×

Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. (English) Zbl 1478.68016

Summary: Many security solutions have been proposed in the past to protect Internet architecture from a diversity of malware. However, the security of the Internet and its applications is still an open research challenge. Researchers continuously working on novel network architectures such as HTTP as the narrow waist, Named Data Networking (NDN), programmable networks and Software-Defined Networking (SDN) for designing a more reliable network. Among these, SDN has emerged as a more robust and secure solution to combat against such malicious activities. In SDN, bifurcation of control plane and data plane provides more manageability, control, dynamic updating of rules, analysis, and global view of the network using a centralized controller. Though SDN seems a secured network architecture as compared to the conventional IP-based networks, still, SDN itself is vulnerable to many types of network intrusions and facing severe deployment challenges. This paper systematically reviews around 70 prominent DDoS detection and mitigation mechanisms in SDN networks. These mechanisms are characterized into four categories, viz: Information theory-based methods, Machine learning-based methods, Artificial Neural Networks (ANN) based methods and other miscellaneous methods. The paper also dowries and deliberates on various open research issues, gaps and challenges in the deployment of a secure SDN-based DDoS defence solution. Such an exhaustive review will surely help the researcher community to provide more robust and reliable DDoS solutions in SDN networks.

MSC:

68M11 Internet topics
68M25 Computer security
68-02 Research exposition (monographs, survey articles) pertaining to computer science
PDF BibTeX XML Cite
Full Text: DOI

References:

[1] Internet growth usage statistics (2019)
[2] DoS attack report (2020)
[3] Feily, M.; Shahrestani, A.; Ramadass, S., A survey of botnet and botnet detection, (2009 Third International Conference on Emerging Security Information, Systems and Technologies (2009), IEEE), 268-273
[4] M. Abu Rajab, J. Zarfoss, F. Monrose, A. Terzis, A multifaceted approach to understanding the botnet phenomenon, in: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, 2006, pp. 41-52.
[5] B. Saha, A. Gairola, Botnet: an overview, CERT-In White Paper, CIWP-2005-05, Vol. 240, 2005.
[6] Bawany, N. Z.; Shamsi, J. A.; Salah, K., DDoS attack detection and mitigation using SDN: methods, practices, and solutions, Arab. J. Sci. Eng., 42, 2, 425-441 (2017)
[7] Joëlle, M. M.; Park, Y.-H., Strategies for detecting and mitigating DDoS attacks in SDN: A survey, J. Intell. Fuzzy Systems, 35, 6, 5913-5925 (2018)
[8] Dong, S.; Abbas, K.; Jain, R., A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments, IEEE Access, 7, 80813-80828 (2019)
[9] Fajar, A. P.; Purboyo, T. W., A survey paper of distributed denial-of-service attack in software defined networking (sdn), Int. J. Appl. Eng. Res., 13, 1, 476-482 (2018)
[10] Xu, X.; Yu, H.; Yang, K., DDoS attack in software defined networks: a survey, ZTE Commun., 15, 3 (2017)
[11] Kalkan, K.; Gur, G.; Alagoz, F., Defense mechanisms against DDoS attacks in SDN environment, IEEE Commun. Mag., 55, 9, 175-179 (2017)
[12] Singh, M. P.; Bhandari, A., New-flow based DDoS attacks in SDN: Taxonomy, rationales, and research challenges, Comput. Commun. (2020)
[13] Douligeris, C.; Serpanos, D. N., Network Security: Current Status and Future Directions (2007), John Wiley & Sons
[14] Mukherjee, B.; Heberlein, L. T.; Levitt, K. N., Network intrusion detection, IEEE Netw., 8, 3, 26-41 (1994)
[15] Kreutz, D.; Ramos, F. M.; Verissimo, P. E.; Rothenberg, C. E.; Azodolmolky, S.; Uhlig, S., Software-defined networking: A comprehensive survey, Proc. IEEE, 103, 1, 14-76 (2014)
[16] Benson, T.; Akella, A.; Maltz, D. A., Unraveling the complexity of network management, (NSDI (2009)), 335-348
[17] Xia, W.; Wen, Y.; Foh, C. H.; Niyato, D.; Xie, H., A survey on software-defined networking, IEEE Commun. Surv. Tutor., 17, 1, 27-51 (2014)
[18] Pan, J.; Paul, S.; Jain, R., A survey of the research on future internet architectures, IEEE Commun. Mag., 49, 7, 26-36 (2011)
[19] L. Popa, A. Ghodsi, I. Stoica, HTTP as the narrow waist of the future Internet, in: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, 2010, pp. 1-6.
