ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037 Available Online: www.ajeee.co.in/index.php/AJEEE
A SURVEY ON DIFFERENT DENIAL OF SERVICES ATTACK IN SOFTWARE DEFINE NETWORK
Shekhar Nigam1
Research Scholar, Department of Computer Science and Engineering, SunRise University Dr. Sanjay Kumar Tiwari2
Associate Professor, Department of Computer Science and Engineering, SunRise University
Abstract- Distributed Denial of Service (DDoS) attacks pose a serious threat to internet- connected systems, resulting in significant losses of revenue, reputation, and downtime.
Traditional methods for detecting and mitigating these attacks involve rule-based systems and signature-based detection techniques, which are limited in their ability to detect new and evolving attack patterns. In this paper, we propose a DDoS attack detection system using deep learning techniques.
Keywords- SDN, DDoS, Machine Learning, MATLAB.
I. INTRODUCTION
DDoS (Distributed Denial of Service) attacks are a significant threat to modern networks, and Software- Defined Networking (SDN) provides a framework for centrally managing network traffic, which can aid in detecting and mitigating such attacks. Here are some ways to detect DDoS attacks in an SDN environment:
Flow-based detection: SDN controllers can monitor traffic flow and identify unusual traffic patterns. If a large number of packets are directed towards a specific destination or if the traffic pattern deviates significantly from normal traffic, the controller can alert the network administrator of a possible DDoS attack.
Behavioral analysis: By monitoring the behavior of network devices, SDN controllers can detect when a device starts to send an unusually high volume of traffic. Behavioral analysis can also help detect when a device is being used as part of a DDoS attack.
Statistical analysis: SDN controllers can use statistical analysis to identify patterns of network traffic that are indicative of a DDoS attack. By monitoring the volume and distribution of traffic, the controller can detect when a device is sending a high volume of traffic to a specific destination.
Machine learning: Machine learning algorithms can be trained to detect DDoS attacks in SDN networks. These algorithms can learn to identify patterns of traffic that are indicative of a DDoS attack and can alert network administrators to take necessary actions.
In addition to detection, SDN can also facilitate mitigation of DDoS attacks. For instance, the controller can reconfigure the network in real-time to mitigate the attack by redirecting traffic, isolating affected devices, or blocking traffic from suspicious sources.
Overall, SDN provides an efficient framework for detecting and mitigating DDoS attacks. Network administrators can use the above techniques to build a robust DDoS defense mechanism in their SDN networks.
1.2 D-DoS Attack and SDN
Distributed denial-of-service (DDoS) attacks have been a real threat for network, digital, and cyber infrastructure [1].These attacks are capable to cause massive disruption in any information communication technology (ICT) infrastructure [2]. There could be numerous reasons for launching DDoS attacks. These include financial gains [3], political gains [2], and disruption [4,5]. DDoS attacks can paralyze networks and services by overwhelming servers, network links, and network devices (routers, switches, etc.) with illegitimate traffic. They can either cause degradation of service or a complete denial of service resulting in huge losses. Increasing reliance on Internet and data centers has aggravated this problem. The growing dependence of critical infrastructure of a country in ICT have
ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037 Available Online: www.ajeee.co.in/index.php/AJEEE given rise to the need of efficient solutions for protection against DDoS attacks [6,7]. For instance, data centers running critical services, such as smart grid, need to be protected in order to continue to provide highly reliable services.
Numerous proprietary and open-source solutions exist for DDoS attack detection and mitigation.
However, these attacks continue to grow in frequency, sophistication, and severity [8,9]. Rapid detection and mitigation of DDoS attacks has become severely challenging as attackers continue to use novel techniques to launch DDoS attacks [10]. The rising number of DDoS attacks, coupled with growing diversity in their types, causing disastrous impact, has made DDoS attack detection, mitigation, and prevention the top most priority. For instance, Arbor Networks Inc. [11], one of the leading DDoS threat protection solutions provider, reported a 334 Gbps attack targeting a network operator in Asia recently.
