An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment
Over the last decade, Distributed Denial of Service (DDoS) attacks became one of the main Internet security issues and the weapon of choice for hackers, cyber extortionists, and cyber terrorists. A DDoS attack disrupts or degrades the network services (by depleting the network bandwidth or router pr...
Saved in:
id |
my-usim-ddms-13280 |
---|---|
record_format |
uketd_dc |
institution |
Universiti Sains Islam Malaysia |
collection |
USIM Institutional Repository |
language |
English |
topic |
Computer networks and communications Security measures Computer security Computer crimes Denial of service attacks |
spellingShingle |
Computer networks and communications Security measures Computer security Computer crimes Denial of service attacks Wisam H A.Muragaa An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment |
description |
Over the last decade, Distributed Denial of Service (DDoS) attacks became one of the main Internet security issues and the weapon of choice for hackers, cyber extortionists, and cyber terrorists. A DDoS attack disrupts or degrades the network services (by depleting the network bandwidth or router processing capacity) or victim resources (by exhausting disk or database bandwidth, file descriptors, buffers, sockets, CPU cycles, memory) and stops the legitimate user from accessing a specific Internet service. Such attacks hog the victim’s resources so that it cannot respond to the services requested by an authenticated user. Amid raising the number of DDoS attacks and the attackers' ability to develop attack types to penetrate traditional protection methods, Software-defined networks has emerged as an alternative environment to minimize the damage of this attack. Enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services make the network more flexible and agile. SDN is an emerging network model that attracted the attention of many researchers in today's networks security issues. The detection of DDoS attacks becomes much easier if we are able to take advantage of the SDN distinct characteristics such as the centralization of control over the infrastructure, decoupling of the control plane from the data plane and the flow-based traffic concept. In this research, we utilize the SDN controller to detect and mitigate DDoS attacks. The SDN-based DDoS detection solutions that have been proposed are various but suffer from performance degradation particularly, machine learning-based solutions and entropy-based solutions. DDoS detection solutions based on Machine learning techniques and entropy techniques in SDN suffer from either increase the CPU usage or increase false alarms. The performance degradation in the existing solutions is caused by the complexity of the techniques used to detect the DDoS attacks in SDN as well as the parameters used by these techniques to distinguish DDoS packets. The existing solutions do not consider the elapsed time between the successive attack packets as a key parameter in detecting DDoS attacks in SDN as an example. Furthermore, the existing solutions are only focused on detecting the flooding DDoS attacks and failed to propose a defense solution can detect the DDoS attacks that change from the high volume to the low volume at the time of the attack. Also, few solutions considered low-rate DDoS attacks detection in SDN. In this research, we propose an elapsed-time based scheme, an effective and efficient scheme to detect and mitigate flooding attacks and low-rate attacks in SDN. Elapsed-time based scheme is implemented on POX controller and evaluated under different attack scenarios. The experimental results confirm that, compared to different machine learning-based solution and entropy-based solutions mentioned in this research, elapsed-time based scheme reduces the overhead up to 50%, while ensuring 0% of false alarms and to more than 99.20% of the accuracy. |
format |
Thesis |
author |
Wisam H A.Muragaa |
author_facet |
Wisam H A.Muragaa |
author_sort |
Wisam H A.Muragaa |
title |
An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment |
title_short |
An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment |
title_full |
An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment |
title_fullStr |
An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment |
title_full_unstemmed |
An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment |
title_sort |
elapsed-time based scheme for detecting and mitigating ddos attacks in the sdn environment |
granting_institution |
Universiti Sains Islam Malaysia |
url |
https://oarep.usim.edu.my/bitstreams/c52883c3-3466-4ed2-8e79-e9e45a013994/download https://oarep.usim.edu.my/bitstreams/546e8fe4-5da2-485b-a531-5014d6de79a8/download https://oarep.usim.edu.my/bitstreams/2d57ed9e-4fda-4652-952e-788971558b06/download https://oarep.usim.edu.my/bitstreams/40431fc9-ff97-4989-a101-3cd306a646fd/download https://oarep.usim.edu.my/bitstreams/48473172-9023-4ffe-9e06-7759614b1a07/download https://oarep.usim.edu.my/bitstreams/79dc738b-43ab-4c36-af5f-5b7a07e5b5d9/download https://oarep.usim.edu.my/bitstreams/17a432eb-eaba-45be-bcc0-6e8a0bb1a13d/download https://oarep.usim.edu.my/bitstreams/2f7baaa3-07da-4282-a640-0f9a6c2578c9/download https://oarep.usim.edu.my/bitstreams/250715b0-2263-429e-9f53-726813d48961/download https://oarep.usim.edu.my/bitstreams/9970b447-d948-4882-bb4f-efa1c1355828/download |
_version_ |
1812444902852657152 |
spelling |
