Confronting DDoS Attacks in Software-Defined Wireless Sensor Networks based on Evidence Theory
الموضوعات :Nazbanoo Farzaneh 1 , Reyhaneh Hoseini 2
1 - Imam Reza International University
2 - Imam Reza International University
الکلمات المفتاحية: Software- Defined Wireless Sensor Networks, Distributed Denial of Service, Entropy, Dempster-Shafer Theory, Evidence Theory,
ملخص المقالة :
DDoS attacks aim at making the authorized users unable to access the network resources. In the present paper, an evidence theory based security method has been proposed to confront DDoS attacks in software-defined wireless sensor networks. The security model, as a security unit, is placed on the control plane of the software-defined wireless sensor network aiming at detecting the suspicious traffic. The main purpose of this paper is detection of the DDoS attack using the central controller of the software-defined network and entropy approach as an effective light-weight and quick solution in the early stages of the detection and, also, Dempster-Shafer theory in order to do a more exact detection with longer time. Evaluation of the attacks including integration of data from the evidence obtained using Dempster-Shafer and entropy modules has been done with the purpose of increasing the rate of detection of the DDoS attack, maximizing the true positive, decreasing the false negative, and confronting the attack. The results of the paper show that providing a security unit on the control plane in a software-defined wireless sensor network is an efficient method for detecting and evaluating the probability of DDoS attacks and increasing the rate of detection of an attacker.
[1] I. F. Akyildiz, W. Su, Y. Sankarasubramaniam, and E. Cayirci, "Wireless sensor networks: a survey," Computer Networks, vol. 38, pp. 393-422, 2002/03/15/ 2002.#
[2] F. Losilla, C. Vicente-Chicote, B. Álvarez, A. Iborra, and P. Sánchez, "Wireless Sensor Network Application Development: An Architecture-Centric MDE Approach," in Software Architecture, Berlin, Heidelberg, 2007, pp. 179-194.#
[3] I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov, "Security in Software Defined Networks: A Survey," IEEE Communications Surveys & Tutorials, vol. 17, pp. 2317-2346, 2015.#
[4] A. Akhunzada, E. Ahmed, A. Gani, M. K. Khan, M. Imran, and S. Guizani, "Securing software defined networks: taxonomy, requirements, and open issues," IEEE Communications Magazine, vol. 53, pp. 36-44, 2015.#
[5] I. T. Haque and N. Abu-Ghazaleh, "Wireless Software Defined Networking: A Survey and Taxonomy," IEEE Communications Surveys & Tutorials, vol. 18, pp. 2713-2737, 2016.#
[6] D. He, S. Chan, and M. Guizani, "Securing software defined wireless networks," IEEE Communications Magazine, vol. 54, pp. 20-25, 2016.#
[7] M. Karakus and A. Durresi, "Quality of Service (QoS) in Software Defined Networking (SDN)," J. Netw. Comput. Appl., vol. 80, pp. 200-218, 2017.#
[8] Z.-j. Han and W. Ren, "A Novel Wireless Sensor Networks Structure Based on the SDN," International Journal of Distributed Sensor Networks, vol. 10, p. 874047, 2014/03/01 2014.#
[9] T. Kgogo, B. Isong, and A. M. Abu-Mahfouz, "Software defined wireless sensor networks security challenges," in 2017 IEEE AFRICON, 2017, pp. 1508-1513.#
[10] F. Olivier, G. Carlos, and N. Florent, "SDN Based Architecture for Clustered WSN," in 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, 2015, pp. 342-347.#
[11] C. Ioannou, V. Vassiliou, and C. Sergiou, "An Intrusion Detection System for Wireless Sensor Networks," in 2017 24th International Conference on Telecommunications (ICT), 2017, pp. 1-5.#
[12] A. D. Gante, M. Aslan, and A. Matrawy, "Smart wireless sensor network management based on software-defined networking," in 2014 27th Biennial Symposium on Communications (QBSC), 2014, pp. 71-75.#
[13] H. I. Kobo, A. M. Abu-Mahfouz, and G. P. Hancke, "A Survey on Software-Defined Wireless Sensor Networks: Challenges and Design Requirements," IEEE Access, vol. 5, pp. 1872-1899, 2017.#
[14] S. W. Pritchard, G. P. Hancke, and A. M. Abu-Mahfouz, "Security in software-defined wireless sensor networks: Threats, challenges and potential solutions," in 2017 IEEE 15th International Conference on Industrial Informatics (INDIN), 2017, pp. 168-173.#
[15] K. S. Sahoo, M. Tiwary, and B. Sahoo, "Detection of high rate DDoS attack from flash events using information metrics in software defined networks," in 2018 10th International Conference on Communication Systems & Networks (COMSNETS), 2018, pp. 421-424.#
[16] S. Shin, L. Xu, S. Hong, and G. Gu, "Enhancing Network Security through Software Defined Networking (SDN)," in 2016 25th International Conference on Computer Communication and Networks (ICCCN), 2016, pp. 1-9.#
[17] J. Wu, K. Ota, M. Dong, and C. Li, "A Hierarchical Security Framework for Defending Against Sophisticated Attacks on Wireless Sensor Networks in Smart Cities," IEEE Access, vol. 4, pp. 416-424, 2016.
