Abstract
Distributed Denial of Service (DDoS) attacks represent the most common and critical attacks targeting conventional and new generation networks, such as the Internet of Things (IoT), cloud computing, and fifth-generation (5G) communication networks. In recent years, DDoS attacks have become not only massive but also sophisticated. Software-Defined Networking (SDN) technology has demonstrated effectiveness in counter-measuring complex attacks since it provides flexibility on global network monitoring and inline network configuration. Although several works have proposed to detect DDoS attacks, most of them did not use up-to-date datasets that contain the newest threats. Furthermore, only a few previous works assessed their solutions using simulated scenarios, easing the migration to production networks. This document presents the implementation of a modular and flexible SDN-based architecture to detect transport and application layer DDoS attacks using multiple Machine Learning (ML) and Deep Learning (DL) models. Exploring diverse ML/DL methods allowed us to resolve which methods perform better under different attack types and conditions. We tested the ML/DL models using two up-to-date security datasets, namely CICDoS2017 and CICDDoS2019 datasets, and they showed accuracy above 99% on classifying unseen traffic (testing set). We also deployed a simulated environment using the network emulator Mininet and the Open Network Operating System (ONOS) SDN controller. In this experimental setup, we demonstrated high detection rates, above 98% for transport DDoS attacks and up to 95% for application-layer DDoS attacks.
Highlights
T HE Denial of Service and Distributed Denial of Service (DoS/DDoS) attacks continue to be the most frequent and worst threats targeting conventional and new generation network environments, such as Internet of Things (IoT) [1], cloud computing [2], and fifth-generation (5G) communication networks [3]
We evaluated three Machine Learning (ML) methods, namely, support vector machine (SVM), random forest (RF), K-nearest neighbor (K-NN), and four Deep Learning (DL) mechanisms, namely, multilayer perceptron (MLP), convolutional neural network (CNN), gated recurrent units (GRU), and long short-term memory (LSTM) neural network, to detect DoS/DDoS attacks
In the case of the time complexity, as we proposed to inspect the traffic through individual flow analysis, we measured the number of flows per second the ML/DL methods can analyze, and classify the flows
Summary
T HE Denial of Service and Distributed Denial of Service (DoS/DDoS) attacks continue to be the most frequent and worst threats targeting conventional and new generation network environments, such as Internet of Things (IoT) [1], cloud computing [2], and fifth-generation (5G) communication networks [3]. DoS/DDoS attacks have become more frequent and critical, and smarter over time. Transport layer DDoS threats, such as TCP-SYN, UDP, and network layer like ICMP flooding, were the most common threats to networks. As the state-of-the-art detection techniques, such as Machine Learning (ML) and Deep Learning (DL), became capable of detecting these threats, more complex and specialized DDoS attacks appeared, namely, applicationlayer attacks. DoS/DDoS application-layer attacks are more sophisticated and dedicated threats that affect the servers’ resources.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
