Abstract
The inherent features of software-defined networking (SDN) architecture revolutionize traditional network infrastructure and provide the opportunity for integrated and centralized network monitoring. One of the shortcomings of SDNs is related to its high vulnerability to distributed denial of service attacks and other similar ones. In this paper, a novel multi-stage modular approach is proposed for detecting and mitigating security anomalies in SDN environment (SADM-SDNC). The proposed approach uses NetFlow protocol for gathering information and generating dataset and information gain ratio in order to select the effective features. Also, the C-support vector classification algorithm with radial basis function kernel, and features of Floodlight controller for developing a structure with desirable performance were used in the proposed scheme. The experimental results demonstrate that the proposed approach performs better than other methods in terms of enhancing accuracy and detection rate, and reducing classification error and false alarm rate, which were measured as 99.67%, 99.26%, 0.33%, and 0.08% respectively. Finally, thanks to utilizing REST API and Static Entry Pusher technologies in the Floodlight controller, it makes it possible to disconnect any communications with the attacking factors and remove destructive users.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Rojas E et al (2018) Are we ready to drive software-defined networks? A comprehensive survey on management tools and techniques. ACM Comput Surv (CSUR) 51(2):27
Bilal R, Khan BM (2019) Software-defined networks (SDN): a survey. In: Gupta B, Agrawal DP (eds) Handbook of research on cloud computing and big data applications in IoT. IGI Global, pp 516–536. https://doi.org/10.4018/978-1-5225-8407-0.ch023
Rana DS, Dhondiyal SA, Chamoli SK (2019) Software defined networking (SDN) challenges, issues and solution. Int J Comput Sci Eng 7(1):884–889
Hu T, Guo Z, Yi P, Baker T, Lan J (2018) Multi-controller based software-defined networking: a survey. IEEE Access 6:15980–15996
Yu C, Lan J, Guo Z, Hu Y, Baker T (2019) An adaptive and lightweight update mechanism for SDN. IEEE Access 7:12914–12927
Benzekki K, El Fergougui A, Elbelrhiti Elalaoui A (2017) Software-defined networking (SDN): a survey. Secur Commun Netw 9(18):5803–5833
Alfoudi ASD, Newaz SS, Ramlie R, Lee GM, Baker T (2019) Seamless mobility management in heterogeneous 5G networks: a coordination approach among distributed sdn controllers. In: 2019 IEEE 89th vehicular technology conference (VTC2019-Spring), IEEE, pp 1–6
Masoudi R, Ghaffari A (2016) Software defined networks: a survey. J Netw Comput Appl 67:1–25
Kreutz D, Ramos FM, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. Proc IEEE 103(1):14–76
Farhady H, Lee H, Nakao A (2015) Software-defined networking: a survey. Comput Netw 81:79–95
Gupta RK, Sahoo B (2018) Security issues in software-defined networks. IUP J Inf Technol 14(2):72–82
Liu Y, Zhao B, Zhao P, Fan P, Liu H (2019) A survey: typical security issues of software-defined networking. China Commun 16(7):13–31
Sahay R, Meng W, Jensen CD (2019) The application of software defined networking on securing computer networks: a survey. J Netw Comput Appl 131:89–108
Sultana N, Chilamkurti N, Peng W, Alhadad R (2019) Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw Appl 12(2):493–501
Ai J, Chen H, Guo Z, Cheng G, Baker T (2020) Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment. Future Gener Comput Syst 111:841–852
Tariq N, Asim M, Maamar Z, Farooqi MZ, Faci N, Baker T (2019) A mobile code-driven trust mechanism for detecting internal attacks in sensor node-powered IoT. J Parall Distrib Comput 134:198–206
Wang Y, Guo Y, Guo Z, Baker T, Liu W (2020) CLOSURE: a cloud scientific workflow scheduling algorithm based on attack–defense game model. Future Gener Comput Syst 111:460–474
Akhunzada A et al (2016) Secure and dependable software defined networks. J Netw Comput Appl 61:199–221
