Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (11): 389-399.doi: 10.11896/jsjkx.230900028

• Information Security • Previous Articles     Next Articles

DDoS Attack Detection Model Based on Statistics and Ensemble Autoencoders in SDN

LI Chunjiang1, YIN Shaoping1, CHI Haotian1, YANG Jing1,3, GENG Haijun1,2,3   

  1. 1 School of Automation and Software Engineering,Shanxi University,Taiyuan 030006,China
    2 School of Computer and Information Technology,Shanxi University,Taiyuan 030006,China
    3 Industry of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China
  • Received:2023-09-04 Revised:2024-03-03 Online:2024-11-15 Published:2024-11-06
  • About author:LI Chunjiang,born in 1998,master candidate.His main research interests include anomaly traffic detection and software defined networking.
    GENG Haijun,born in 1983,Ph.D,associate professor.His main research intere-sts include network architecture and routing algorithm.
  • Supported by:
    Fundamental Research Program of Shanxi Province(20210302123444),Scientific and Technological Innovation Programs of Higher Education Institutions in Shanxi(2022L002),Ministry of Education(CN) Industry-University-Research Innovation Fund(2021FNA02009),National Natural Science Foundation of China(61702315),Key Research and Development Program of Shanxi Province(201903D421003,202202020101004) and National Key Research and Development Program of China(2018YFB1800401).

PDF (PC)

225

Abstract: Software-defined networking(SDN) is a novel network architecture that provides fine-grained centralized network management services.It is characterized by control and forwarding separation,centralized control,and open interface characteristics.Due to the centralized management logic of the control layer,controllers have becom the prime targets for distributed denial-of-service(DDoS)attacks.Traditional statistics-based DDoS attack detection algorithms often have problems such as high false-positive rates and fixed thresholds,while detection algorithms based on machine learning models are often involved in substantial computational resource consumption and poor generalization.To address these challenges,this study proposes a two-tier DDoS attack detection model based on statistical features and ensemble autoencoders.The statistics-based method extracts Rényi entropy features and sets a dynamic threshold to judge suspicious traffic.The ensemble autoencoder algorithm is then applied for a more accurate DDoS attack judgment of suspicious traffic.The double-layered model not only enhances detection performance and solves the problem of high false alarm rates,but also effectively shortens the detection time,thereby reducing the consumption of computational resources.Experimental results show that the model achieves high accuracy in different network environments,with the lowest F1 score on various datasets is more than 98.5%,demonstrating a strong generalization capability.

Key words: Software-defined networking, Distributed denial-of-service(DDoS), Rényi entropy, Dynamic threshold, Autoencoder

CLC Number: 