[20] Zhang, L.; Estrin, D.; Burke, J.; Jacobson, V.; Thornton, J. D.; Smetters, D. K.; Zhang, B.; Tsudik, G.; Massey, D.; Papadopoulos, C., Named data networking (ndn) project, (Relatório Técnico NDN-0001, Xerox Palo Alto Research Center-PARC, Vol. 157 (2010), Citeseer), 158
[21] Campbell, A. T.; De Meer, H. G.; Kounavis, M. E.; Miki, K.; Vicente, J. B.; Villela, D., A survey of programmable networks, ACM SIGCOMM Comput. Commun. Rev., 29, 2, 7-23 (1999)
[22] O.N. Fundation, Software-defined networking: The new norm for networks, ONF White Paper, Vol. 2, pp. 2-6.
[23] Ahmad, I.; Namal, S.; Ylianttila, M.; Gurtov, A., Security in software defined networks: A survey, IEEE Commun. Surv. Tutor., 17, 4, 2317-2346 (2015)
[24] S. Shin, G. Gu, Attacking software-defined networks: A first feasibility study, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 165-166.
[25] Fonseca, P.; Bennesby, R.; Mota, E.; Passito, A., A replication component for resilient OpenFlow-based networking, (2012 IEEE Network Operations and Management Symposium (2012), IEEE), 933-939
[26] Scott-Hayward, S.; Natarajan, S.; Sezer, S., A survey of security in software defined networks, IEEE Commun. Surv. Tutor., 18, 1, 623-654 (2015)
[27] Ali, S. T.; Sivaraman, V.; Radford, A.; Jha, S., A survey of securing networks using software defined networking, IEEE Trans. Reliab., 64, 3, 1086-1097 (2015)
[28] Bhushan, K.; Gupta, B. B., Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment, J. Ambient Intell. Humaniz. Comput., 10, 5, 1985-1997 (2019)
[29] Koponen, T.; Casado, M.; Gude, N.; Stribling, J.; Poutievski, L.; Zhu, M.; Ramanathan, R.; Iwata, Y.; Inoue, H.; Hama, T., Onix: A distributed control platform for large-scale production networks, (OSDI, Vol. 10 (2010)), 1-6
[30] OpenFlow switch (2020), https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-switch-v1.5.1.pdf. (Accessed on 11 March 2020)
[31] McKeown, N.; Anderson, T.; Balakrishnan, H.; Parulkar, G.; Peterson, L.; Rexford, J.; Shenker, S.; Turner, J., OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Comput. Commun. Rev., 38, 2, 69-74 (2008)
[32] Open networking foundation (2020)
[33] Lara, A.; Kolasani, A.; Ramamurthy, B., Network innovation using openflow: A survey, IEEE Commun. Surv. Tutor., 16, 1, 493-512 (2013)
[34] Nunes, B. A.A.; Mendonca, M.; Nguyen, X.-N.; Obraczka, K.; Turletti, T., A survey of software-defined networking: Past, present, and future of programmable networks, IEEE Commun. Surv. Tutor., 16, 3, 1617-1634 (2014)
[35] Jarraya, Y.; Madi, T.; Debbabi, M., A survey and a layered taxonomy of software-defined networking, IEEE Commun. Surv. Tutor., 16, 4, 1955-1980 (2014)
[36] Presuhn, R.; Case, J.; McCloghrie, K.; Rose, M.; Waldbusser, S., Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)Tech. Rep. (2002), STD 62, RFC 3416, December
[37] A. Ghodsi, S. Shenker, T. Koponen, A. Singla, B. Raghavan, J. Wilcox, Intelligent design enables architectural evolution, in: Proceedings of the 10th ACM Workshop on Hot Topics in Networks, 2011, pp. 1-6.
[38] B. Raghavan, M. Casado, T. Koponen, S. Ratnasamy, A. Ghodsi, S. Shenker, Software-defined internet architecture: decoupling architecture from infrastructure, in: Proceedings of the 11th ACM Workshop on Hot Topics in Networks, 2012, pp. 43-48.