Ahmad I, Namal S, Ylianttila M, Gurtov A (2015) Security in software defined networks: a survey. IEEE Commun Surv Tutor 17(4):2317–2346
Jafarian T, Masdari M, Ghaffari A, Majidzadeh K (2020) A survey and classification of the security anomaly detection mechanisms in software defined networks. Cluster Comput. https://doi.org/10.1007/s10586-020-03184-1
Bawany NZ, Shamsi JA, Salah K (2017) DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng 42(2):425–441
Yan Q, Yu FR, Gong Q, Li J (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor 18(1):602–622
da Silva AS, Wickboldt JA, Granville LZ, Schaeffer-Filho A (2016) ATLANTIC: a framework for anomaly traffic detection, classification, and mitigation in SDN. In: Network operations and management symposium (NOMS), 2016 IEEE/IFIP, pp 27–35: IEEE
Ahmed M, Mahmood AN, Islam MR (2016) A survey of anomaly detection techniques in financial domain. Future Gener Comput Syst 55:278–288
Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31
Sun R, Zhang S, Yin C, Wang J, Min S (2019) Strategies for data stream mining method applied in anomaly detection. Cluster Comput 22(2):399–408
Wang J, Xia L (2019) Abnormal behavior detection in videos using deep learning. Cluster Comput 22(4):9229–9239
Velliangiri S, Premalatha J (2019) Intrusion detection of distributed denial of service attack in cloud. Cluster Comput 22(5):10615–10623
Yin C, Zhang S, Yin Z, Wang J (2019) Anomaly detection model based on data stream clustering. Cluster Comput 22:1729–1738. https://doi.org/10.1007/s10586-017-1066-2
Jaber AN, Rehman SU (2020) FCM–SVM based intrusion detection system for cloud computing environment. Cluster Comput 23:3221–3231. https://doi.org/10.1007/s10586-020-03082-6
Aljawarneh S, Yassein MB, Aljundi M (2019) An enhanced J48 classification algorithm for the anomaly intrusion detection systems. Cluster Comput 22(5):10549–10565
Karmakar KK, Varadharajan V, Tupakula U (2019) Mitigating attacks in software defined networks. Cluster Comput 22(4):1143–1157
Badotra S, Panda SN (2019) SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking. Cluster Comput. https://doi.org/10.1007/s10586-020-03133-y
Kokila R, Selvi ST, Govindarajan K (2014) DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 sixth international conference on advanced computing (ICoAC), pp 205–210: IEEE
Hommes S, State R, Engel T (2014) Implications and detection of DoS attacks in OpenFlow-based networks. In: 2014 IEEE global communications conference, pp 537–543: IEEE
Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62:122–136
Sathya R, Thangarajan R (2015) Efficient anomaly detection and mitigation in software defined networking environment. In: 2015 2nd international conference on electronics and communication systems (ICECS), pp 479–484: IEEE
Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Trustcom/BigDataSE/ISPA, 2015 IEEE, vol 1, pp 310–317: IEEE
Niyaz Q, Sun W, Javaid AY (2016) A deep learning based DDoS detection system in software-defined networking (SDN). arXiv:1611.07400
Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Secur Commun Netw. https://doi.org/10.1155/2018/9804061
Garg S, Kaur K, Kumar N, Rodrigues JJ (2019) Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in SDN: a social multimedia perspective. IEEE Trans Multimed 21(3):566–578
Tang TA, McLernon D, Mhamdi L, Zaidi SAR, Ghogho M (2019) Intrusion detection in SDN-based networks: deep recurrent neural network approach. In: Alazab M, Tang M (eds) Deep learning applications for cyber security. Advanced sciences and technologies for security applications. Springer, Cham. https://doi.org/10.1007/978-3-030-13057-2_8
Dey SK, Uddin MR, Rahman MM (2020) Performance analysis of SDN-based intrusion detection model with feature selection approach. In: Proceedings of international joint conference on computational intelligence, pp 483–494. Springer
Nunes BAA, Mendonca M, Nguyen X-N, Obraczka K, Turletti T (2014) A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun Surv Tutor 16(3):1617–1634