Also, it reported many attacks larger than 100 Gbps globally in 2015 [12]. Many such incidents clearly show that we need new approaches to address the DDoS attack problem. These new
approaches must be designed to meet the performance and scalability requirements of modern data centres and provide maximum levels of protection against emerging, complex and elusive, attacks.
By imposition of all shares together will generate a four times larger image than the original secret image. But the resolution quality will be degraded of reconstructed image than the original secret image due to decomposition of each white pixel. The decomposition process includes decomposition of each white pixel into two black and two white pixels.
Fig. 1 SDN-based DDoS attack detection
II. REVIEW OF LITERATURE
Mona Alduailij et.al. (2022) - In this research work presented, DDoS attack detection is a common problem in a distributed environment. This type of attack causes the unavailability of cloud service, which makes it essential to detect this attack. A machine learning model can be used to identify this type of attack. The research objective of this work is to detect a DDoS attack, with improved performance.
This experiment was performed on the CICIDS 2017 and CICDDoS 2019 datasets. Different files related to DDoS attack were included in experiments, from both datasets. We select the most relevant features, by applying the MI and the RFFI methods. The selected features are fed to machine learning algorithms (RF, GB, WVE, KNN, LR). The overall prediction accuracy of RF with 16 features is 0.99993, and with 19 features, is 0.999977, which is better, compared to other methods. It is concluded that RF, GB, WVE, KNN, and LR are achieving good results, by using MI and RFFI as feature selection techniques. In the future, we may use wrapper feature selection methods, such as sequential feature selection, with neural networks, for DDoS and other attack detection [01].
Josue Genaro Almaraz-Rivera et.al. (2022) - This research work presented, A state-of-the-art collection of data for protecting IoT networks. The methodology proposed addresses the class imbalance problem of the original dataset (by adding neither synthetic data nor class weights) leading to the creation of a novel IDS based on AI models which focuses on DDoS and DoS attacks. The proposed IDS presents results without biases towards a majority class, achieving an average accuracy >99% with our three distinct feature sets, where the Decision Tree is the outstanding anomaly detection model, whilst
ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037 Available Online: www.ajeee.co.in/index.php/AJEEE being feasible for implementation in real-time production environments, with a remarkable time performance for heavy traffic days (evaluating more than 1681 flows/s). In addition, we achieved 100%
across accuracy, precision, recall, and F1 score metrics with the Decision Tree and the Random Forest for several combinations of Normal flows vs. the DDoS/DoS protocols [02].
Firooz B. Saghezchi et.al. (2022) - This research work presented, ML for detecting DDoS attacks in Industry 4.0 CPPSs. We exported network traffic traces (PCAP files) from a real-world large-scale semiconductor production factory and employed 11 different semi-supervised, unsupervised, and supervised ML algorithms for anomaly detection in network traffic flows. The simulation results showed that supervised learning algorithms outperformed both unsupervised and semi supervised ones. In particular, DT, RF, and K-NN detected DDoS attacks with Accuracy = Recall = 0.999, Precision = 0.999, and FPR = 0.001. However, the two applied unsupervised algorithms (K-Means and EM) also showed a very good performance (Accuracy = 0.95, Recall > 0.9, Precision > 0.9, and FPR < 0.09), although their performance decreased significantly when the PCA algorithm was applied (even with 95%
variance retain). This is an interesting finding, since unlike supervised learning, unsupervised learning does not require data labelling which is a tedious task in practice and needs a significant amount of human effort and intervention [03].