[39] Kim, H.; Feamster, N., Improving network management with software defined networking, IEEE Commun. Mag., 51, 2, 114-119 (2013)
[40] Sherry, J.; Ratnasamy, S.; At, J. S., A Survey of Enterprise Middlebox DeploymentsTechnical Report No. UCB/EECS-2012-24 (2012), Citeseer
[41] (2019)
[42] H. Jamjoom, D. Williams, U. Sharma, Don’t call them middleboxes, call them middlepipes, in: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, 2014, pp. 19-24.
[43] S. Shenker, M. Casado, T. Koponen, N. McKeown, et al. The future of networking, and the past of protocols, Open Networking Summit, Vol. 20, 2011, pp. 1-30.
[44] Alkhatib, H.; Faraboschi, P.; Frachtenberg, E.; Kasahara, H.; Lange, D.; Laplante, P.; Merchant, A.; Milojicic, D.; Schwan, K., IEEE CS 2022 Report (Draft)Tech. Rep. (2014), IEEE Computer Society
[45] Scott-Hayward, S.; O’Callaghan, G.; Sezer, S., SDN security: A survey, (2013 IEEE SDN for Future Networks and Services. 2013 IEEE SDN for Future Networks and Services, SDN4FNS (2013), IEEE), 1-7
[46] Doria, A.; Salim, J. H.; Haas, R.; Khosravi, H. M.; Wang, W.; Dong, L.; Gopal, R.; Halpern, J. M., Forwarding and control element separation (ForCES) protocol specification, RFC, 5810, 1-124 (2010)
[47] Tewari, A.; Gupta, B., Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework, Future Gener. Comput. Syst. (2018)
[48] H. Song, Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 127-132.
[49] Ubale, T.; Jain, A. K., Survey on DDoS attack techniques and solutions in software-defined network, (Handbook of Computer Networks and Cyber Security (2020), Springer), 389-419
[50] Nox controller (2020), https://github.com/noxrepo/nox. (Accessed on 11 March 2020)
[51] Pox controller (2020), https://github.com/noxrepo/pox. (Accessed on 11 March 2020)
[52] Project floodlight (2020), http://www.projectfloodlight.org/floodlight/. (Accessed on 11 March 2020)
[53] Ryu (2020), https://osrg.github.io/ryu/. (Accessed on 11 March 2020)
[54] Khan, S.; Gani, A.; Wahab, A. W.A.; Abdelaziz, A.; Bagiwa, M. A., FML: A novel forensics management layer for software defined networks, (2016 6th International Conference-Cloud System and Big Data Engineering. 2016 6th International Conference-Cloud System and Big Data Engineering, Confluence (2016), IEEE), 619-623
[55] A. Voellmy, H. Kim, N. Feamster, Procera: a language for high-level reactive network control, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 43-48.
[56] Anderson, C. J.; Foster, N.; Guha, A.; Jeannin, J.-B.; Kozen, D.; Schlesinger, C.; Walker, D., NetKAT: Semantic foundations for networks, ACM SIGPLAN Not., 49, 1, 113-126 (2014) · Zbl 1284.68100
[57] Foster, N.; Harrison, R.; Freedman, M. J.; Monsanto, C.; Rexford, J.; Story, A.; Walker, D., Frenetic: A network programming language, ACM SIGPLAN Not., 46, 9, 279-291 (2011) · Zbl 1323.68114
[58] A. Tootoonchian, Y. Ganjali, Hyperflow: A distributed control plane for openflow, in: Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, Vol. 3, 2010.
