts attack states and communicates results to the central controller for mitigation. The controller then enforces appropriate mitigation actions on P4 switches. This approach offloads computationally intensive tasks to the cloud, improving scalability and detection accuracy. Evaluations show the framework achieves an average accuracy of 98.42%, precision of 96.17%, recall of 94.72%, F1-score of 95.39%, and specificity of 98.22%. The proposed P4-enabled solution consumes 30% less bandwidth and 25% less CPU, reduces detection times by 54.3%, and improves detection accuracy by 5.2% compared to the OpenFlow-enabled method. The HDMC architecture, evaluated against a single-controller setup, demonstrated 40% higher throughput and 32% lower latency, confirming its superior performance across multiple metrics.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"126 ","pages":"Article 110543"},"PeriodicalIF":4.0000,"publicationDate":"2025-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Deception and cloud integration: A multi-layered approach for DDoS detection, mitigation, and attack surface minimization in SD-IoT networks\",\"authors\":\"Ameer El-Sayed , Ahmed A. Toony , Amr Tolba , Fayez Alqahtani , Yasser Alginahi , Wael Said\",\"doi\":\"10.1016/j.compeleceng.2025.110543\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Detecting Distributed Denial of Service (DDoS) attacks in Software-Defined Internet of Things (SD-IoT) networks is challenging due to vulnerabilities in single-controller architectures, the limitations of the OpenFlow protocol, evolving DDoS strategies, and resource constraints. This research proposes a multi-layered security framework that integrates deception-based security, cloud-integrated machine learning (ML), a new hierarchically distributed multi-controller (HDMC) architecture, P4-enabled real-time traffic monitoring, and adaptive mitigation. The framework includes dynamic time-based windowing for enhanced detection, a decoy network to divert attackers, and a cloud-based multi-task ML model (MT-EDD) for attack classification. It also features a synchronized multi-control design for secure communication and coordinated actions among multiple controllers and a dynamic monitoring algorithm for real-time traffic analysis. P4 switches extract features from network traffic and send them to a cloud-based server for preprocessing and analysis by a pre-trained ensemble learning model (MT-EDD), which predicts attack states and communicates results to the central controller for mitigation. The controller then enforces appropriate mitigation actions on P4 switches. This approach offloads computationally intensive tasks to the cloud, improving scalability and detection accuracy. Evaluations show the framework achieves an average accuracy of 98.42%, precision of 96.17%, recall of 94.72%, F1-score of 95.39%, and specificity of 98.22%. The proposed P4-enabled solution consumes 30% less bandwidth and 25% less CPU, reduces detection times by 54.3%, and improves detection accuracy by 5.2% compared to the OpenFlow-enabled method. The HDMC architecture, evaluated against a single-controller setup, demonstrated 40% higher throughput and 32% lower latency, confirming its superior performance across multiple metrics.</div></div>\",\"PeriodicalId\":50630,\"journal\":{\"name\":\"Computers & Electrical Engineering\",\"volume\":\"126 \",\"pages\":\"Article 110543\"},\"PeriodicalIF\":4.0000,\"publicationDate\":\"2025-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Electrical Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0045790625004860\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625004860","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

由于单控制器架构的漏洞、OpenFlow协议的局限性、不断发展的DDoS策略和资源约束，在软件定义物联网（SD-IoT）网络中检测分布式拒绝服务（DDoS）攻击具有挑战性。本研究提出了一个多层安全框架，该框架集成了基于欺骗的安全性、云集成机器学习（ML）、新的分层分布式多控制器（HDMC）架构、支持p4的实时流量监控和自适应缓解。该框架包括用于增强检测的动态基于时间的窗口，用于转移攻击者的诱饵网络，以及用于攻击分类的基于云的多任务ML模型（MT-EDD）。它还具有同步多控制设计，用于安全通信和多个控制器之间的协调行动，以及用于实时流量分析的动态监控算法。P4交换机从网络流量中提取特征，并将其发送到基于云的服务器，由预训练的集成学习模型（MT-EDD）进行预处理和分析，该模型预测攻击状态并将结果传达给中央控制器以进行缓解。然后控制器对P4交换机执行适当的缓解操作。这种方法将计算密集型任务转移到云端，提高了可伸缩性和检测精度。评价结果表明，该框架的平均准确率为98.42%，准确率为96.17%，召回率为94.72%，f1评分为95.39%，特异性为98.22%。与启用openflow的方法相比，该方案的带宽消耗减少30%，CPU消耗减少25%，检测次数减少54.3%，检测精度提高5.2%。HDMC架构在单控制器设置下进行了评估，其吞吐量提高了40%，延迟降低了32%，证实了其在多个指标上的卓越性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Deception and cloud integration: A multi-layered approach for DDoS detection, mitigation, and attack surface minimization in SD-IoT networks

Detecting Distributed Denial of Service (DDoS) attacks in Software-Defined Internet of Things (SD-IoT) networks is challenging due to vulnerabilities in single-controller architectures, the limitations of the OpenFlow protocol, evolving DDoS strategies, and resource constraints. This research proposes a multi-layered security framework that integrates deception-based security, cloud-integrated machine learning (ML), a new hierarchically distributed multi-controller (HDMC) architecture, P4-enabled real-time traffic monitoring, and adaptive mitigation. The framework includes dynamic time-based windowing for enhanced detection, a decoy network to divert attackers, and a cloud-based multi-task ML model (MT-EDD) for attack classification. It also features a synchronized multi-control design for secure communication and coordinated actions among multiple controllers and a dynamic monitoring algorithm for real-time traffic analysis. P4 switches extract features from network traffic and send them to a cloud-based server for preprocessing and analysis by a pre-trained ensemble learning model (MT-EDD), which predicts attack states and communicates results to the central controller for mitigation. The controller then enforces appropriate mitigation actions on P4 switches. This approach offloads computationally intensive tasks to the cloud, improving scalability and detection accuracy. Evaluations show the framework achieves an average accuracy of 98.42%, precision of 96.17%, recall of 94.72%, F1-score of 95.39%, and specificity of 98.22%. The proposed P4-enabled solution consumes 30% less bandwidth and 25% less CPU, reduces detection times by 54.3%, and improves detection accuracy by 5.2% compared to the OpenFlow-enabled method. The HDMC architecture, evaluated against a single-controller setup, demonstrated 40% higher throughput and 32% lower latency, confirming its superior performance across multiple metrics.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.