[18] P. Zhang, H. Wang, C. Hu, and C. Lin, "On denial of service attacks in software defined networks," IEEE Network, vol. 30, pp. 28-33, 2016.#
[19] D. E. P. Alina Madalina Lonea, Huaglory Tianfield, "Detecting DDoS Attacks in Cloud Computing Environment," International Journal of Computers Communications & Control, vol. 8, 2013.#
[20] Y. Ashok Khimabhai and V. Rohokale, SDN Control Plane Security in Cloud Computing Against DDoS Attack, 2016.#
[21] S. K. Fayaz, Y. Tobioka, V. Sekar, and M. Bailey, "Bohatei: Flexible and elastic ddos defense," in 24th {USENIX} Security Symposium ({USENIX} Security 15), 2015, pp. 817-832.#
[22] S. M. Mousavi and M. St-Hilaire, "Early detection of DDoS attacks against SDN controllers," in 2015 International Conference on Computing, Networking and Communications (ICNC), 2015, pp. 77-81.#
[23] A. Navaz, V. Sangeetha, and C. Prabhadevi, "Entropy based anomaly detection system to prevent DDoS attacks in cloud," arXiv preprint arXiv:1308.6745, 2013.#
[24] R. Vadehra, M. Singh, B. Singh, and N. Chowdhary, "Evaluation of Flow and Average Entropy Based Detection Mecha-nism for DDoS Attacks using NS-2," International Journal of Security and Its Applications, vol. 10, pp. 139-146, 2016.#
[25] S. Yu, W. Zhou, R. Doss, and W. Jia, "Traceback of DDoS attacks using entropy variations," IEEE Transactions on Parallel and Distributed Systems, vol. 22, pp. 412-425, 2011.#
[26] B. Rashidi, C. Fung, and E. Bertino, "A collaborative DDoS defence framework using network function virtualization," IEEE Transactions on Information Forensics and Security, vol. 12, pp. 2483-2497, 2017.#
[27] G. A. N. Segura, S. Skaperas, A. Chorti, L. Mamatas, and C. B. Margi, "Denial of Service Attacks Detection in Software-Defined Wireless Sensor Networks," in 2020 IEEE International Conference on Communications Workshops (ICC Workshops), 2020, pp. 1-7.#
[28] A. Wani and S. Revathi, "DDoS Detection and Alleviation in IoT using SDN (SDIoT-DDoS-DA)," Journal of The Institution of Engineers (India): Series B, vol. 101, pp. 117-128, 2020/04/01 2020.#
[29] G. A. Nunez Segura, A. Chorti, and C. Borges Margi, "Centralized and Distributed Intrusion Detection for Resource Constrained Wireless SDN Networks," arXiv e-prints, p. arXiv: 2103.01262, 2021.#
[30] Á. MacDermott, Q. Shi, and K. Kifayat, "Distributed Attack Prevention Using Dempster-Shafer Theory of Evidence," in Intelligent Computing Methodologies, Cham, 2017, pp. 203-212.#
[31] h. tan, M. Ma, H. Labiod, and P. H. J. Chong, "TEDS: A Trusted Entropy and Dempster Shafer Mechanism for Routing in Wireless Mesh Networks," presented at the MOBILITY 2014 The Fourth International Conference on Mobile Services, Resources, and Users, Paris, France, 2014.#
[32] M. Ahmed, X. Huang, and D. Sharma, "Dempster-Shafer Theory to Identify Insider Attacker in Wireless Sensor Network," in Network and Parallel Computing, Berlin, Heidelberg, 2012, pp. 94-100.#
[33] A. Vassilev and T. A. Hall, "The Importance of Entropy to Information Security," Computer, vol. 47, pp. 78-81, 2014.#
[34] R. R. Y. Liu, Classic Works of the Dempster-Shafer Theory of Belief Functions: Springer, Berlin, Heidelberg, 2008.#
[35] J. H. Ying-Jin Lu, "Dempster-Shafer Evidence Theory and Study of Some Key Problems," Journal of Electronic Science and vol. 15, pp. 106-112, 2017.