A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

Software-Defined Networking (SDN) is an emerging networking paradigm that provides an advanced programming capability and moves the control functionality to a centralized controller. This paper proposes a two-stage novel intelligent approach that takes advantage of the SDN approach to detect Denial of Service (DoS) flooding attacks based on calculation of packet rate as the first step and followed by Support Vector Machine (SVM) classification as the second step. Flow concept is an essential idea in OpenFlow protocol, which represents a common interface between an SDN switch and an SDN controller. Therefore, our system calculates the packet rate of each flow based on flow statistics obtained by SDN controller. Once the packet rate exceeds a predefined threshold, the system will activate the packet inspection unit, which, in turn, will use the (SVM) algorithm to classify the previously collected packets. The experimental results showed that our system was able to detect DoS flooding attacks with 96.25% accuracy and 0.26% false alarm rate

Yazılım tanımlı ağlarda yapay zeka tabanlı yeni bir DoS (Denial of Service) saldırı tespit sistemi gerçekleştirilmesi

Denial of Service (DoS) saldırıları, günümüzde Internet güvenliğini tehdit eden en tehlikeli saldırılardır. Bu tür saldırılarda, ağ kaynakları çalışamaz ve hizmet veremez hâle gelebilir. “Yazılım tanımlı ağlar” Software Defined Networks (SDN) yaklaşımının sağladığı programlama kabiliyeti ile, daha etkili bir çözüm sağlanabilir. Yazılım tanımlı ağlar, geleneksel ağ mimarisinden daha esnek daha etkili bir yönetim imkânı sağlayan bir teknolojidir. SDN mimarisinde, kontrol ve altyapı katmanları birbirinden ayrılmıştır. Böylece, temel ağ altyapısı, uygulamalardan soyutlanmış durumdadır. Programlanabilirlik özelliği ile çeşitli yapay zekâ yöntemleri, yazılım tanımlı ağ mimarisinde kullanılabilir. Bu çalışmada, yapay zekâ yöntemleri ile birlikte bilgisayar ağlarındaki çok iyi bilinen DoS saldırılarına karşı iki aşamalı bir sistem önerilmiştir. İlk etapta tehdit derecesi, SDN kontrol biriminin bir modülü olarak çalışan K-en yakın komşu yöntemini kullanan tehdit belirleme birimi yardımıyla belirlenmiştir. Birinci aşamada bir tehdit tespit edildiğinde, sistemin ikinci aşamasında hedefte bulunan sunucu üzerinde çalışan saldırı inceleme birimi aktif hale getirilmiştir. Ardından gelen paketlerin sınıflandırılması için yapay sinir ağları kullanılmıştır. Önerilen sistemin performansını ölçmek için NSL-KDD veri seti kullanılmıştır. Bu çalışmadan alınan sonuçlar doğrultusunda yapay zekâ tekniklerinin DoS saldırılarının saptanmasında kullanımının etkinliği gösterilmiştir.Denial of Service (DoS) attacks are considered to be one of the most dangerous attacks tagergeting the Internet security. Such types of attacks, can lead to a complete denial of service in the server's resources. Software-defined networking approach with its programming abililty provides a more effective solution. Software Defined Networks (SDN) is a technology that provides more flexible management than traditional network architecture. In the SDN architecture, the control and infrastructure layers are separated. Thus, the underlying network infrastructure is abstracted from the applications. The programmability of SDN allows applying various artificial intelligence methods. In this study, a two-stage hybrid protection mechanism is proposed for detection the well-known DoS attacks based on artificial intelligence techniques. In the first stage, the threat level is determined by the threat detecting unit which works as a module for the SDN controller and uses K-Nearest Neighbor approach. Once a potential threat is detected, the attack inspection unit, which is placed on the targeted server, will be activated. Artificial neural networks approach has been used by the attack inspection unit. NSL-KDD benchmark dataset has been used in order to measure the performance of the proposed system. The results obtained from the experimental study have shown the effectiveness of using artificial intelligence techniques for detecting DoS attacks

Towards an efficient anomaly-based intrusion detection for software-defined networks

WOS: 000448943800013Software-defined networking (SDN) is a new paradigm that allows developing more flexible network applications. A SDN controller, which represents a centralised controlling point, is responsible for running various network applications as well as maintaining different network services and functionalities. Choosing an efficient intrusion detection system helps in reducing the overhead of the running controller and creates a more secure network. In this study, we investigate the performance of the well-known anomaly-based intrusion detection approaches in terms of accuracy, false alarm rate, precision, recall, f1-measure, area under receiver operator characteristic curve, execution time and McNemar's test. Precisely, the authors focus on supervised machine-learning approaches where we use the following classifiers: decision trees, extreme learning machine, Naive Bayes, linear discriminant analysis, neural networks, support vector machines, random forest, K-nearest-neighbour, AdaBoost, RUSBoost, LogitBoost and BaggingTrees where we employ the well-known NSL-KDD benchmark dataset to compare the performance of each one of these classifiers

Minimizing false positive rate for DoS attack detection: A hybrid SDN-based approach

WOS: 000537706700012Denial of Service attacks (DoS) are considered to be a major threat against today's communication networks. Recently, a novel networking paradigm that provides enhanced programming abilities has been proposed to attain an efficient control and management in future networks. in this work, we take the advantage of software-defined networking (SDN) to minimize the false positive rate of DoS attack detection systems. Our system combines flow-based and packet-based approaches to minimize the false positive rate (FPR). the experimental results conducted on NSL-KDD dataset have shown the effectiveness of our proposed approach, which successfully minimized the FPR as low as 0.3%. (C) 2020 the Korean Institute of Communications and Information Sciences (KICS). Publishing services by Elsevier B.V.

Load and stress testing for SDN's northbound API

Latah, Majd/0000-0002-1204-505XWOS: 000515172300110In this work, we apply load and stress testing for well-known Software defined networking (SDN) controllers from an SDN application perspective. More precisely, we focus on the communication between the controller and SDN applications via the northbound Application programming interface (API). We apply proper load and stress testing plans, in order to correctly capture the behaviour of the controllers under consideration. Our load testing includes applying gradually increased workloads to find the throughput each controller can handle. Our stress test, on the other hand, builds upon the results of the load test and includes (1) measuring the API's ability to handle extremely high workloads for a prolonged period of time and (2) directly attacking the underlying hosts of SDN network using Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. We considered POX, Ryu, Floodlight, Open DayLight (ODL) and Open Network Operating System (ONOS) SDN controllers. the experimental results showed that ONOS and ODL followed by Floodlight achieve the best throughput. Whereas POX and Ryu are characterized by lower throughput accompanied with partial and/or continuous failures during high workloads or DoS/DDoS attacks

Artificial intelligence enabled software-defined networking: a comprehensive overview

###EgeUn###Software-defined networking (SDN) represents a promising networking architecture that combines central management and network programmability. SDN separates the control plane from the data plane and moves the network management to a central point, called the controller that can be programmed and used as the brain of the network. Recently, the research community has shown an increased tendency to benefit from the recent advancements in the artificial intelligence (AI) field to provide learning abilities and better decision making in SDN. In this study, the authors provide a detailed overview of the recent efforts to include AI in SDN. The study showed that the research efforts focused on three main sub-fields of AI namely: machine learning, meta-heuristics and fuzzy inference systems. Accordingly, in this work, the authors investigate their different application areas and potential use, as well as the improvements achieved by including AI-based techniques in the SDN paradigm