[59] Opendaylight user guide (2020), https://docs.opendaylight.org/en/stable-fluorine/user-guide/alto-user-guide.html. (Accessed on 11 March 2020)
[60] Uppal, H.; Brandon, D., OpenFlow Based Load BalancingCSE561: Networking Project Report, University of Washington (2010), Citeseer
[61] Gude, N.; Koponen, T.; Pettit, J.; Pfaff, B.; Casado, M.; McKeown, N.; Shenker, S., NOX: towards an operating system for networks, ACM SIGCOMM Comput. Commun. Rev., 38, 3, 105-110 (2008)
[62] Dhamecha, K.; Trivedi, B., Sdn issues-a survey, Int. J. Comput. Appl., 73, 18 (2013)
[63] Voellmy, A.; Hudak, P., Nettle: Taking the sting out of programming network routers, (International Symposium on Practical Aspects of Declarative Languages (2011), Springer), 235-249
[64] Stallings, W., Software-defined networks and openflow, Internet Protocol J., 16, 1, 2-14 (2013)
[65] Hu, F.; Hao, Q.; Bao, K., A survey on software-defined network and openflow: From concept to implementation, IEEE Commun. Surv. Tutor., 16, 4, 2181-2206 (2014)
[66] Manso, P.; Moura, J.; Serrão, C., SDN-based intrusion detection system for early detection and mitigation of DDoS attacks, Information, 10, 3, 106 (2019)
[67] Zheng, J.; Li, Q.; Gu, G.; Cao, J.; Yau, D. K.; Wu, J., Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis, IEEE Trans. Inf. Forensics Secur., 13, 7, 1838-1853 (2018)
[68] Xu, Y.; Liu, Y., DDoS attack detection under SDN context, (IEEE INFOCOM 2016-the 35th Annual IEEE International Conference on Computer Communications (2016), IEEE), 1-9
[69] Liu, Z.; Campbell, R. H.; Mickunas, M., Active security support for active networks, IEEE Trans. Syst. Man Cybern. C Appl. Rev., 33, 4, 432-445 (2003)
[70] Shin, S. W.; Porras, P.; Yegneswaran, V.; Gu, G., A framework for integrating security services into software-defined networks, (Open Networking Summit (2013), Open Networking Summit)
[71] X. Wen, Y. Chen, C. Hu, C. Shi, Y. Wang, Towards a secure controller platform for openflow applications, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 171-172.
[72] Hartman, S.; Wasserman, M.; Zhang, D., Security requirements in the software defined networking model (2013), Internet Engineering Task Force, Internet-Draft draft-hartman-sdnsec-requirements-01
[73] Xie, H.; Tsou, T.; Lopez, D.; Yin, H.; Gurbani, V., Use cases for ALTO with software defined networks (2012), Working Draft, IETF Secretariat, Internet-Draft draft-xie-alto-sdn-extension-use-cases-01. txt
[74] J. Naous, D. Erickson, G.A. Covington, G. Appenzeller, N. McKeown, Implementing an OpenFlow switch on the NetFPGA platform, in: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, 2008, pp. 1-9.
[75] S. Shin, V. Yegneswaran, P. Porras, G. Gu, Avant-guard: Scalable and vigilant switch flow management in software-defined networks, in: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 413-424.
[76] Yao, G.; Bi, J.; Guo, L., On the cascading failures of multi-controllers in software defined networks, (2013 21st IEEE International Conference on Network Protocols. 2013 21st IEEE International Conference on Network Protocols, ICNP (2013), IEEE), 1-2
[77] Crippling cyber-attacks (1998), https://www.bbc.com/news/technology-35376327. 25/3/2019, (Accessed on 13 February 2020)
[78] N.Z. Bawany, J.A. Shamsi, Application layer DDoS attack defense framework for smart city using SDN, in: The Third International Conference on Computer Science, Computer Engineering, and Social Media, CSCESM2016, 2016, p. 1.
[79] Jajodia, S.; Kant, K.; Samarati, P.; Singhal, A.; Swarup, V.; Wang, C., Secure Cloud Computing (2014), Springer
[80] Bu, S.; Yu, F. R.; Liu, X. P.; Tang, H., Structural results for combined continuous user authentication and intrusion detection in high security mobile ad-hoc networks, IEEE Trans. Wireless Commun., 10, 9, 3064-3073 (2011)
[81] Sezer, S.; Scott-Hayward, S.; Chouhan, P. K.; Fraser, B.; Lake, D.; Finnegan, J.; Viljoen, N.; Miller, M.; Rao, N., Are we ready for SDN? Implementation challenges for software-defined networks, IEEE Commun. Mag., 51, 7, 36-43 (2013)
[82] A. Wang, Y. Guo, F. Hao, T. Lakshman, S. Chen, Scotch: Elastically scaling up sdn control-plane using vswitch based overlay, in: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, 2014, pp. 403-414.
[83] Yan, Q.; Yu, F.; Gong, Q.; Li, J., Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges, IEEE Commun. Surv. Tutor., 18, 1, 602-622 (2015)
[84] Ubale, T.; Jain, A. K., Taxonomy of DDoS attacks in software-defined networking environment, (International Conference on Futuristic Trends in Network and Communication Technologies (2018), Springer), 278-291
[85] Wang, B.; Zheng, Y.; Lou, W.; Hou, Y., DDoS attack protection in the era of cloud computing and software-defined networking, Comput. Netw., 81, 308-319 (2015)
[86] D. Kreutz, F.M. Ramos, P. Verissimo, Towards secure and dependable software-defined networks, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 55-60.