Xia W, Wen Y, Foh CH, Niyato D, Xie H (2015) A survey on software-defined networking. IEEE Commun Surv Tutor 17(1):27–51
Lockwood JW, et al. (2007) NetFPGA–an open platform for gigabit-rate network switching and routing. In: 2007 IEEE international conference on microelectronic systems education (MSE’07), pp 160–161:IEEE
Pfaff B, Pettit J, Amidon K, Casado M, Koponen T, Shenker S (2009) Extending networking into the virtualization layer. In: Hotnets
F. O. A. http://www.projectfloodlight.org/
Mattos DM, et al. (2011) Omni: openflow management infrastructure. In: 2011 international conference on the network of the future (NOF), pp 52–56: IEEE
T. O. A. http://trema.github.com/trema/
R. O. A. http://osrg.github.com/ryu/
Gude N et al (2008) NOX: towards an operating system for networks. ACM SIGCOMM Comput Commun Rev 38(3):105–110
Shalimov A, Zuikov D, Zimarina D, Pashkov V, Smeliansky R (2013) Advanced study of SDN/OpenFlow controllers. In: Proceedings of the 9th central & eastern european software engineering conference in Russia, p 1. ACM
O. O. A. http://www.opendaylight.org/
Li L, Chou W, Zhou W, Luo M (2016) Design patterns and extensibility of REST API for networking applications. IEEE Trans Netw Serv Manag 13(1):154–167
Zhou W, Li L, Luo M, Chou W (2014) REST API design patterns for SDN northbound API. In: 2014 28th international conference on advanced information networking and applications workshops, pp 358–365. IEEE
Lara A, Quesada L (2018) Performance analysis of SDN northbound interfaces. In: 2018 IEEE 10th Latin-American conference on communications (LATINCOM), pp 1–6. IEEE
Jerome A, Yuksel M, Ahmed SH, Bassiouni M (2018) SDN-based load balancing for multi-path TCP. In: IEEE INFOCOM 2018-IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 859–864. IEEE
Chin T, Xiong K, Hu C (2018) Phishlimiter: a phishing detection and mitigation approach using software-defined networking. IEEE Access 6:42516–42531
Lantz B, Heller B, McKeown N (2010) A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM workshop on hot topics in networks, p 19. ACM
Li B, Springer J, Bebis G, Gunes MH (2013) A survey of network flow applications. J Netw Comput Appl 36(2):567–581
Kerr DR, Bruins BL (2001) Network flow switching and flow data export,” ed: Google Patents
Nacshon L, Puzis R, Zilberman P (2016) Floware: balanced flow monitoring in software defined networks. arXiv:1608.03307
Hosseinzadeh M, Rahmani AM, Vo B, Bidaki M, Masdari M, Zangakani M (2020) Improving security using SVM-based anomaly detection: issues and challenges. Soft Comput. https://doi.org/10.1007/s00500-020-05373-x
Masdari M, Khezri H (2020) Towards fuzzy anomaly detection-based security: a comprehensive review. Fuzzy Optim Decis Making. https://doi.org/10.1007/s10700-020-09332-x
Masdari M, Khezri H (2020) A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl Soft Comput. https://doi.org/10.1016/j.asoc.2020.106301
Masdari M, Jalali M (2016) A survey and taxonomy of DoS attacks in cloud computing. Secur Commun Netw 9(16):3724–3751
Kotsiantis SB, Zaharakis I, Pintelas P (2007) Supervised machine learning: a review of classification techniques. Emerg Artif Intell Appl Comput Eng 160:3–24
Nguyen TT, Armitage GJ (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutor 10(1–4):56–76
Harrington P (2012) Machine learning in action. Manning Publications Co., New York
Chapaneri R, Shah S (2019) A comprehensive survey of machine learning-based network intrusion detection. In: Satapathy S, Bhateja V, Das S (eds) Smart intelligent computing and applications. Smart innovation, Systems and technologies, vol 104. Springer, Singapore. https://doi.org/10.1007/978-981-13-1921-1_35
Lin C-H, Liu J-C, Ho C-H (2008) Anomaly detection using LibSVM training tools. In: 2008 international conference on information security and assurance (isa 2008), pp 166–171. IEEE
Avallone S, Guadagno S, Emma D, Pescapè A, Ventre G (2004) D-ITG distributed internet traffic generator. In: First international conference on the quantitative evaluation of systems, 2004. QEST 2004. Proceedings, pp 316–317. IEEE
