Abstract
Software-Defined Networking (SDN) is a contemporary and growing technology in the field of networking. It has the benefit of decoupling the infrastructure layer and the control layer thus enabling automated provisioning. Though the SDN offers numerous benefits, such as dynamic programmability, elevated bandwidth, and cost-effectiveness, it is exposed to several security issues. The most significant issue that needs to be addressed in SDN is the Distributed Denial of Service (DDoS) attack. We propose an Intelligent Proactive Routing (IPR) model to detect and mitigate the DDOS attack. The objective of our proposed model is to reduce the controller overhead, improve accuracy of detecting attacks in minimum time period, and also minimize performance degradation. The novelty of this approach is to integrate the SFlow with the Open Flow controller to lower the overhead of the control layer. And the flow rules are inserted proactively, to avoid packet loss and unavailability of service during an attack. We evaluated our proposed model with standard algorithms, and the results reveal less detection and computational time with an average of 5secs and high accuracy of 99%. The overall results show how large the network is, in which this model can perform efficiently.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Afaq M, Rehman S, Song WC (2015) Large flows detection, marking, and mitigation based on sFlow standard in SDN. J Korea Multimed Soc 18(2):189–198
Ahalawat A, Dash SS, Panda A, Babu KS (2019) Entropy based DDoS detection and mitigation in openflow enabled SDN. In 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN) (pp 1–5). IEEE
Alessio B, Walter de D, Alberto DB, Robert F, Jason EG (2019) Managing a communications system based on software defined networking (sdn) architecture U.S. patent application No. 16/195,149
Bawany NZ, Shamsi JA, Salah K (2017) DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng 42(2):425–441
Berde P, Gerola M, Hart J, Higuchi Y, Kobayashi M, Koide T, Parulkar G (2014) ONOS: towards an open, distributed SDN OS. In Proceedings of the third workshop on Hot topics in software defined networking ACM (pp. 1–6)
Bholebawa IZ, Dalal UD (2018) Performance analysis of sdn/openflow controllers: Pox versus floodlight. Wirel Pers Commun 98(2):1679–1699
Bhushan K, Gupta BB (2019) Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J Ambient Intell Humaniz Comput 10(5):1985–1997
Bispo P, Corujo D, Aguiar RL (2017) A qualitative and quantitative assessment of sdn controllers. In 2017 International young engineers forum (YEF-ECE) IEEE (pp. 6–11)
Dev S, Wen B, Lee YH, Winkler S (2016) Ground-based image analysis: a tutorial on machine-learning techniques and applications. IEEE Geosci Remote Sens Mag 4(2):79–93
Dixit A, Hao F, Mukherjee S, Lakshman TV, Kompella R (2013) Towards an elastic distributed SDN controller. ACM SIGCOMM Comput Commun Rev 43(4):7–12
Dotcenko S, Vladyko A, Letenko I (2014) A fuzzy logic-based information security management for software-defined networks. In 16th International Conference on Advanced Communication Technology (pp 167–171). IEEE
Dridi L, Zhani MF (2016) SDN-guard: DoS attacks mitigation in SDN networks. In 2016 5th IEEE International Conference on Cloud Networking (Cloudnet) (pp 212–217). IEEE
Elsayed MS, Le-Khac NA, Dev S, Jurcut AD (2019) Machine-learning techniques for detecting attacks in SDN. arXiv preprintarXiv:1910.00817
Erin Moriarty-Siler (2014) what is opendaylight controller? AKA: Opendaylight platform URL: https://www.sdxcentral.com/networking/sdn/definitions/opendaylight-controller/
Gao S, Peng Z, Xiao B, Hu A, Song Y, Ren K (2020) Detection and mitigation of DoS attacks in software defined networks. IEEE/ACM Trans Net. https://doi.org/10.1109/TNET.2020.2983976
Hatagundi MD, Kumaraswamy HV (2019) A comprehensive survey on different attacks on SDN and approaches to mitigate. In 2019 3rd International Conference on Computing Methodologies and Communication (ICCMC) (pp 624–627). IEEE
Hu D, Hong P, Chen Y (2017) FADM: DDoS flooding attack detection and mitigation system in software-defined networking. In GLOBECOM 2017–2017 IEEE Global Communications Conference (pp. 1–7). IEEE
Jin R, Wang B (2013) Malware detection for mobile devices using software-defined networking. In 2013 Second GENI research and educational experiment workshop (pp. 81–88). IEEE
Karmakar KK, Varadharajan V, Tupakula U (2019) Mitigating attacks in software defined networks. Clust Comput 22(4):1143–1157
Koulouzis S, Belloum AS, Bubak MT, Zhao Z, Živković M, de Laat CT (2016) SDN-aware federation of distributed data. Futur Gener Comput Syst 56:64–76