[87] Schehlmann, L.; Abt, S.; Baier, H., Blessing or curse? Revisiting security aspects of software-defined networking, (10th International Conference on Network and Service Management (CNSM) and Workshop (2014), IEEE), 382-387
[88] Open Networking Specifications 1.5.1, Vol. 3 (2015), Open Networking Foundation
[89] Spitznagel, E.; Taylor, D.; Turner, J., Packet classification using extended TCAMs, (11th IEEE International Conference on Network Protocols, 2003. Proceedings (2003), IEEE), 120-131
[90] Parashar, M.; Poonia, A.; Satish, K., A survey of attacks and their mitigations in software defined networks, (2019 10th International Conference on Computing, Communication and Networking Technologies. 2019 10th International Conference on Computing, Communication and Networking Technologies, ICCCNT (2019), IEEE), 1-8
[91] Akhunzada, A.; Ahmed, E.; Gani, A.; Khan, M. K.; Imran, M.; Guizani, S., Securing software defined networks: taxonomy, requirements, and open issues, IEEE Commun. Mag., 53, 4, 36-44 (2015)
[92] Dover, J. M., A Denial of Service Attack Against the Open Floodlight SDN ControllerTech. Rep. (2013), Dover Networks
[93] Kandoi, R.; Antikainen, M., Denial-of-service attacks in OpenFlow SDN networks, (2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) (2015), IEEE), 1322-1326
[94] Zhang, P.; Wang, H.; Hu, C.; Lin, C., On denial of service attacks in software defined networks, IEEE Netw., 30, 6, 28-33 (2016)
[95] Shannon, C. E., A mathematical theory of communication, Bell Syst. Tech. J., 27, 379-423 (1948) · Zbl 1154.94303
[96] Bennett, C. H.; Gács, P.; Li, M.; Vitányi, P. M.; Zurek, W. H., Information distance, IEEE Trans. Inform. Theory, 44, 4, 1407-1423 (1998) · Zbl 0964.94010
[97] Giotis, K.; Argyropoulos, C.; Androulidakis, G.; Kalogeras, D.; Maglaris, V., Combining openFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments, Comput. Netw., 62, 122-136 (2014)
[98] Wang, R.; Jia, Z.; Ju, L., An entropy-based distributed DDoS detection mechanism in software-defined networking, (2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1 (2015), IEEE), 310-317
[99] Mousavi, S. M.; St-Hilaire, M., Early detection of DDoS attacks against SDN controllers, (2015 International Conference on Computing, Networking and Communications. 2015 International Conference on Computing, Networking and Communications, ICNC (2015), IEEE), 77-81
[100] Boite, J.; Nardin, P.-A.; Rebecchi, F.; Bouet, M.; Conan, V., Statesec: Stateful monitoring for DDoS protection in software defined networks, (2017 IEEE Conference on Network Softwarization. 2017 IEEE Conference on Network Softwarization, NetSoft (2017), IEEE), 1-9
[101] Tsai, S.-C.; Liu, I.-H.; Lu, C.-T.; Chang, C.-H.; Li, J.-S., Defending cloud computing environment against the challenge of DDoS attacks based on software defined network, (Advances in Intelligent Information Hiding and Multimedia Signal Processing (2017), Springer), 285-292
[102] Kalkan, K.; Altay, L.; Gür, G.; Alagöz, F., JESS: Joint entropy-based DDoS defense scheme in SDN, IEEE J. Sel. Areas Commun., 36, 10, 2358-2372 (2018)
[103] Sahoo, K. S.; Puthal, D.; Tiwary, M.; Rodrigues, J. J.; Sahoo, B.; Dash, R., An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics, Future Gener. Comput. Syst., 89, 685-697 (2018)
[104] Sahoo, K. S.; Tiwary, M.; Sahoo, B., Detection of high rate DDoS attack from flash events using information metrics in software defined networks, (2018 10th International Conference on Communication Systems & Networks. 2018 10th International Conference on Communication Systems & Networks, COMSNETS (2018), IEEE), 421-424
[105] Jiang, Y.; Zhang, X.; Zhou, Q.; Cheng, Z., An entropy-based DDoS defense mechanism in software defined networks, (International Conference on Communicatins and Networking in China (2016), Springer), 169-178
[106] Hong, G.-C.; Lee, C.-N.; Lee, M.-F., Dynamic threshold for DDoS mitigation in SDN environment, (2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference. 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference, APSIPA ASC (2019), IEEE), 1-7
[107] Bawany, N. Z.; Shamsi, J. A., SEAL: SDN based secure and agile framework for protecting smart city applications from DDoS attacks, J. Netw. Comput. Appl., 145, Article 102381 pp. (2019)
[108] Ahalawat, A.; Dash, S. S.; Panda, A.; Babu, K. S., Entropy based DDoS detection and mitigation in openflow enabled SDN, (2019 International Conference on Vision Towards Emerging Trends in Communication and Networking. 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking, ViTECoN (2019), IEEE), 1-5
[109] M. Xuanyuan, V. Ramsurrun, A. Seeam, Detection and mitigation of DDoS attacks using conditional entropy in software-defined networking.
