A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)
نویسندگان
چکیده
Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. We propose a deep learning based multi-vector DDoS detection system in a software-defined network (SDN) environment. SDN provides flexibility to program network devices for different objectives and eliminates the need for third-party vendor-specific hardware. We implement our system as a network application on top of an SDN controller. We use deep learning for feature reduction of a large set of features derived from network traffic headers. We evaluate our system based on different performance metrics by applying it on traffic traces collected from different scenarios. We observe high accuracy with a low false-positive for attack detection in our proposed system.
منابع مشابه
Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملAnomaly Based DDoS Attack Detection Mechanism using SDN in Cloud computing
: Cloud computing has recently came into view as a new paradigm for hosting and delivering services over the Internet. Cloud computing is captivating to business owners as it eliminates the requirement for users to plan ahead for providing, and allows enterprises to start from the small and increase resources only when there is a rise in service demand. Meanwhile, Software Defined Networking (S...
متن کاملDetection of DDoS Attacks Against Wireless SDN Controllers Based on the Fuzzy Synthetic Evaluation Decision-making Model
Software Defined Networking (SDN) is a new network architecture that separates the control plane and the data plane and provides logically central control over the whole network. Because SDN controller combines the upper application layer and the underlying infrastructure layer, it may face the problem of single-point failure. If it is made unreachable by a Distributed Denial of Service (DDoS) ...
متن کاملTowards Autonomic DDoS Mitigation using Software Defined Networking
Distributed Denial of Service attacks (DDoS) have remained as one of the most destructive attacks in the Internet for over two decades. Despite tremendous efforts on the design of DDoS defense strategies, few of them have been considered for widespread deployment due to strong design assumptions on the Internet infrastructure, prohibitive operational costs and complexity. Recently, the emergenc...
متن کاملSoftware-Defined Networking with DDoS Attacks in Cloud Computing
Although software-defined networking (SDN) brings numerous benefits by decoupling the control plane from the data plane, there is a contradictory relationship between SDN and distributed denial-of-service (DDoS) attacks. On one hand, the capabilities of SDN make it easy to detect and to react to DDoS attacks. On the other hand, the separation of the control plane from the data plane of SDN intr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- ICST Trans. Security Safety
دوره 4 شماره
صفحات -
تاریخ انتشار 2017