my-usim-ddms-132802024-05-29T20:08:51Z An elapsed-time based scheme for detecting and mitigating DDOS attacks in the SDN environment Wisam H A.Muragaa Over the last decade, Distributed Denial of Service (DDoS) attacks became one of the main Internet security issues and the weapon of choice for hackers, cyber extortionists, and cyber terrorists. A DDoS attack disrupts or degrades the network services (by depleting the network bandwidth or router processing capacity) or victim resources (by exhausting disk or database bandwidth, file descriptors, buffers, sockets, CPU cycles, memory) and stops the legitimate user from accessing a specific Internet service. Such attacks hog the victim’s resources so that it cannot respond to the services requested by an authenticated user. Amid raising the number of DDoS attacks and the attackers' ability to develop attack types to penetrate traditional protection methods, Software-defined networks has emerged as an alternative environment to minimize the damage of this attack. Enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services make the network more flexible and agile. SDN is an emerging network model that attracted the attention of many researchers in today's networks security issues. The detection of DDoS attacks becomes much easier if we are able to take advantage of the SDN distinct characteristics such as the centralization of control over the infrastructure, decoupling of the control plane from the data plane and the flow-based traffic concept. In this research, we utilize the SDN controller to detect and mitigate DDoS attacks. The SDN-based DDoS detection solutions that have been proposed are various but suffer from performance degradation particularly, machine learning-based solutions and entropy-based solutions. DDoS detection solutions based on Machine learning techniques and entropy techniques in SDN suffer from either increase the CPU usage or increase false alarms. The performance degradation in the existing solutions is caused by the complexity of the techniques used to detect the DDoS attacks in SDN as well as the parameters used by these techniques to distinguish DDoS packets. The existing solutions do not consider the elapsed time between the successive attack packets as a key parameter in detecting DDoS attacks in SDN as an example. Furthermore, the existing solutions are only focused on detecting the flooding DDoS attacks and failed to propose a defense solution can detect the DDoS attacks that change from the high volume to the low volume at the time of the attack. Also, few solutions considered low-rate DDoS attacks detection in SDN. In this research, we propose an elapsed-time based scheme, an effective and efficient scheme to detect and mitigate flooding attacks and low-rate attacks in SDN. Elapsed-time based scheme is implemented on POX controller and evaluated under different attack scenarios. The experimental results confirm that, compared to different machine learning-based solution and entropy-based solutions mentioned in this research, elapsed-time based scheme reduces the overhead up to 50%, while ensuring 0% of false alarms and to more than 99.20% of the accuracy. Universiti Sains Islam Malaysia 2020-07 Thesis en https://oarep.usim.edu.my/handle/123456789/13280 https://oarep.usim.edu.my/bitstreams/90e7db07-aa32-4898-a058-40478b135bf6/download 8a4605be74aa9ea9d79846c1fba20a33 https://oarep.usim.edu.my/bitstreams/c52883c3-3466-4ed2-8e79-e9e45a013994/download 32c4d89dfa8ecc2f7b4656f5d3023e9e https://oarep.usim.edu.my/bitstreams/546e8fe4-5da2-485b-a531-5014d6de79a8/download a8d4dda67cb5a12cfc41bf81a4e6a395 https://oarep.usim.edu.my/bitstreams/2d57ed9e-4fda-4652-952e-788971558b06/download ccec40a0b3385cac7f67b70cd9f5c513 https://oarep.usim.edu.my/bitstreams/40431fc9-ff97-4989-a101-3cd306a646fd/download 4be7170754c80c5e3e371651cf941403 https://oarep.usim.edu.my/bitstreams/48473172-9023-4ffe-9e06-7759614b1a07/download 060bf8a506858f873f885bfa12fcae4a https://oarep.usim.edu.my/bitstreams/79dc738b-43ab-4c36-af5f-5b7a07e5b5d9/download 1097daee7454aeaaef95d15d81dfa24f https://oarep.usim.edu.my/bitstreams/17a432eb-eaba-45be-bcc0-6e8a0bb1a13d/download fa59a4935c40692f6b90c98a673ee524 https://oarep.usim.edu.my/bitstreams/2f7baaa3-07da-4282-a640-0f9a6c2578c9/download c48efff1698b0bd4dc9508c5cf2b6d8d https://oarep.usim.edu.my/bitstreams/250715b0-2263-429e-9f53-726813d48961/download 528c358ccde7fb44d740c1c3471b5c5e https://oarep.usim.edu.my/bitstreams/9970b447-d948-4882-bb4f-efa1c1355828/download a848456077387ae1de4de6935219ff81 https://oarep.usim.edu.my/bitstreams/8844ad1b-4687-4dcb-a746-7619981331a0/download 2b9070cb307cf34248eb40a583fbd7a9 https://oarep.usim.edu.my/bitstreams/978acc8c-1b5a-4ec9-91ef-25c31c8e5346/download 0e1c727b97db390ca0f1c0d5b6fd71f9 https://oarep.usim.edu.my/bitstreams/bcdeb791-4acb-42fa-91d8-eb237314d64d/download 11b04d6d28bc89979c7cb0b1ef53bf79 https://oarep.usim.edu.my/bitstreams/c1f9136b-de46-4ec5-9afe-09e939539547/download abf09f5a0f84aa8be0fbc4ff8f4e31e9 https://oarep.usim.edu.my/bitstreams/c2e2d0a5-5078-440e-9bc8-167a85b8bda7/download b41fac86e71e149e3dbc305d8a4bf7e1 https://oarep.usim.edu.my/bitstreams/753c471d-afc4-44d8-b7a6-4fcfcb3ce4fe/download 14ac6bd87672a03e74e95c09ec104542 https://oarep.usim.edu.my/bitstreams/29ce322e-4fd7-4e5b-a4ee-62cb4e58491f/download 24a4e4f6d0eeb5145c35631ce149baf8 https://oarep.usim.edu.my/bitstreams/ba84c74f-3f20-4c22-9d52-e855d4ad13cc/download 68b329da9893e34099c7d8ad5cb9c940 https://oarep.usim.edu.my/bitstreams/7f2374fb-da2e-4f23-9aa3-b912d78a7f2e/download d2de5c88892f3179d65f35259436450a https://oarep.usim.edu.my/bitstreams/1ea7a86a-ce26-46e3-9c6c-77ca2b0419e4/download 0b1479eaa05dd575502976926306aafc Computer networks and communications Security measures Computer security Computer crimes Denial of service attacks |