DETECTING AND CONFRONTING DISTRIBUTED DENIAL OF SERVICE CYBER-ATTACKS USING PEARSON CORRELATION COEFFICIENT IN SOFTWARE DEFINED NETWORKS
Document Type : Original Article
Authors
1 1. PhD student of Information Technology Engineering, Faculty of Modern Sciences and Technologies, University of Tehran , Tehran, Iran
2 Department of Computer Engineering and Information Technology, University of Qom, Qom, Iran.
Abstract
Today, with the advent of software defined networking (SDN) in organizations, the architecture of SDN has replaced the traditional networking which has gained benefits in organization management as well.
By separating data control section from data transfer section, SDN provides numerous advantages such as better controllability, dynamic management, and optimal use of bandwidth and network resources; however, it is still vulnerable to denial of service attacks.
This way, invaders would be able to overrun software and hardware resources of the network, and they could interrupt user’s accessibility to these services.
That’s why, we have simulated and inspected denial of service attacks and different ways to confront these perils in software defined networking. Plus, in the proposed algorithm, we have used Pearson correlation coefficient in order to recognize these types of attacks.
Then, we have used MiniNet simulator and OpenDayLight controller to assess the proposed algorithm; and finally, we have represented the competence and advantages of the proposed algorithm in respect to the previous algorithm.
By separating data control section from data transfer section, SDN provides numerous advantages such as better controllability, dynamic management, and optimal use of bandwidth and network resources; however, it is still vulnerable to denial of service attacks.
This way, invaders would be able to overrun software and hardware resources of the network, and they could interrupt user’s accessibility to these services.
That’s why, we have simulated and inspected denial of service attacks and different ways to confront these perils in software defined networking. Plus, in the proposed algorithm, we have used Pearson correlation coefficient in order to recognize these types of attacks.
Then, we have used MiniNet simulator and OpenDayLight controller to assess the proposed algorithm; and finally, we have represented the competence and advantages of the proposed algorithm in respect to the previous algorithm.
Keywords
فهرست منابع و مآخذ
الف- منابع فارسی
- ملائی، علی؛ کارگری، مهرداد و خراشادیزاده، محمدرضا (1397)، الگوی بازدارندگی در فضای
سایبر بر اساس نظریه بازیها، فصلنامه امنیت ملی، 8 (29)، 172-141.
- Akyildiz, I. F., Lee, A., Wang, P., Luo, M., & Chou, W. (2016). Research challenges for traffic engineering in software defined networks. IEEE Network, 30(3), 52–58. https://doi.org/10.1109/MNET.2016.7474344
- Bawany, N. Z., Shamsi, J. A., & Salah, K. (2017). DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions. Arabian Journal for Science and Engineering, 42(2), 425–441. https://doi.org/10.1007/s13369-017-2414-5
- Burduk, R., Jackowski, K., Kurzyński, M., Woźniak, M., & Żołnierek, A. (2016). Proceedings of the 9th international conference on computer recognition systems CORES 2015. Advances in Intelligent Systems and Computing, 403, 797–806. https://doi.org/10.1007/978-3-319-26227-7
- Callaghan, O., Security, S. S. D. N., In, A. S., & Sdn, I. (2013). SDN Security : A Survey Queen ’ s University Belfast - Research Portal SDN Security : A Survey. 1– https://doi.org/10.1109/SDN4FNS.2013.6702553
- Chen, K. Y., Junuthula, A. R., Siddhrau, I. K., Xu, Y., & Chao, H. J. (2017). SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane. 2016 IEEE Conference on Communications and Network Security, CNS 2016, 28–36. https://doi.org/10.1109/CNS.2016.7860467
- Dao, N. N., Park, J., Park, M., & Cho, S. (2015). A feasible method to combat against DDoS attack in SDN network. International Conference on Information Networking, 2015-Janua, 309–311. https://doi.org/10.1109/ICOIN.2015.7057902
- Ge, M., Hong, J. B., Yusuf, S. E., & Kim, D. S. (2018). Proactive defense mechanisms for the software-defined Internet of Things with non-patchable vulnerabilities. Future Generation Computer Systems, 78, 568–582. https://doi.org/10.1016/j.future.2017.07.008
- Gkountis, C., Taha, M., Lloret, J., & Kambourakis, G. (2018). Lightweight algorithm for protecting SDN controller against DDoS attacks. Proceedings - WMNC 2017: 10th Wireless and Mobile Networking Conference, 2018-Janua(April 2018), 1–6. https://doi.org/10.1109/WMNC.2017.8248858
- Jian-rui, C., Zeng-ying, H. E., & Yong-cheng, L. (2010). Design of Network Intrusion Detection System on IPv6. Computer, 9.
- Kamesh, & Sakthi Priya, N. (2014). Gbaam. International Journal of Applied Engineering Research, 9(22), 5968–5974. https://doi.org/10.1002/sec
- Kandoi, R., & Antikainen, M. (2015). Denial-of-service attacks in OpenFlow SDN networks. Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM 2015, 1322–1326. https://doi.org/10.1109/INM.2015.7140489
- Kreutz, D., Ramos, F. M. V., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2015). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14–76. https://doi.org/10.1109/JPROC.2014.2371999
- Kreyszig, E. (2010). Advanced Engineering Mathemathics, 10th Ed. Wiley, 14. https://doi.org/10.2307/3612523
- Lim, S., Ha, J., Kim, H., Kim, Y., & Yang, S. (2014). A SDN-oriented DDoS blocking scheme for botnet-based attacks. International Conference on Ubiquitous and Future Networks, ICUFN, 63–68. https://doi.org/10.1109/ICUFN.2014.6876752
- Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39. https://doi.org/10.1145/997150.997156
- Mousavi, S. M., & St-Hilaire, M. (2015). Early detection of DDoS attacks against SDN controllers. 2015 International Conference on Computing, Networking and Communications, ICNC 2015, 77–81. https://doi.org/10.1109/ICCNC.2015.7069319
- Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., & Gu, G. (2012). FortNox-HotSDN2012. 121–126.
- Raghavan, B., Ghodsi, A., Ratnasamy, S., Shenker, S., & Berkeley, I. U. C. (2012). Software-Defined Internet Architecture.pdf.
- Sengar, H., Wang, H., Wijesekera, D., & Jajodia, S. (2008). Detecting voIP floods using the hellinger distance. IEEE Transactions on Parallel and Distributed Systems, 19(6), 794–805. https://doi.org/10.1109/TPDS.2007.70786
- Shalimov, A., Zuikov, D., Zimarina, D., Pashkov, V., & Smeliansky, R. (2014). Advanced study of SDN/OpenFlow controllers. (October), 1–6. https://doi.org/10.1145/2556610.2556621
- Yao, Z., & Yan, Z. (2016). Security in software-defined-networking: A survey. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10066 LNCS(December), 319–322. https://doi.org/10.1007/978-3-319-49148-6_27
- Yin, D., Zhang, L., & Yang, K. (2018). A DDoS Attack Detection and Mitigation with Software-Defined Internet of Things Framework. IEEE Access, 6(c), 24694–24705. https://doi.org/10.1109/ACCESS.2018.2831284
- Yonghong Chen, Xinlei Ma, & Xinya Wu. (2013). DDoS Detection Algorithm Based on Preprocessing Network Traffic Predicted Method and Chaos Theory. IEEE Communications Letters, 17(5), 1052–1054. https://doi.org/10.1109/lcomm.2013.031913.130066
)