Self-Organization Map (SOM) Algorithm for DDoS Attack Detection in Distributed Software Defined Network (D-SDN)
محورهای موضوعی : Network ManagementMohsen Rafiee 1 , Alireza shirmarz 2
1 - Department of Computer Engineering, University of Mazandaran, Mazandaran, Iran
2 - Department of Computer & Electronic Engineering, Ale-Taha University, Tehran, Iran
کلید واژه: Software Defined Network (SDN), Distributed Controller , Distributed denial-of-service (DDoS) , Self-Organizing Map (SOM), Learning Vector Quantization (LVQ),
چکیده مقاله :
The extend of the internet across the world has increased cyber-attacks and threats. One of the most significant threats includes denial-of-service (DoS) which causes the server or network not to be able to serve. This attack can be done by distributed nodes in the network as if the nodes collaborated. This attack is called distributed denial-of-service (DDoS). There is offered a novel architecture for the future networks to make them more agile, programmable and flexible. This architecture is called software defined network (SDN) that the main idea is data and control network flows separation. This architecture allows the network administrator to resist DDoS attacks in the centralized controller. The main issue is to detect DDoS flows in the controller. In this paper, the Self-Organizing Map (SOM) method and Learning Vector Quantization (LVQ) are used for DDoS attack detection in SDN with distributed architecture in the control layer. To evaluate the proposed model, we use a labelled data set to prove the proposed model that has improved the DDoS attack flow detection by 99.56%. This research can be used by the researchers working on SDN-based DDoS attack detection improvement.
The extend of the internet across the world has increased cyber-attacks and threats. One of the most significant threats includes denial-of-service (DoS) which causes the server or network not to be able to serve. This attack can be done by distributed nodes in the network as if the nodes collaborated. This attack is called distributed denial-of-service (DDoS). There is offered a novel architecture for the future networks to make them more agile, programmable and flexible. This architecture is called software defined network (SDN) that the main idea is data and control network flows separation. This architecture allows the network administrator to resist DDoS attacks in the centralized controller. The main issue is to detect DDoS flows in the controller. In this paper, the Self-Organizing Map (SOM) method and Learning Vector Quantization (LVQ) are used for DDoS attack detection in SDN with distributed architecture in the control layer. To evaluate the proposed model, we use a labelled data set to prove the proposed model that has improved the DDoS attack flow detection by 99.56%. This research can be used by the researchers working on SDN-based DDoS attack detection improvement.
[1] A. Shirmarz and A. Ghaffari, “An Autonomic Software Defined Network (SDN) Architecture With Performance Improvement Considering,” J. Inf. Syst. Telecommun., vol. 8, no. 2, pp. 1–9, 2020.
[2] A. Shirmarz and A. Ghaffari, “Performance issues and solutions in SDN-based data center: a survey,” J. Supercomput., 2020.
[3] A. Shirmarz and A. Ghaffari, “An adaptive greedy flow routing algorithm for performance improvement in a software‐defined network,” Int. Numer. Model. Electron. networks, Devices, Fields-Wiley online Libr., no. March, pp. 1–21, 2019.
[4] R. Masoudi and A. Ghaffari, “Software defined networks: A survey,” J. Netw. Comput. Appl., vol. 67, pp. 1–25, 2016.
[5] Z. Zhao et al., “Autonomic communications in software-driven networks,” IEEE J. Sel. Areas Commun., vol. 35, no. 11, pp. 2431–2445, 2017.
[6] A. Shirmarz and A. Ghaffari, “Taxonomy of controller placement problem ( CPP ) optimization in Software Defined Network ( SDN ): a survey,” J. Ambient Intell. Humaniz. Comput., no. 0123456789, 2021.
[7] A. G. Alireza Shirmarz, “Automatic Software Defined Network (SDN) Performance Management Using TOPSIS Decision-Making Algorithm,” J. Grid Comput., 2021.
[8] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2019-Octob, 2019.
[9] T. Cisco and A. Internet, “Cisco Annual Internet Report,” 2020.
[10] “Legal Implications of DDoS Attacks and the Internet of Things (IoT),” 2016. [Online]. Available: https://www.dataprotectionreport.com/2016/12/legal-implications-of-ddos-attacks-and-the-internet-of-things-iot/.
