TPAAD: Two-phase authentication system for denial of service attack detection and mitigation using machine learning in software-defined network

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Network Management Pub Date : 2024-01-12 DOI:10.1002/nem.2258

Najmun Nisa, Adnan Shahid Khan, Zeeshan Ahmad, Johari Abdullah

{"title":"TPAAD: Two-phase authentication system for denial of service attack detection and mitigation using machine learning in software-defined network","authors":"Najmun Nisa, Adnan Shahid Khan, Zeeshan Ahmad, Johari Abdullah","doi":"10.1002/nem.2258","DOIUrl":null,"url":null,"abstract":"<p>Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead.</p>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"34 3","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/nem.2258","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.2258","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead.

Abstract Image

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

TPAAD：在软件定义网络中利用机器学习检测和缓解拒绝服务攻击的两阶段认证系统

软件定义网络（SDN）因其固有的优势（如增强的可扩展性、更高的适应性和集中控制能力）而受到广泛关注和采用。然而，系统的控制平面容易受到拒绝服务（DoS）攻击，这是攻击者的主要关注点。这些攻击有可能导致严重的延迟和数据包丢失。在本研究中，我们提出了一种名为 "攻击检测两阶段认证 "的新型系统，旨在通过缓解 DoS 攻击来增强 SDN 的安全性。我们的研究采用的方法包括实施数据包过滤和机器学习分类技术，随后有针对性地限制恶意网络流量。重点在于防止有害通信，而不是完全停用主机。支持向量机和 K-nearest neighbours 算法被用于对 CICDoS 2017 数据集进行高效检测。部署的模型是在为识别 SDN 中的威胁而设计的环境中使用的。根据对禁止队列的观察，我们的系统允许主机在不再产生恶意流量时重新连接。实验在 VMware Ubuntu 上运行，并使用 Mininet 和 RYU 控制器创建了 SDN 环境。测试结果表明各方面的性能都有所提高，包括减少误报、最大限度地降低中央处理单元利用率和控制通道带宽消耗、提高数据包交付率以及减少提交给控制器的流量请求数量。这些结果证实了我们的攻击检测两阶段认证架构能以较低的开销识别和缓解 SDN DoS 攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.