Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model

Abdul-wadud Alhasan; Sonjie Wei

Call for Paper

May Edition

IJCA solicits high quality original research papers for the upcoming May edition of the journal. The last date of research paper submission is 22 April 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Analysis of Randomized Performance of Bias Parameters and Activation Function of Extreme Learning Machine

February

2016

Hardware Implementation of FFT using Vertically and Crosswise Algorithm

December

2011

Security and Privacy of Image by Encryption, Lossy Compression and Iterative Reconstruction

January

2013

Empirical Characterization of Propagation Path Loss and Performance Evaluation for Co-Site Urban Environment

May

2013

Reseach Article

Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model

by Abdul-wadud Alhasan, Sonjie Wei

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 175 - Number 39

Year of Publication: 2020

Authors: Abdul-wadud Alhasan, Sonjie Wei

10.5120/ijca2020920961

Abdul-wadud Alhasan, Sonjie Wei . Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model. International Journal of Computer Applications. 175, 39 ( Dec 2020), 33-41. DOI=10.5120/ijca2020920961

@article{ 10.5120/ijca2020920961,

author = { Abdul-wadud Alhasan, Sonjie Wei },

title = { Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model },

journal = { International Journal of Computer Applications },

issue_date = { Dec 2020 },

volume = { 175 },

number = { 39 },

month = { Dec },

year = { 2020 },

issn = { 0975-8887 },

pages = { 33-41 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume175/number39/31710-2020920961/ },

doi = { 10.5120/ijca2020920961 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-07T00:40:42.977771+05:30

%A Abdul-wadud Alhasan

%A Sonjie Wei

%T Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model

%J International Journal of Computer Applications

%@ 0975-8887

%V 175

%N 39

%P 33-41

%D 2020

%I Foundation of Computer Science (FCS), NY, USA

Abstract

The introduction of Software Defined Networking (SDN) as a panacea to the global demand for a more secure and highly dependable internet infrastructure has also brought along security issues. The adoption of OpenFlow Protocol (OFP) by SDN as the way of communication between controllers and switches, has not only brought about easy and direct manipulation of data for enhanced packet forwarding policies, but also renders the network vulnerable to security issues (DDoS attacks) since the OpenFlow (OF) switch has to ask the controller to install new rules for any new incoming packet. In this work, the capability of SDN in handling security threats that arise from the above vulnerability is proven. This work seeks to design and implement a DDoS detection model that uses Hidden Markov Model (HMM) for detecting abnormal traffic (OpenFlow flooding attacks) directed towards the SDN controller aimed at destabilizing the flow of normal network traffic among users in a software-defined networking environment. The experiment achieved an accuracy of 94.3% in classifying network traffic with 5.7% false positive rate. The feasibility of this approach is proven by building a test scenario to simulate the approach with POX controller and OpenFlow switches.

References

F. Mattern and C. Floerkemeier, “From the internet of computers to the internet of things,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2010, vol. 6462 LNCS, pp. 242–259, doi: 10.1007/978-3-642-17226-7_15.
Z. Wan, “Cloud Computing infrastructure for latency sensitive applications,” in International Conference on Communication Technology Proceedings, ICCT, 2010, pp. 1399–1402, doi: 10.1109/ICCT.2010.5689022.
D. K. Bhattacharyya and J. K. Kalita, Network Anomaly Detection. 2013.
Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys and Tutorials, vol. 18, no. 1. Institute of Electrical and Electronics Engineers Inc., pp. 602–622, Jan. 01, 2016, doi: 10.1109/COMST.2015.2487361.
M. Suh, S. H. Park, B. Lee, and S. Yang, “Building firewall over the software-defined network controller,” in International Conference on Advanced Communication Technology, ICACT, 2014, pp. 744–748, doi: 10.1109/ICACT.2014.6779061.
D. Kreutz, F. M. V. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in HotSDN 2013 - Proceedings of the 2013 ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 55–60, doi: 10.1145/2491185.2491199.
R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proceedings - Conference on Local Computer Networks, LCN, 2010, pp. 408–415, doi: 10.1109/LCN.2010.5735752.
S. Shin, S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks,” Accessed: Apr. 20, 2020. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.645.5293.
S. Shin et al., “Rosemary: A Robust, Secure, and High-Performance Network Operating System,” Accessed: Apr. 20, 2020. [Online]. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.650.2722.
Z. Fan, Y. Xiao, A. Nayak, and C. Tan, “An improved network security situation assessment approach in software defined networks,” Peer-to-Peer Netw. Appl., vol. 12, no. 2, pp. 295–309, Mar. 2019, doi: 10.1007/s12083-017-0604-2.
R. Mohammadi, R. Javidan, and M. Conti, “SLICOTS: An SDN-based lightweight countermeasure for TCP SYN flooding attacks,” IEEE Trans. Netw. Serv. Manag., vol. 14, no. 2, pp. 487–497, Jun. 2017, doi: 10.1109/TNSM.2017.2701549.
L. R. Rabiner, “A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition,” Proc. IEEE, vol. 77, no. 2, pp. 257–286, 1989, doi: 10.1109/5.18626.
“Weka tutorial: machine learning & data mining.” https://wekatutorial.com/ (accessed May 17, 2020).
R. Swami, M. Dave, and V. Ranga, “Software-defined Networking-based DDoS Defense Mechanisms,” ACM Comput. Surv., vol. 52, no. 2, pp. 1–36, May 2019, doi: 10.1145/3301614.
D. K. Bhattacharyya, Network anomaly detection?: a machine learning perspective. 2013.

Index Terms

Computer Science

Information Sciences

Keywords

OpenFlow Mininet OpenFlow (OF) SDN Hidden Markov Model (HMM)