G.C. Amaizu et.al. (2021) - This research work presented, Distributed denial-of-service (DDoS) remains an ever-growing problem that has affected and continues to affect a host of web applications, corporate bodies, and governments. With the advent of fifth-generation (5G) network and beyond 5G (B5G) networks, the number and frequency of occurrence of DDoS attacks are predicted to soar as time goes by, hence there is a need for a sophisticated DDoS detection framework to enable the swift transition to 5G and B5G networks without worrying about the security issues and threats. A range of schemes has been deployed to tackle this issue, but along the line, few limitations have been noticed by the research community about these schemes. Owing to these limitations/drawbacks, this paper proposes a composite and efficient DDoS attack detection framework for 5G and B5G. The proposed detection framework consists of a composite multilayer perception which was coupled with an efficient feature extraction algorithm and was built not just to detect a DDoS attack, but also, return the type of DDoS attack it encountered. At the end of the simulations and after testing the proposed framework with an industry- recognized dataset, results showed that the framework is capable of detecting DDoS attacks with a high accuracy score of 99.66% and a loss of 0.011. Furthermore, the results of the proposed detection framework were compared with their contemporaries [04].
Xiang Yu et.al. (2021) - This research work presented, In order to improve the detection rate of the existing WEB DDoS attack detection model, this paper proposes a semi supervised learning model based on spectral clustering and random forest. First of all, due to the importance of flow characteristics to the detection scheme, we focus on it to select better features to be applied to the detection model proposed in this paper. Then, we analyse the spectral clustering algorithm and the random forest algorithm in detail.
Based on the principle and its advantages, spectral clustering and random forest are combined to form a semi supervised learning WEB DDoS attack detection model. Finally, the experiment proposed in this paper is compared with other existing detection schemes to verify the paper. The proposed semi supervised learning model has a certain improvement in the detection rate while ensuring a low false positive rate and is more suitable for the detection of WEB DDoS attacks. In the future work, we will work on the improvement of the detection model and try some other machine learning methods in different manners [05].
III Type of DDoS attack
There are many different types of DDoS attacks, and attackers often use more than one type to wreak havoc on their targets [15]. Three key types are volumetric, protocol, and application-layer attacks. The purpose of all attacks is to severely slow down or stops legitimate traffic from reaching its intended destination. For example, this could mean stopping a user from accessing a website, buying a product or service, watching a video, or interacting on social media [16-18]. Additionally, by making resources unavailable or diminishing performance, DDoS can cause business to grind to a halt. This can result in preventing employees from accessing email or web applications, or conducting business as usual.
ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037 Available Online: www.ajeee.co.in/index.php/AJEEE To further understand how DDoS attacks work, let’s break down the different pathways attackers can take. The Open Systems Interconnection (OSI) model is a layered framework for various networking standards and contains seven different layers. Each layer of the OSI model has a unique purpose, like the floors of an office building where different functions of a business take place on each floor. Attackers target different layers depending on what type of web or internet-facing asset they’d like to disrupt [19- 22].
Fig. 2 Type of DDoS attack IV Problem In DDos Attack
Distributed denial-of-service (DDoS) attacks in SDN (Software-Defined Networking) can be a major problem for network administrators. In an SDN environment, the network infrastructure is controlled by software, making it possible for attackers to exploit vulnerabilities in the network software to launch DDoS attacks [21-23].
One way to prevent DDoS attacks in an SDN environment is to implement security measures such as firewalls, intrusion detection and prevention systems, and traffic monitoring tools. These tools can detect and block malicious traffic before it reaches the target network, preventing the DDoS attack from causing any damage.
Another way to prevent DDoS attacks is to implement traffic engineering policies. Traffic engineering policies can be used to route traffic away from congested areas of the network, preventing attackers from overwhelming a specific area of the network with a flood of traffic [24].
It is also important to ensure that the SDN controllers are secured and protected against attacks.
Attackers can exploit vulnerabilities in the SDN controllers to gain control of the network and launch DDoS attacks. Regular security audits and updates can help to prevent such attacks [25].
Finally, it is important to have a response plan in place in case of a DDoS attack. This plan should include procedures for detecting and mitigating the attack, as well as procedures for restoring normal network operations after the attack has been resolved. Regular testing of the response plan can help to ensure that it is effective in the event of an attack.