  • TP393
[1] KREUTZ D,RAMOS F M V,VERISSIMO P E,et al.Software-defined networking:A comprehensive survey[J].Proceedings of the IEEE,2014,103(1):14-76.
[2] FEAMSTER N,REXFORD J,ZEGURA E.The road to SDN:an intellectual history of programmable networks[J].ACM SIGCOMM Computer Communication Review,2014,44(2):87-98.
[3] ORDONEZ-LUCENA J,AMEIGEIRAS P,LOPEZ D,et al.Network slicing for 5G with SDN/NFV:Concepts,architectures,and challenges[J].IEEE Communications Magazine,2017,55(5):80-87.
[4] YANG M,LI Y,JIN D,et al.OpenRAN:a software-defined ran architecture via virtualization[J].ACM SIGCOMM computer communication review,2013,43(4):549-550.
[5] TRIVISONNO R,GUERZONI R,VAISHNAVI I,et al.SDN-based 5G mobile networks:architecture,functions,procedures and backward compatibility[J].Transactions on Emerging Telecommunications Technologies,2015,26(1):82-92.
[6] LI D,CHEN G H,REN F Y,et al.Data Center Network Research Progress and Trends[J].Chinese Journal of Computers,2014,37(2):259-274.
[7] SON J,BUYYA R.A taxonomy of software-defined networking(SDN)-enabled cloud computing[J].ACMComputing Surveys(CSUR),2018,51(3):1-36.
[8] WANG M M,LIU J W,CHEN J,et al.Software Defined Networking:Security Model,Threats and Mechanism[J].Journal of Software,2016,27(4):970-987.
[9] DEB R,ROY S.A comprehensive survey of vulnerability and information security in SDN[J].Computer Networks,2022,206:108802.
[10] BAWANY N Z,SHAMSI J A,SALAH K.DDoS attack detection and mitigation using SDN:methods,practices,and solutions[J].Arabian Journal for Science and Engineering,2017,42:425-441.
[11] LIU Z,JIN H,HU Y C,et al.Practical proactive DDoS-attack mitigation via endpoint-driven in-network traffic control[J].IEEE/ACM Transactions on Networking,2018,26(4):1948-1961.
[12] BHATIA S,BEHAL S,AHMED I.Distributed denial of service attacks and defense mechanisms:current landscape and future directions[J].Versatile Cybersecurity,2018:55-97.
[13] KAUR S,KUMAR K,AGGARWAL N,et al.A comprehensive survey of DDoS defense solutions in SDN:Taxonomy,research challenges,and future directions[J].Computers & Security,2021,110:102423.
[14] REVATHI M,RAMALINGAM V V,AMUTHA B.A machine learning based detection and mitigation of the DDOS attack by using SDN controller framework[J].Wireless Personal Communications,2022,127(3):2417-2441.
[15] TAYFOUR O E,MARSONO M N.Collaborative detection and mitigation of DDoS in software-defined networks[J].The Journal of Supercomputing,2021,77:13166-13190.
[16] NOORIBAKHSH M,MOLLAMOTALEBI M.A review on statistical approaches for anomaly detection in DDoS attacks[J].Information Security Journal:A Global Perspective,2020,29(3):118-133.
[17] JIA K,WANG J N,LIU F.DDoS detection and mitigationFramework in SDN[J].Journal of Cyber Security,2021,6(1):17-31
[18] WANG R,JIA Z,JU L.An entropy-based distributed DDoS detection mechanism in software-defined networking[C]//2015 IEEE Trustcom/BigDataSE/ISPA.IEEE,2015,1:310-317.
[19] LIU Z,HU C,SHAN C.Riemannian manifold on stream data:Fourier transform and entropy-based DDoS attacks detection method[J].Computers & Security,2021,109:102392.
[20] FOULADI R F,ERMI O,ANARIM E.A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN[J].Computer Networks,2022,214:109140.
[21] ZHAO P,ZHAO W T,FU Z J,et al.SDN self-protection system based on Renyi entropy[J].Chinese Journal of Network and Information Security,2021,7(3):85-94.
[22] SWAMI R,DAVE M,RANGA V.Defending DDoS against software defined networks using entropy[C]//2019 4th International Conference on Internet of Things:Smart Innovation and Usages(IoT-SIU).IEEE,2019:1-5.
[23] MIRSKY Y,DOITSHMAN T,ELOVICI Y,et al.Kitsune:anensemble of autoencoders for online network intrusion detection[J].arXiv:1802.09089,2018.
[24] CHETOUANE A,KAROUI K.A survey of machine learning methods for DDoS threats detection against SDN[C]//Distributed Computing for Emerging Smart Networks:Third International Workshop,DiCES-N 2022,Bizerte,Tunisia.Springer International Publishing,2022:99-127.
