Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks

Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks

Software-Defined Networking (SDN) is an emerging network architecture that addresses the limitation of the traditional network by providing centralized management through a central controller that decouples the control and data planes. However, this development has made the controller a severe targe...

Full description

Bibliographic Details
Main Authors: Hassan A. Alamri, Vijey Thayananthan
Format: Article
Language:English
Published: IEEE 2020-01-01
Series:IEEE Access
Subjects:
Bandwidth
distributed denial-of-service (DDoS) attack
extreme gradient boosting (XGBoost) algorithm
security
software-defined networking (SDN)
Online Access:https://ieeexplore.ieee.org/document/9239958/
id doaj-b3a1ab5e9337439db8917bd9aafb7498
record_format Article
spelling doaj-b3a1ab5e9337439db8917bd9aafb74982021-03-30T04:26:39ZengIEEEIEEE Access2169-35362020-01-01819426919428810.1109/ACCESS.2020.30339429239958Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS AttacksHassan A. Alamri0https://orcid.org/0000-0002-1543-3517Vijey Thayananthan1https://orcid.org/0000-0003-2399-352XDepartment of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi ArabiaDepartment of Computer Science, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, Saudi ArabiaSoftware-Defined Networking (SDN) is an emerging network architecture that addresses the limitation of the traditional network by providing centralized management through a central controller that decouples the control and data planes. However, this development has made the controller a severe target for malicious users to execute attacks such as Distributed Denial of Service (DDoS) attacks. Several schemes have been proposed to mitigate DDoS attacks in SDN, but the challenges still exist. This paper proposes a DDoS mitigation scheme for SDN to ensure accurate attack detection and efficient network resource utilization. The scheme employs two stages: a bandwidth control mechanism and Extreme Gradient Boosting (XGBoost) Algorithm. The bandwidth control mechanism utilizes an adaptive bandwidth profile-based threshold and bandwidth control algorithm that trigger the XGBoost algorithm in case of threshold violations. The use of multiple bandwidth profiles in stetting the threshold ensures the threshold's adaptivity to consider the network traffic variation and reduce the packets drop ratio, which shows an outstanding result. The XGBoost algorithm classifies network traffic flow that violates a set threshold into normal or abnormal traffic. We evaluated the performance of our scheme using CICDDoS2019, NSL-KDD, and CAIDA datasets. Furthermore, we validated our proposed solution in real-time with the SDN environment. The results obtained show that our scheme protects SDN against DDoS attacks with high accuracy, low error, and efficient utilization of the network resources. The proposed system achieved 99.9% accuracy in detecting DDoS attacks with a low false-positive rate of 0.0002% in SDN.https://ieeexplore.ieee.org/document/9239958/Bandwidthdistributed denial-of-service (DDoS) attackextreme gradient boosting (XGBoost) algorithmsecuritysoftware-defined networking (SDN)
collection DOAJ
language English
format Article
sources DOAJ
author Hassan A. Alamri
Vijey Thayananthan
spellingShingle Hassan A. Alamri
Vijey Thayananthan
Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks
IEEE Access
Bandwidth
distributed denial-of-service (DDoS) attack
extreme gradient boosting (XGBoost) algorithm
security
software-defined networking (SDN)
author_facet Hassan A. Alamri
Vijey Thayananthan
author_sort Hassan A. Alamri
title Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks
title_short Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks
title_full Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks
title_fullStr Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks
title_full_unstemmed Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks
title_sort bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against ddos attacks
publisher IEEE
series IEEE Access
issn 2169-3536
publishDate 2020-01-01
description Software-Defined Networking (SDN) is an emerging network architecture that addresses the limitation of the traditional network by providing centralized management through a central controller that decouples the control and data planes. However, this development has made the controller a severe target for malicious users to execute attacks such as Distributed Denial of Service (DDoS) attacks. Several schemes have been proposed to mitigate DDoS attacks in SDN, but the challenges still exist. This paper proposes a DDoS mitigation scheme for SDN to ensure accurate attack detection and efficient network resource utilization. The scheme employs two stages: a bandwidth control mechanism and Extreme Gradient Boosting (XGBoost) Algorithm. The bandwidth control mechanism utilizes an adaptive bandwidth profile-based threshold and bandwidth control algorithm that trigger the XGBoost algorithm in case of threshold violations. The use of multiple bandwidth profiles in stetting the threshold ensures the threshold's adaptivity to consider the network traffic variation and reduce the packets drop ratio, which shows an outstanding result. The XGBoost algorithm classifies network traffic flow that violates a set threshold into normal or abnormal traffic. We evaluated the performance of our scheme using CICDDoS2019, NSL-KDD, and CAIDA datasets. Furthermore, we validated our proposed solution in real-time with the SDN environment. The results obtained show that our scheme protects SDN against DDoS attacks with high accuracy, low error, and efficient utilization of the network resources. The proposed system achieved 99.9% accuracy in detecting DDoS attacks with a low false-positive rate of 0.0002% in SDN.
topic Bandwidth
distributed denial-of-service (DDoS) attack
extreme gradient boosting (XGBoost) algorithm
security
software-defined networking (SDN)
url https://ieeexplore.ieee.org/document/9239958/
work_keys_str_mv AT hassanaalamri bandwidthcontrolmechanismandextremegradientboostingalgorithmforprotectingsoftwaredefinednetworksagainstddosattacks
AT vijeythayananthan bandwidthcontrolmechanismandextremegradientboostingalgorithmforprotectingsoftwaredefinednetworksagainstddosattacks
_version_ 1724181802238607360

Similar Items