V Conclusion and Future Work
In conclusion, DDoS attacks pose a significant threat to SDN networks, and defending against them requires innovative and effective mitigation techniques. The use of machine learning-based solutions, software-defined security, and programmable data planes can improve the effectiveness of DDoS mitigation techniques in SDN networks. However, there is still a need for further research to address the challenges associated with developing and implementing these solutions in real-world scenarios.
DDoS attacks are a serious threat to SDN networks as they can cause significant disruptions to network services and impact critical infrastructure. In this context, this section will provide a summary of the key findings and suggest areas for future research.
One of the main challenges in defending against DDoS attacks in SDN networks is the dynamic nature
ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037 Available Online: www.ajeee.co.in/index.php/AJEEE of traffic patterns, which makes it difficult to detect and mitigate attacks in real-time. Therefore, several researchers have proposed different approaches to improve the effectiveness of DDoS mitigation techniques in SDN networks. These include machine learning-based solutions, software-defined security, and the use of programmable data planes.
In particular, machine learning techniques have shown great potential in detecting and mitigating DDoS attacks in SDN networks. By analyzing network traffic patterns, machine learning algorithms can identify abnormal behavior and take proactive measures to prevent attacks before they cause significant damage. Moreover, the use of software-defined security solutions can enhance the flexibility and scalability of DDoS mitigation techniques by enabling dynamic security policies and automated response mechanisms.
Despite the progress made in defending against DDoS attacks in SDN networks, there are still several challenges that need to be addressed. For instance, developing accurate and robust machine learning models requires significant amounts of training data, which can be challenging to obtain in real-world scenarios. Moreover, the high level of network programmability offered by SDN networks can also increase the attack surface, making it crucial to develop effective security measures to protect against potential exploits.
REFERENCES
1. Mona Alduailij, Qazi Waqas Khan, Muhammad Tahir, Muhammad Sardaraz, Mai Alduailijand Fazila Malik “Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method” Volume 14 Issue 6, 27 May 2022.
2. Josue Genaro Almaraz-Rivera, Jesus Arturo Perez-Diaz and Jose Antonio Cantoral-Ceballos
“Transport and Application Layer DDoS Attacks Detection to IoT Devices by Using Machine Learning and Deep Learning Models” Volume 22 Issue 9, 28 April 2022.
3. Firooz B. Saghezchi, Georgios Mantas, Manuel A. Violas, A. Manuel de Oliveira Duarte and Jonathan Rodriguez “Machine Learning for DDoS Attack Detection in Industry 4.0 CPPSs”
Volume 11 Issue 4 , 16 February 2022.
4. G.C. Amaizu, C.I. Nwakanma, S. Bhardwaj, J.M. Lee, D.S. Ki “Composite and efficient DDoS attack detection framework for B5G networks” Volume 188, 7 April 2021, 107871.
5. Xiang Yu, Wenchao Yu, Li,Xianfei Yang,Ying Chen and Hui Lu “WEB DDoS Attack Detection Method Based on Semi supervised Learning” Volume 2021 , 29 Nov 2021.
6. Mazhar Javed Awan , Umar Farooq, Hafiz Muhammad Aqeel Babar, Awais Yasin, Haitham Nobanee , Muzammil Hussain , Owais Hakeem and Azlan Mohd Zain “Real-Time DDoS Attack Detection System Using Big Data Approach” Volume 13 Issue 19 , 27 September 2021.
7. Özgür Tonkal, Hüseyin Polat, Erdal Ba¸saran, Zafer Cömert and Ramazan Kocao ˘glu “Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking” Volume 10 Issue 11, 21 May 2021.
8. Jalal Bhayo, Riaz Jafaq, Awais Ahmed, Sufian Hameed, and Syed Attique Shah “A Time- Efficient Approach Towards DDoS Attack Detection in IoT Network using SDN” APRIL 2021 9. Bhatia, Sajal. "Ensemble-based model for DDoS attack detection and flash event separation." In
2016 Future Technologies Conference (FTC), pp. 958-967. IEEE, 2016.
10. Hoque, Nazrul, Dhruba K. Bhattacharyya, and Jugal K. Kalita. "Botnet in DDoS attacks: trends and challenges." IEEE Communications Surveys & Tutorials 17, no. 4 (2015): 2242-2270.