[25] TSOBDJOU L D,PIERRE S,QUINTERO A.An online entropy-based DDoS flooding attack detection system with dynamic threshold[J].IEEE Transactions on Network and Service Ma-nagement,2022,19(2):1679-1689.
[26] AHALAWAT A,BABU K S,TURUK A K,et al.A low-rate DDoS detection and mitigation for SDN using Rényi Entropy with Packet Drop[J].Journal of Information Security and Applications,2022,68:103212.
[27] FOULADI R F,ERMI O,ANARIM E.A DDoS attack detection and defense scheme using time-series analysis for SDN[J].Journal of Information Security and Applications,2020,54:102587.
[28] ISA M M,MHAMDI L.Hybrid Deep Autoencoder with Random Forest in Native SDN Intrusion Detection Environment[C]//ICC 2022-IEEE International Conference on Communications.IEEE,2022:1698-1703.
[29] TAN L,PAN Y,WU J,et al.A new framework for DDoS attack detection and defense in SDN environment[J].IEEE Access,2020,8:161908-161919.
[30] WANG L,LIU Y.A DDoS attack detection method based on information entropy and deep learning in SDN[C]//2020 IEEE 4th Information Technology,Networking,Electronic and Automation Control Conference(ITNEC).IEEE,2020,1:1084-1088.
[31] ZHANG L,WANG J S.DDoS Attack Detection Model Based on Information Entropy and DNN in SDN[J].Journal of Computer Research and Development,2019,56(5):909-918.
[32] WANG T,GUO Z,CHEN H,et al.BWManager:Mitigating denial of service attacks in software-defined networks through bandwidth prediction[J].IEEE Transactions on Network and Service Management,2018,15(4):1235-1248.
[1] LI Zhe, LIU Yiyang, WANG Ke, YANG Jie, LI Yafei, XU Mingliang. Real-time Prediction Model of Carrier Aircraft Landing Trajectory Based on Stagewise Autoencoders and Attention Mechanism [J]. Computer Science, 2024, 51(9): 273-282.
[2] XU Bei, LIU Tong. Semi-supervised Emotional Music Generation Method Based on Improved Gaussian Mixture Variational Autoencoders [J]. Computer Science, 2024, 51(8): 281-296.
[3] CHEN Jie, JIN Linjiang, ZHENG Hongbo, QIN Xujia. Deep Feature Learning and Feature Clustering of Streamlines in 3D Flow Fields [J]. Computer Science, 2024, 51(7): 221-228.
[4] YUAN Zhen, LIU Jinfeng. Denoising Autoencoders Based on Lossy Compress Coding [J]. Computer Science, 2024, 51(6A): 230400172-7.
[5] ZHANG Jie, LU Miaoxin, LI Jiakang, XU Dayong, HUANG Wenxiao, SHI Xiaoping. Residual Dense Convolutional Autoencoder for High Noise Image Denoising [J]. Computer Science, 2024, 51(6A): 230400073-7.
[6] ZHAO Ziqi, YANG Bin, ZHANG Yuanguang. Hierarchical Traffic Flow Prediction Model Based on Graph Autoencoder and GRU Network [J]. Computer Science, 2024, 51(6A): 230400148-6.
[7] PENG Bo, LI Yaodong, GONG Xianfu. Improved K-means Photovoltaic Energy Data Cleaning Method Based on Autoencoder [J]. Computer Science, 2024, 51(6A): 230700070-5.
[8] WU Huinan, XING Hongjie, LI Gang. Deep Multiple-sphere Support Vector Data Description Based on Variational Autoencoder with Mixture-of-Gaussians Prior [J]. Computer Science, 2024, 51(6): 135-143.
[9] LI Shasha, XING Hongjie. Robust Anomaly Detection Based on Adversarial Samples and AutoEncoder [J]. Computer Science, 2024, 51(5): 363-373.
[10] GE Yinchi, ZHANG Hui, SUN Haohang. Differential Privacy Data Synthesis Method Based on Latent Diffusion Model [J]. Computer Science, 2024, 51(3): 30-38.
[11] CHEN Meng, QIAN Rongrong, ZHU Yujia, HUANG Zhenguo. Method of Outdoor CSI Feedback for Massive MIMO Systems Based on Deep Autoencoder [J]. Computer Science, 2024, 51(11A): 231000191-6.
[12] LI Qiaojun, ZHANG Wen, YANG Wei. Fusion Neural Network-based Method for Predicting LncRNA-disease Association [J]. Computer Science, 2023, 50(8): 226-232.
[13] LI Hui, LI Wengen, GUAN Jihong. Dually Encoded Semi-supervised Anomaly Detection [J]. Computer Science, 2023, 50(7): 53-59.
[14] WANG Qingyu, WANG Hairui, ZHU Guifu, MENG Shunjian. Study on SQL Injection Detection Based on FlexUDA Model [J]. Computer Science, 2023, 50(6A): 220600172-6.
[15] RAO Dan, SHI Hongwei. Study on Air Traffic Flow Recognition and Anomaly Detection Based on Deep Clustering [J]. Computer Science, 2023, 50(3): 121-128.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.