Affiliation:
1. Computer Engineering Department, University of Technology-Iraq, Baghdad P.O. Box 10071, Iraq
Abstract
The software defined network (SDN) collects network traffic data and proactively manages networks. SDN’s programmability makes it excellent for developing distributed applications, cybersecurity, and decentralized network control in multitenant data centers. This exceptional architecture is vulnerable to security concerns, such as distributed denial of service (DDoS) attacks. DDoS attacks can be very serious due to the fact that they prevent authentic users from accessing, temporarily or indefinitely, resources they would normally expect to have. Moreover, there are continuous efforts from attackers to produce new techniques to avoid detection. Furthermore, many existing DDoS detection methods now in use have a high potential for producing false positives. This motivates us to provide an overview of the research studies that have already been conducted in this area and point out the strengths and weaknesses of each of those approaches. Hence, adopting an optimal detection method is necessary to overcome these issues. Thus, it is crucial to accurately detect abnormal flows to maintain the availability and security of the network. In this work, we propose hybrid deep learning algorithms, which are the long short-term memory network (LSTM) and convolutional neural network (CNN) with a stack autoencoder for DDoS attack detection and checkpoint network, which is a fault tolerance strategy for long-running processes. The proposed approach is trained and tested with the aid of two DDoS attack datasets in the SDN environment: the DDoS attack SDN dataset and Botnet dataset. The results show that the proposed model achieves a very high accuracy, reaching 99.99% in training, 99.92% in validation, and 100% in precision, recall, and F1 score with the DDoS attack SDN dataset. Also, it achieves 100% in all metrics with the Botnet dataset. Experimental results reveal that our proposed model has a high feature extraction ability and high performance in detecting attacks. All performance metrics indicate that the proposed approach is appropriate for a real-world flow detection environment.
Subject
Computer Networks and Communications
Reference29 articles.
1. Urrea, C., and Benítez, D. (2021). Software-Defined Networking Solutions, Architecture and Controllers for the Industrial Internet of Things: A Review. Sensors, 21.
2. Nadeau, T.D., and Gray, K. (2013). SDN: Software Defined Networks, O’Reilly Media.
3. The Road to SDN: An Intellectual History of Programmable Networks;Feamster;ACM SIGCOMM Comput. Commun. Rev.,2014
4. Solutions to Vulnerabilities and Threats in Software Defined Networking (SDN);Pradhan;Procedia Comput. Sci.,2020
5. Silva, F.S.D., Silva, E., Neto, E.P., Lemos, M., Neto, A.J.V., and Esposito, F. (2020). A Taxonomy of DDoS Attack Mitigation Approaches Featured by SDN Technologies in IoT Scenarios. Sensors, 20.
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献