High-performance, Platform-Independent DDoS Detection for IoT Ecosystems

Most Distributed Denial of Service (DDoS) detection and mitigation strategies for Internet of Things (IoT) are based on a remote cloud server or purpose-built middlebox executing complex intrusion detection methods, that impose stringent scalability and performance requirements on the IoT due to the vast amounts of traffic and devices to be handled. In this paper, we present an edge-based detection scheme using BPFabric, a high-speed, programmable data-plane switch architecture, and lightweight network functions to execute upstream anomaly detection. The proposed detection scheme ensures fast detection of DDoS attacks originated from IoT devices, while guaranteeing minimum resource usage and processing overhead. Our solution was compared against two widespread coarse-grained detection techniques, showing detection delays under 5ms, an overall accuracy of 93 − 95% and a bandwidth overhead of less than 1%

Detailed Review on The Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs) and Defense Strategies

The development of Software Defined Networking (SDN) has altered the landscape of computer networking in recent years. Its scalable architecture has become a blueprint for the design of several advanced future networks. To achieve improve and efficient monitoring, control and management capabilities of the network, software defined networks differentiate or decouple the control logic from the data forwarding plane. As a result, logical control is centralized solely in the controller. Due to the centralized nature, SDNs are exposed to several vulnerabilities such as Spoofing, Flooding, and primarily Denial of Service (DoS) and Distributed Denial of Service (DDoS) among other attacks. In effect, the performance of SDN degrades based on these attacks. This paper presents a comprehensive review of several DoS and DDoS defense/mitigation strategies and classifies them into distinct classes with regards to the methodologies employed. Furthermore, suggestions were made to enhance current mitigation strategies accordingly

Near real-time security system applied to SDN environments in IoT networks using convolutional neural network

[EN] The Internet of Things (IoT) paradigm brings new and promising possibilities for services and products. The heterogeneity of IoT devices highlights the inefficiency of traditional networks' structures to support their specific requirements due to their lack of flexibility. Thus, Software-defined Networking (SDN) is commonly associated with IoT since this architecture provides a more flexible and manageable network environment. As shown by recent events, IoT devices may be used for large scale Distributed Denial of Service (DDoS) attacks due to their lack of security. This kind of attack is commonly detected and mitigated at the destination-end network but, due to the massive volume of information that IoT botnets generate, this approach is becoming impracticable. We propose in this paper a near real-time SDN security system that both prevents DDoS attacks on the source-end network and protects the sources SDN controller against traffic impairment. For this, we apply and test a Convolutional Neural Network (CNN) for DDoS detection, and describe how the system could mitigate the detected attacks. The performance outcomes were performed in two test scenarios, and the results pointed out that the proposed SDN security system is promising against next-generation DDoS attacks. (C) 2020 Published by Elsevier Ltd.This study was financed in part by the National Council for Scientific and Technological Development (CNPq) of Brazil under Grants 310668/2019-0 and 309335/2017-5; by the Ministerio de Economia y Competitividad in the "Programa Estatal de Fomento de la Investigacion Cientifica y Tecnica de Excelencia, Subprograma Estatal de Generacion de Conocimiento" within the project under Grant TIN2017-84802-C2-1-P; by FCT/MCTES through national funds and when applicable co-funded EU funds under the Project UIDB/EEA/50008/2020; and by the Coordenacao de Aperfeicoamento de Pessoal de Nivel Superior (CAPES) by the granting of a scholarship through the "Programa de Doutorado Sanduche no Exterior (PDSE) 2019". Finally, this work was supported by Federal University of Parana(UFPR) under Project Banpesq/2014016797.De Assis, MVO.; Carvalho, LF.; Rodrigues, JJPC.; Lloret, J.; Proenca Jr, ML. (2020). Near real-time security system applied to SDN environments in IoT networks using convolutional neural network. Computers & Electrical Engineering. 86:1-16. https://doi.org/10.1016/j.compeleceng.2020.1067381168

TPAAD: two‐phase authentication system for denial of service attack detection and mitigation using machine learning in software‐defined network.

Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead

La seguridad en redes SDN y sus aplicaciones

Introduction: The review article is the product of the research on Security in SDN networks and their applications, developed at the District University in 2020, presenting the latest advances, that have been made in security. Problem: The security weaknesses that SDN networks have had, due to being a new architecture. This has not allowed traditional networks to be replaced.   Objective: To carry out a review of the state of the art of SDN networks, focusing research on the security of the control layer and its advances. Methodology: The descriptive method is implemented, consulting databases such as Scopus, IEEE and ScienceDirect, using the following search criteria: SDN networks, security in SDN networks, applications with SDN networks and OpenFlow protocol. It is shown as a research sample: the Asian, European and American continents with years of research from 2014 to 2020. Results: Great advances have been made in terms of security for SDN networks, which allows us to see an early solution to the weaknesses that it currently faces.   Conclusion: SDN networks will solve all the challenges they face and will be consolidated as a solid and reliable architecture.   Originality: an important focus is taken on the security of SDN networks and the great development that has occurred in this regard is evident.   Limitations: SDN networks are a new architecture, so their development has been very little and advances in security have been significantly affected.Introducción: El artículo de revisión es producto de la investigación Seguridad en redes SDN y sus aplicaciones, desarrollada en la Universidad Distrital en el año 2020, presentando los últimos avances que se han logrado en seguridad. Problema: Las debilidades en seguridad que han tenido las redes SDN debido a ser una arquitectura nueva, esto no ha permitido que se reemplacen las redes tradicionales. Objetivo: realizar una revisión del estado del arte de las redes SDN enfocando la investigación la seguridad de la capa de control y sus avances. Metodología: se emplea el método descriptivo, se consultaron bases de datos como Scopus, IEEE y ScienceDirect, utilizando los siguientes criterios de búsqueda: SDN networks, security in SDN networks, applications with SDN networks y OpenFlow protocol, se tomó como muestra de investigación a los continentes asiático, europeo y americano con años de investigación desde el año 2014 hasta el año 2020. Resultados: se han desarrollado grandes avances en seguridad para las redes SDN, lo que permite ver una pronta solución a las debilidades que afronta en la actualidad. Conclusión: las redes SDN lograran resolver todos los retos a los que se enfrentan y se consolidara como una arquitectura sólida y confiable. Originalidad: se realiza un enfoque importante en la seguridad de las redes SDN y se evidencia el gran desarrollo que se ha presentado en este aspecto. Limitaciones: las redes SDN son una arquitectura nueva por lo que su desarrollo ha sido muy poco y los avances en seguridad se vieron afectados significativamente

