Cargando…
SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN
With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of serv...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9657090/ https://www.ncbi.nlm.nih.gov/pubmed/36365984 http://dx.doi.org/10.3390/s22218287 |
| _version_ | 1784829604288004096 |
|---|---|
| author | Wang, Jin Wang, Liping |
| author_facet | Wang, Jin Wang, Liping |
| author_sort | Wang, Jin |
| collection | PubMed |
| description | With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of service (DDoS) attacks, which will cause the memory of controllers and switches to be occupied, network bandwidth and server resources to be exhausted, affecting the use of normal users. To solve this problem, this paper designs and implements an online attack detection and mitigation SDN defense system. The SDN defense system consists of two modules: anomaly detection module and mitigation module. The anomaly detection model uses a lightweight hybrid deep learning method—Convolutional Neural Network and Extreme Learning Machine (CNN-ELM) for anomaly detection of traffic. The mitigation model uses IP traceback to locate the attacker and effectively filters out abnormal traffic by sending flow rule commands from the controller. Finally, we evaluate the SDN defense system. The experimental results show that the SDN defense system can accurately identify and effectively mitigate DDoS attack flows in real-time. |
| format | Online Article Text |
| id | pubmed-9657090 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-96570902022-11-15 SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN Wang, Jin Wang, Liping Sensors (Basel) Article With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of service (DDoS) attacks, which will cause the memory of controllers and switches to be occupied, network bandwidth and server resources to be exhausted, affecting the use of normal users. To solve this problem, this paper designs and implements an online attack detection and mitigation SDN defense system. The SDN defense system consists of two modules: anomaly detection module and mitigation module. The anomaly detection model uses a lightweight hybrid deep learning method—Convolutional Neural Network and Extreme Learning Machine (CNN-ELM) for anomaly detection of traffic. The mitigation model uses IP traceback to locate the attacker and effectively filters out abnormal traffic by sending flow rule commands from the controller. Finally, we evaluate the SDN defense system. The experimental results show that the SDN defense system can accurately identify and effectively mitigate DDoS attack flows in real-time. MDPI 2022-10-28 /pmc/articles/PMC9657090/ /pubmed/36365984 http://dx.doi.org/10.3390/s22218287 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Wang, Jin Wang, Liping SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN |
| title | SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN |
| title_full | SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN |
| title_fullStr | SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN |
| title_full_unstemmed | SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN |
| title_short | SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN |
| title_sort | sdn-defend: a lightweight online attack detection and mitigation system for ddos attacks in sdn |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9657090/ https://www.ncbi.nlm.nih.gov/pubmed/36365984 http://dx.doi.org/10.3390/s22218287 |
| work_keys_str_mv | AT wangjin sdndefendalightweightonlineattackdetectionandmitigationsystemforddosattacksinsdn AT wangliping sdndefendalightweightonlineattackdetectionandmitigationsystemforddosattacksinsdn |