Proposing a Detection and Mitigation Approach for DDoS Attacks on SDN-Based IoT Networks
Subject Areas : electrical and computer engineeringfatemeh MotieShirazi 1 , Seyedakbar Mostafavi 2
1 - Yazd University
2 - Yazd University
Keywords: Software defined networks, Internet of Things, distributed denial of service attack, entropy,
Abstract :
Internet of Things (IoT) is a network of objects on which objects can communicate with other objects. The Internet of Things is currently constantly under numerous attacks due to technical, legal and human problems. One of the most important of these attacks is the Denial of Service (DoS) attack, in which normal network services are out of service and it is impossible for objects and users to access the server and other resources. Existing security solutions have not been able to effectively prevent interruption attacks in Internet of Things services. Software-oriented network (SDN) is a new architecture in the network based on the separation of the control and data plane of the network. Programmability and network management capability by SDN can be used in IoT services because some IoT devices send data periodically and in certain time intervals. SDN can help reduce or prevent the data flood caused by IoT if properly deployed in the data center. In this article, a method to detect DDoS attacks in Internet of Things based on SDN is presented and then an algorithm to reduce DDoS attacks is presented. The proposed method is based on the entropy criterion, which is one of the most important concepts in information theory and is calculated based on the characteristics of the flow. In this method, by using two new components on the controller to receive incoming packets and considering the time window and calculating entropy and flow rate, a possible attack is detected in the network, and then based on the statistics of the flow received from the switches, the certainty of the attack is determined. Compared to the existing methods, the proposed method has improved 12% in terms of attack detection time and 26% in terms of false positives/negatives.
[1] K. Zhao and L. Ge, "A survey on the Internet of Things security," in Proc. 9th Int. Conf. on Computational Intelligence and Security, pp. 663-667, Emeishan, China, 14-15 Dec. 2013.
[2] O. Salman, I. Elhajj, A. Chehab, and A. Kayssi, "IoT survey: an SDN and fog computing perspective," Computer Networks, vol. 143, pp. 221-246, Oct. 2018.
[3] S. Scott-Hayward, G. O'Callaghan, and S. Sezer, "SDN security: a survey," IEEE SDN for Future Networks and Services, SDN4FNS, 7 pp., Trento, Italy, 11-13 Nov. 2013.
[4] J. Ren, H. Guo, C. Xu, and Y. Zhang, "Serving at the edge: a scalable IoT architecture based on transparent computing," IEEE Network, vol. 31, no. 5, pp. 96-105, 2017.
[5] K. S. Sahoo, B. Sahoo, and A. Panda, "A secured SDN framework for IoT," in Proc. Int Conf. on Man and Machine Interfacing MAMI'15, 4 pp., Bhubaneswar, India, 17-19 Dec. 2015.
[6] Y. Lu and M. Wang, "An easy defense mechanism against botnet-based DDoS flooding attack originated in SDN environment using sFlow," in Proc. of the 11th Int. Conf. on Future Internet Technologies-CFI'16, pp. 14-20, Nanjing, China, 15-17 Jun. 2016.
[7] S. M. Mousavi and M. St-Hilaire, "Early detection of DDoS attacks against software defined network controllers," J. of Network and Systems Management, vol. 26, no. 3, pp. 573-591, Jul. 2018.
[8] R. Neres Carvalho, J. Luiz Bordim, and E. Adilio Pelinson Alchieri, "Entropy-based DoS attack identification in SDN," in Proc. IEEE Int. Parallel and Distributed Processing Symp. Workshops, IPDPSW'19, pp. 627-634, Rio de Janeiro, Brazil, 20-24 May 2019.
[9] R. B. Shohani and S. A. Mostafavi, "Introducing a new linear regression based method for early DDoS attack detection in SDN," in Proc. 6th Int. Conf. on Web Research, ICWR'10, pp. 126-132, Tehran, Iran, 23-24 Apr. 2020.
[10] J. Galeano-Brajones, J. Carmona-Murillo, J. F. Valenzuela-Valdes, and F. Luna-Valero, "Detection and mitigation of DoS and DDoS attacks in IoT-based stateful SDN: an experimental approach," Sensors, vol. 20, no. 3, Article ID: 816, 18 pp., Feb. 2020.
[11] L. Li, J. Zhou, and N. Xiao, "DDoS attack detection algorithms based on entropy computing," In: Qing, S., Imai, H., Wang, G. (eds) Information and Communications Security. ICICS 2007. Lecture Notes in Computer Science, vol 4861. Springer, Berlin, pp. 452-466, 2007.
[12] R. Wang, Z. Jia, and L. Ju, "An entropy-based distributed DDoS detection mechanism in software-defined networking," in Proc. IEEE Trustcom/BigDataSE/ISPA, pp. 310-317, Helsinki, Finland, 20-22 Aug. 2015.
[13] S. Oshima, T. Nakashima, and T. Sueyoshi, "Early DoS/DDoS detection method using short-term statistics," in Proc. Int Conf. on Complex, Intelligent and Software Intensive Systems, pp. 168-173, Krakow, Poland, 15-18 Feb. 2010.
[14] K. Muthamil Sudar and P. Deepalakshmi, "A two level security mechanism to detect a DDoS flooding attack in software-defined networks using entropy-based and C4.5 technique," J. of High Speed Networks, vol. 26, no. 1, pp. 55-76, Mar. 2020.
[15] R. L. S. de Oliveira, C. M. Schweitzer, A. A. Shinoda, and L. R. Prete, "Using mininet for emulation and prototyping software-defined networks," in Proc. IEEE Colombian Conf. on Communications and Computing, COLCOM'14, 6 pp., Bogota, Colombia, 4-6 Jun. 2014.
[16] C. S. Wright, Searching for Exploits, SCAPY Fuzzing, 11 pp., 31 Mar. 2018, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3153525,
[17] M. A. Al-Adaileh, M. Anbar, Y. W. Chong, and A. Al-Ani, "Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)," in Proc. MATEC Web of Conf., vol. 218, Article ID: 02012, 8 pp., 26 Oct2018.
[18] Q. Yan, F. R. Yu, Q. Gong, and J. Li, "Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges," IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602-622, Firstquarter 2016.