DDOS ATTACK DETECTION USING HYBRID (CCN AND LSTM) ML MODEL

LSTM (Long Short-Term Memory) and CNN (Convolutional Neural Networks) are two types of deep learning algorithms; by combining the strengths of LSTM and CNN, researchers have developed deep learning models that can effectively detect SDN (Software-Defined Network) attacks including Distributed Denial of Service. These models effectively analyze network traffic, encompassing temporal and spatial characteristics, resulting in precise identification of malicious traffic.In this research, a hybrid model composed of CNN and LSTM is used to detect the DDoS attack in SDN network. Where the CNN component of the model can identify spatial patterns in network traffic, such as the characteristics of individual packets, while the LSTM component can capture temporal patterns in traffic over time, such as the timing and frequency of traffic bursts. The proposed model has been trained on a labeled network traffic dataset, with one class representing normal traffic and another class representing DDoS attack traffic. During the training process, the model adjusts its weights and biases to minimize the difference between its predicted output and the actual output for each input sample. Once trained, the hybrid model classifies incoming network traffic in the dataset as either normal or malicious with an initial accuracy of (78.18%) and losses of (39.77%) at the 1st epoch till it reaches an accuracy of (99.99%) with losses of (9.29×10-5) at the epoch number 500. It should be mentioned that the hybrid model of CNN and LSTM for DDoS detection is implemented using Python Anaconda platform with an ETA 28ms/step

Methods and Techniques for Dynamic Deployability of Software-Defined Security Services

With the recent trend of “network softwarisation”, enabled by emerging technologies such as Software-Defined Networking and Network Function Virtualisation, system administrators of data centres and enterprise networks have started replacing dedicated hardware-based middleboxes with virtualised network functions running on servers and end hosts. This radical change has facilitated the provisioning of advanced and flexible network services, ultimately helping system administrators and network operators to cope with the rapid changes in service requirements and networking workloads. This thesis investigates the challenges of provisioning network security services in “softwarised” networks, where the security of residential and business users can be provided by means of sets of software-based network functions running on high performance servers or on commodity devices. The study is approached from the perspective of the telecom operator, whose goal is to protect the customers from network threats and, at the same time, maximize the number of provisioned services, and thereby revenue. Specifically, the overall aim of the research presented in this thesis is proposing novel techniques for optimising the resource usage of software-based security services, hence for increasing the chances for the operator to accommodate more service requests while respecting the desired level of network security of its customers. In this direction, the contributions of this thesis are the following: (i) a solution for the dynamic provisioning of security services that minimises the utilisation of computing and network resources, and (ii) novel methods based on Deep Learning and Linux kernel technologies for reducing the CPU usage of software-based security network functions, with specific focus on the defence against Distributed Denial of Service (DDoS) attacks. The experimental results reported in this thesis demonstrate that the proposed solutions for service provisioning and DDoS defence require fewer computing resources, compared to similar approaches available in the scientific literature or adopted in production networks

An intelligent, distributed and collaborative DDoS defense system

The Distributed Denial-of-Service (DDoS) attack is known as one of the most destructive attacks on the Internet. With the advent of new computing paradigms, such as Cloud and Mobile computing, and the emergence of pervasive technology, such as the Internet of Things, on one hand, these revolutionized technologies enable the availability of services and applications to everyone. On the other hand, these techniques also benefit attackers to exploit the vulnerabilities and deploy attacks in more efficient ways. Latest network security reports have shown that distributed Denial of Service (DDoS) attacks have been growing dramatically in volume, frequency, sophistication and impact, making it one of the most challenging threats in the Internet. An unfortunate state of affairs is that the remediation strategies have fallen behind attackers. The severe impact caused by recent DDoS attacks strongly indicates the need for an effective DDoS defense system. We study the current existing solution space, and summarize three fundamental requirements for an effective DDoS defense system: 1) an accurate detection with minimal false alarms; 2) an effective inline inspection and instant mitigation, and 3) a dynamic, distributed and collaborative defense infrastructure. This thesis aims at providing such a defense system that fulfills all the requirements. In this thesis, we explore and address the problem from three directions: 1) we strive to understand the existing detection strategies and provide a survey of an empirical analysis of machine learning based detection techniques; 2) we develop a novel hybrid detection model which ensembles a deep learning model for a practical flow by flow detection and a classic machine learning model that is aware of the network status, and 3) we present the design and implementation of an intelligent, distributed and collaborative DDoS defense system that effectively mitigate the impact of DDoS attacks. The performance evaluation results show that our proposed defense system is capable of effectively mitigating DDoS attacks impacts and maintaining a limited disturbing for legitimate services