We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model

by Abdul-wadud Alhasan, Sonjie Wei
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 175 - Number 39
Year of Publication: 2020
Authors: Abdul-wadud Alhasan, Sonjie Wei
10.5120/ijca2020920961

Abdul-wadud Alhasan, Sonjie Wei . Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model. International Journal of Computer Applications. 175, 39 ( Dec 2020), 33-41. DOI=10.5120/ijca2020920961

@article{ 10.5120/ijca2020920961,
author = { Abdul-wadud Alhasan, Sonjie Wei },
title = { Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2020 },
volume = { 175 },
number = { 39 },
month = { Dec },
year = { 2020 },
issn = { 0975-8887 },
pages = { 33-41 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume175/number39/31710-2020920961/ },
doi = { 10.5120/ijca2020920961 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:40:42.977771+05:30
%A Abdul-wadud Alhasan
%A Sonjie Wei
%T Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model
%J International Journal of Computer Applications
%@ 0975-8887
%V 175
%N 39
%P 33-41
%D 2020
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The introduction of Software Defined Networking (SDN) as a panacea to the global demand for a more secure and highly dependable internet infrastructure has also brought along security issues. The adoption of OpenFlow Protocol (OFP) by SDN as the way of communication between controllers and switches, has not only brought about easy and direct manipulation of data for enhanced packet forwarding policies, but also renders the network vulnerable to security issues (DDoS attacks) since the OpenFlow (OF) switch has to ask the controller to install new rules for any new incoming packet. In this work, the capability of SDN in handling security threats that arise from the above vulnerability is proven. This work seeks to design and implement a DDoS detection model that uses Hidden Markov Model (HMM) for detecting abnormal traffic (OpenFlow flooding attacks) directed towards the SDN controller aimed at destabilizing the flow of normal network traffic among users in a software-defined networking environment. The experiment achieved an accuracy of 94.3% in classifying network traffic with 5.7% false positive rate. The feasibility of this approach is proven by building a test scenario to simulate the approach with POX controller and OpenFlow switches.

References
  1. F. Mattern and C. Floerkemeier, “From the internet of computers to the internet of things,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2010, vol. 6462 LNCS, pp. 242–259, doi: 10.1007/978-3-642-17226-7_15.
  2. Z. Wan, “Cloud Computing infrastructure for latency sensitive applications,” in International Conference on Communication Technology Proceedings, ICCT, 2010, pp. 1399–1402, doi: 10.1109/ICCT.2010.5689022.
  3. D. K. Bhattacharyya and J. K. Kalita, Network Anomaly Detection. 2013.
  4. Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys and Tutorials, vol. 18, no. 1. Institute of Electrical and Electronics Engineers Inc., pp. 602–622, Jan. 01, 2016, doi: 10.1109/COMST.2015.2487361.
  5. M. Suh, S. H. Park, B. Lee, and S. Yang, “Building firewall over the software-defined network controller,” in International Conference on Advanced Communication Technology, ICACT, 2014, pp. 744–748, doi: 10.1109/ICACT.2014.6779061.
  6. D. Kreutz, F. M. V. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in HotSDN 2013 - Proceedings of the 2013 ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 55–60, doi: 10.1145/2491185.2491199.
  7. R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proceedings - Conference on Local Computer Networks, LCN, 2010, pp. 408–415, doi: 10.1109/LCN.2010.5735752.
  8. S. Shin, S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks,” Accessed: Apr. 20, 2020. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.645.5293.
  9. S. Shin et al., “Rosemary: A Robust, Secure, and High-Performance Network Operating System,” Accessed: Apr. 20, 2020. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.650.2722.
  10. Z. Fan, Y. Xiao, A. Nayak, and C. Tan, “An improved network security situation assessment approach in software defined networks,” Peer-to-Peer Netw. Appl., vol. 12, no. 2, pp. 295–309, Mar. 2019, doi: 10.1007/s12083-017-0604-2.
  11. R. Mohammadi, R. Javidan, and M. Conti, “SLICOTS: An SDN-based lightweight countermeasure for TCP SYN flooding attacks,” IEEE Trans. Netw. Serv. Manag., vol. 14, no. 2, pp. 487–497, Jun. 2017, doi: 10.1109/TNSM.2017.2701549.
  12. L. R. Rabiner, “A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition,” Proc. IEEE, vol. 77, no. 2, pp. 257–286, 1989, doi: 10.1109/5.18626.
  13. “Weka tutorial: machine learning & data mining.” https://wekatutorial.com/ (accessed May 17, 2020).
  14. R. Swami, M. Dave, and V. Ranga, “Software-defined Networking-based DDoS Defense Mechanisms,” ACM Comput. Surv., vol. 52, no. 2, pp. 1–36, May 2019, doi: 10.1145/3301614.
  15. D. K. Bhattacharyya, Network anomaly detection?: a machine learning perspective. 2013.
Index Terms

Computer Science
Information Sciences

Keywords

OpenFlow Mininet OpenFlow (OF) SDN Hidden Markov Model (HMM)

Powered by PhDFocusTM