11. Mousavi, Seyed Mohammad, and Marc St-Hilaire. "Early detection of DDoS attacks against SDN controllers." In 2015 international conference on computing, networking and communications (ICNC), pp. 77-81. IEEE, 2015.
12. Ashraf, Javed, and Seemab Latif. "Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques." In 2014 National software engineering conference, pp. 55-60. IEEE, 2014.
13. Balkanli, Eray, Jander Alves, and A. Nur Zincir-Heywood. "Supervised learning to detect DDoS attacks." In 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 1-8. IEEE, 2014.
14. Kumar, Alok, Sandeep Kumar Shukla, Archana Sharma, and Pranay Yadav. "A Robust Approach for Image Super-Resolution using Modified Very Deep Convolution
ACCENT JOURNAL OF ECONOMICS ECOLOGY & ENGINEERING Peer Reviewed and Refereed Journal, ISSN NO. 2456-1037 Available Online: www.ajeee.co.in/index.php/AJEEE Networks."In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), pp. 259-265. IEEE, 2022.
15. Mishra, Akhil, Ritu Shrivastava, and Pranay Yadav."A Modified Cascaded Feed Froward Neural Network Distributed Denial of Service Attack Detection using Improved Regression based Machine Leaning Approach."In 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI), pp. 1292-1299. IEEE, 2022.
16. Tiwari, Sandeep, Nitesh Gupta, and Pranay Yadav. "Diabetes Type2 Patient Detection Using LASSO Based CFFNN Machine Learning Approach."In 2021 8th International Conference on Signal Processing and Integrated Networks (SPIN), pp. 602-608. IEEE, 2021.
17. Tiwary, Abhigyan, M. Kumar, and Pranay Yadav."Prediction of Covid-19 Patient in United States of America Using Prophet Model." In 2021 International Conference on Advances in Technology, Management & Education (ICATME), pp. 94-99. IEEE, 2021.
18. Tiwari, Prayag, Pranay Yadav, Sachin Kumar, Brojo Kishore Mishra, Gia Nhu Nguyen, Sarada Prasad Gochhayat, Jagendra Singhk, and Mukesh Prasad. "Sentiment analysis for airlines services based on Twitter dataset." Social Network Analytics: Computational Research Methods and Techniques 149 (2018).
19. Singh, Jagendra, Mukesh Prasad, Yousef Awwad Daraghmi, Prayag Tiwari, Pranay Yadav, Neha Bharill, Mahardhika Pratama, and Amit Saxena. "Fuzzy logic hybrid model with semantic filtering approach for pseudo relevance feedback-based query expansion." In 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1-7. Ieee, 2017.
20. Image Processing & Video Processing
21. Chavate, Shrikant, Ravi Mishra, and Pranay Yadav. "A Comparative Analysis of Video Shot Boundary Detection using Different Approaches." In 2021 10th International Conference on System Modeling & Advancement in Research Trends (SMART), pp. 1-7. IEEE, 2021.
22. Yadav, Pranay. "Color image noise removal by modified adaptive threshold median filter for RVIN." In 2015 International Conference on Electronic Design, Computer Networks &
Automated Verification (EDCAV), pp. 175-180. IEEE, 2015.
23. Sharma, Shachi, and Pranay Yadav. "Removal of fixed valued impulse noise by improved Trimmed Mean Median filter." In 2014 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1-8. IEEE, 2014.
24. Yadav, Pranay, and Parool Singh. "Color impulse noise removal by modified alpha trimmed median mean filter for FVIN." In 2014 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1-8. IEEE, 2014.
25. Gupta, Vikas, Dilip Kumar Gandhi, and Pranay Yadav."Removal of fixed value impulse noise using improved mean filter for image enhancement."In 2013 Nirma University International Conference on Engineering (NUiCONE), pp. 1-5. IEEE, 2013.