[11] “Defending against Distributed Denial of Service (DDoS) attacks,” 2020. [Online]. Available: https://www2.deloitte.com/ca/en/pages/risk/articles/DDoSattacks.html.
[12] “UNB Dataset.” [Online]. Available: www . unb . ca / cic / datasets / ddos - 2019 . html.
[13] Q. Niyaz, W. Sun, and M. Alam, “Impact on SDN Powered Network Services Under Adversarial Attacks,” Procedia - Procedia Comput. Sci., vol. 62, no. Scse, pp. 228–235, 2015.
[14] Teuvo Kohonen, The Basic SOM. 2001.
[15] T. V Phan, N. K. Bao, and M. Park, “Author ’ s Accepted Manuscript Performance Bottleneck Handler for Large-sized Software- Defined Networks under Flooding Attacks Reference : Distributed-SOM : A Novel Performance Bottleneck Handler for Large-sized,” J. Netw. Comput. Appl., 2017.
[16] Teuvo Kohonen, “The self-organizing map,” in Proceedings of the IEEE, 1990, pp. 1464–1480.
[17] B. Yuan, D. Zou, S. Yu, H. Jin, W. Qiang, and J. Shen, “Defending against flow table overloading attack in software-defined networks,” IEEE Trans. Serv. Comput., vol. 12, no. 2, pp. 231–246, 2019.
[18] M. Clayton, C. Batt, M. Clayton, and C. Batt, Communications and networking. 2019.
[19] M. Xuanyuan, V. Ramsurrun, and A. Seeam, “Detection and mitigation of DDoS attacks using conditional entropy in software-defined networking,” Proc. 11th Int. Conf. Adv. Comput. ICoAC 2019, pp. 66–71, 2019.
[20] A. Ahalawat, S. S. Dash, A. Panda, and K. S. Babu, “Entropy Based DDoS Detection and Mitigation in OpenFlow Enabled SDN,” Proc. - Int. Conf. Vis. Towar. Emerg. Trends Commun. Networking, ViTECoN 2019, pp. 1–5, 2019.
[21] S. M. Mousavi and M. St-hilaire, “Early Detection of DDoS Attacks against SDN Controllers,” in International Conference on Computing, Networking and Communications, Communications and Information Security Symposiu, 2015, pp. 77–81.
[22] S. M. S. Mousavi and M. St-Hilaire, “Early Detection of DDoS Attacks in Software Defined Networks Controller,” Thesis, pp. 77–81, 2014.
[23] M. Wang, Y. Lu, and J. Qin, “A dynamic MLP-based DDoS attack detection method using feature selection and feedback,” Comput. Secur., vol. 88, p. 101645, 2020.
[24] T. V. Phan, N. K. Bao, and M. Park, “Distributed-SOM: A novel performance bottleneck handler for large-sized software-defined networks under flooding attacks,” J. Netw. Comput. Appl., vol. 91, pp. 14–25, 2017.
[25] R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proceedings - Conference on Local Computer Networks, LCN, 2010, pp. 408–415.
[26] A. Detection, S. Networking, and S. K. Dey, “Effects of Machine Learning Approach in Flow-Based,” 2019.
[27] R. Santos, D. Souza, W. Santo, A. Ribeiro, and E. Moreno, “Machine learning algorithms to detect DDoS attacks in SDN,” Concurr. Comput. , vol. 32, no. 16, pp. 1–14, 2020.
[28] T. M. Nam et al., “Self-organizing map-based approaches in DDoS flooding detection using SDN,” Int. Conf. Inf. Netw., vol. 2018-Janua, pp. 249–254, 2018.
[29] T. Khalil, “A Survey of Feature Selection and Feature Extraction Techniques in Machine Learning,” pp. 372–378, 2014.
[30] S. Rowshanrad, V. Abdi, and M. Keshtgari, “Performance evaluation of SDN controllers: Floodlight and Opendaylight,” Int. Islam. Univ. Malaysia Eng. J., vol. 17, no. 2, pp. 47–57, 2016.
[31] R. Braga, E. Mota, and A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX/ OpenFlow,” in 35th Annual IEEE Conference on Local Computer Networks, 2010, no. January 2015.