Kreutz D, Ramos F, Verissimo P, Rothenberg CE, Azodolmolky S, Uhlig S (2014) Software-defined networking: a comprehensive survey. arXiv preprint arXiv:1406.0440
Krishnan P, Duttagupta S, Achuthan K (2019) VARMAN: multi-plane security framework for software defined networks. Comput Commun 148:215–239
Kuerban M, Tian Y, Yang Q, Jia Y, Huebert B, Poss D (2016) Flowsec: DOS attack mitigation strategy on SDN controller. In 2016 IEEE International Conference on Networking, Architecture and Storage (NAS) (pp 1–2)
Lee S, Kim T, Kim T (2017) Performance analysis and optimization of opendaylight controller in distributed cluster environment. KIPS Trans Comput Commun Syst 6(11):453–462
Li C, Wu Y, Yuan X, Sun Z, Wang W, Li X, Gong L (2018) Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN. Int J Commun Syst 31(5):e3497
Linux Foundation (2016) what is Open vSwitch? URL: http://docs.openvswitch.org/en/ latest/intro/what-is-ovs/
Liu B, Yu P, Chen F, Chen F, Xue-song Q, Shi L (2019) Risk-aware service routes planning for system protection communication network in energy internet. In 2019 IFIP/IEEE Symposium on integrated network and service management (IM) (pp. 295–303). IEEE
Mehdi SA, Khalid J, Khayam SA (2011) Revisiting traffic anomaly detection using software defined networking. In International workshop on recent advances in intrusion detection (pp. 161–180). Springer, Berlin, Heidelberg
Mehr SY, Ramamurthy B (2019) An SVM based DDoS attack detection method for Ryu SDN controller. In Proceedings of the 15th International Conference on Emerging Networking Experiments and Technologies (pp 72–73). ACM
Mininet team (2018) Emulator: mininet overview in url : http://mininet.org/overview/
Nwosu CS, Dev S, Bhardwaj P, Veeravalli B, John D (2019) Predicting stroke from electronic health records. arXiv preprint arXiv:1904.11280
Parewa labs python programming: https://www.programiz.com/python-programming
Rana DS, Dhondiyal SA, Chamoli SK (2019) Software defined networking (SDN) challenges, issues and solution. Int J Comput Sci Eng 7(1):884–889
Rojas E, Doriguzzi-Corin R, Tamurejo S, Beato A, Schwabe A, Phemius K, Guerrero C (2018) Are we ready to drive software-defined networks? A comprehensive survey on management tools and techniques. ACM Comput Surv (CSUR) 51(2):27
Sarang Narkhede (2018) Understanding AUC—ROC curve towards data science url: https://towardsdatascience.com/understanding-auc-roc-curve-68b2303cc9c5
SDx central staff (2013) what is openflow? definition and how it relates to SDN? url: https://www.sdxcentral.com/networking/sdn/definitions/what-is-openflow/
Shin SW, Porras P, Yegneswara V, Fong M, Gu G, Tyson M (2013) Fresco: modular composable security services for software-defined networks. In 20th annual network and distributed system security symposium. Ndss
Singh PK, Jha SK, Nandi SK, Nandi S (2018) ML-based approach to detect DDoS attack in V2I communication under SDN architecture. In TENCON 2018–2018 IEEE Region 10 Conference (pp 0144–0149). IEEE.
Stefano A, Antonio P (2013) D-ITG distributed internet traffic generator documentation is in the following URL: http://www.grid.unina.it/software/ITG/ documentation.php
Szwaczyk S, Wrona K, Amanowicz M (2018) Applicability of risk analysis methods to risk-aware routing in software-defined networks. In 2018 International Conference on Military Communications and Information Systems (ICMCIS) (pp. 1–7). IEEE
Ujjan RMA, Pervez Z, Dahal K, Bashir AK, Mumtaz R, González J (2019) Towards sflow and adaptive polling sampling for deep learning based DDoS detection in SDN. Fut Gen Comput Syst
Wang H, Xu L, Gu G (2015) Floodguard: a dos attack prevention extension in software-defined networks. In 2015 45th annual IEEE/IFIP International Conference on Dependable Systems and Networks (pp 239–250). IEEE
Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In 2015 IEEE trustcom/bigdataSE/ISPA (Vol. 1, pp. 310–317). IEEE
Zhang H, Wang Y, Chen H, Zhao Y, Zhang J (2017) Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks. Opt Fiber Technol 39:37–42
Zhou D, Yan Z, Fu Y, Yao Z (2018) A survey on network data collection. J Netw Comput Appl 116:9–23
Zhou D, Yan Z, Liu G, Atiquzzaman M (2019) An adaptive network data collection system in SDN. IEEE Trans Cogn Commun Netw. https://doi.org/10.1109/TCCN.2019.2956141
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Pradeepa, R., Pushpalatha, M. IPR: Intelligent Proactive Routing model toward DDoS attack handling in SDN. J Supercomput 77, 12355–12381 (2021). https://doi.org/10.1007/s11227-021-03750-3
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-021-03750-3