Avallone S, Pescape A, Ventre G (2003) Distributed internet traffic generator (D-ITG): analysis and experimentation over heterogeneous networks. In: Poster at international conference on network protocols, ICNP
Ops B (2016) Denial-of-service Attack–DOS using hping3 with spoofed IP in Kali Linux. BlackMORE Ops. BlackMORE Ops, 17
Sanfilippo S (2005) Hping3 (8)-Linux Man Page,” línea]. Disponible en: https://linux.die.net/man/8/hping3. [Accedido: 11-sep-2017]
Tools K (2014) hping3. ICMP or SYN flooding tool,” ed
Buchanan B, Flandrin F, Macfarlane R, Graves J (2010) A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS). In: Cyberforensics 2011. http://researchrepository.napier.ac.uk/output/201098
Hofmann M, Klinkenberg R (2013) RapidMiner: data mining use cases and business analytics applications. CRC Press, Boca Raton
Raschka S (2015) Python machine learning. Packt Publishing Ltd, Birmingham
Karegowda AG, Manjunath A, Jayaram M (2010) Comparative study of attribute selection using gain ratio and correlation based feature selection. Int J Inf Technol Knowl Manag 2(2):271–277
Mladenić D (2006) Feature Selection for dimensionality reduction. In: Saunders C, Grobelnik M, Gunn S, Shawe-Taylor J (eds) Subspace, latent structure and feature selection SLSFS 2005. Lecture notes in computer science, vol 3940. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11752790_5
Yang J, Honavar V (1998) Feature subset selection using a genetic algorithm. In: Liu H., Motoda H. (eds) Feature extraction, construction and selection. The Springer international series in engineering and computer science, vol 453. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-5725-8_8c
Novakovic J, Veljovic A (2011) C-support vector classification: selection of kernel and parameters in medical diagnosis. In: 2011 IEEE 9th international symposium on intelligent systems and informatics, pp 465–470. IEEE
Banados JA, Espinosa KJ (2014) Optimizing support vector machine in classifying sentiments on product brands from Twitter. In: IISA 2014, the 5th international conference on information, intelligence, systems and applications, pp 75–80. IEEE
Zhao S, Hao X, Li X (2008) Segmentation of fingerprint images using support vector machines. In: 2008 second international symposium on intelligent information technology application, vol 2, pp 427–423. EEE
Xi X-C, Poo A-N, Chou S-K (2007) Support vector regression model predictive control on a HVAC plant. Control Eng Pract 15(8):897–908
Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273–297
Boser BE, Guyon IM, Vapnik VN (1992) A training algorithm for optimal margin classifiers. In: Proceedings of the fifth annual workshop on computational learning theory, pp 144–152. ACM
Boser BE, Guyon IM, Vapnik VN (2003) A training algorithm for optimal margin classifiers. In: Proceedings of the 5th annual ACM workshop on computational learning theory, pp 144–152
Hussain J, Lalmuanawma S, Chhakchhuak L (2016) A two-stage hybrid classification technique for network intrusion detection system. Int J Comput Intell Syst 9(5):863–875
Witten IH, Frank E, Hall MA, Pal CJ (2016) Data mining: practical machine learning tools and techniques. Morgan Kaufmann, Burlington
Chang C-C, Lin C-J (2011) LIBSVM: a library for support vector machines. ACM Trans Intell Syst Technol (TIST) 2(3):27
Haykin S (1994) Neural networks: a comprehensive foundation. Prentice Hall PTR, Upper Saddle River
Bishop CM (2006) Pattern recognition and machine learning. Springer, Berlin
Russell SJ, Norvig P (2016) Artificial intelligence: a modern approach. Pearson Education Limited, Malaysia
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jafarian, T., Masdari, M., Ghaffari, A. et al. SADM-SDNC: security anomaly detection and mitigation in software-defined networking using C-support vector classification. Computing 103, 641–673 (2021). https://doi.org/10.1007/s00607-020-00866-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-020-00866-x