[110] Cui, J.; Wang, M.; Luo, Y.; Zhong, H., DDoS detection and defense mechanism based on cognitive-inspired computing in SDN, Future Gener. Comput. Syst., 97, 275-283 (2019)
[111] Li, R.; Wu, B., Early detection of DDoS based on phi-entropy in SDN networks, (2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference, Vol. 1. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference, Vol. 1, ITNEC (2020), IEEE), 731-735
[112] Pitropakis, N.; Panaousis, E.; Giannetsos, T.; Anastasiadis, E.; Loukas, G., A taxonomy and survey of attacks against machine learning, Comp. Sci. Rev., 34, Article 100199 pp. (2019)
[113] Bindra, N.; Sood, M., Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset, Autom. Control Comput. Sci., 53, 5, 419-428 (2019)
[114] Niyaz, Q.; Sun, W.; Javaid, A. Y., A deep learning based DDoS detection system in software-defined networking (SDN) (2016), arXiv preprint arXiv:1611.07400
[115] Hurley, T.; Perdomo, J. E.; Perez-Pons, A., HMM-based intrusion detection system for software defined networking, (2016 15th IEEE International Conference on Machine Learning and Applications. 2016 15th IEEE International Conference on Machine Learning and Applications, ICMLA (2016), IEEE), 617-621
[116] A. Alshamrani, A. Chowdhary, S. Pisharody, D. Lu, D. Huang, A defense system for defeating DDoS attacks in SDN based networks, in: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, 2017, pp. 83-92.
[117] Hu, D.; Hong, P.; Chen, Y., FADM: DDoS flooding attack detection and mitigation system in software-defined networking, (GLOBECOM 2017-2017 IEEE Global Communications Conference (2017), IEEE), 1-7
[118] A.B. Dehkordi, M. Soltanaghaie, F.Z. Boroujeni, A New DDoS Detection Method in Software Defined Network.
[119] Li, J.; Zhao, Z.; Li, R.; Zhang, H., Ai-based two-stage intrusion detection for software defined iot networks, IEEE Internet Things J., 6, 2, 2093-2102 (2018)
[120] Guozi, S.; JIANG, W.; Yu, G.; Danni, R.; Huakang, L., DDoS attacks and flash event detection based on flow characteristics in SDN, (2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance. 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance, AVSS (2018), IEEE), 1-6
[121] Deepa, V.; Sudar, K.; Deepalakshmi, P., Design of ensemble learning methods for DDoS detection in SDN environment, (2019 International Conference on Vision Towards Emerging Trends in Communication and Networking. 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking, ViTECoN (2019), IEEE), 1-6
[122] Phan, T. V.; Park, M., Efficient distributed denial-of-service attack defense in SDN-based cloud, IEEE Access, 7, 18701-18714 (2019)
[123] Myint Oo, M.; Kamolphiwong, S.; Kamolphiwong, T.; Vasupongayya, S., Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN), J. Comput. Netw. Commun., 2019 (2019)
[124] Li, J.; Liu, Y.; Gu, L., DDoS attack detection based on neural network, (2010 2nd International Symposium on Aware Computing (2010), IEEE), 196-199
[125] Braga, R.; Mota, E.; Passito, A., Lightweight DDoS flooding attack detection using NOX/OpenFlow, (IEEE Local Computer Network Conference (2010), IEEE), 408-415
[126] Cui, Y.; Yan, L.; Li, S.; Xing, H.; Pan, W.; Zhu, J.; Zheng, X., SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks, J. Netw. Comput. Appl., 68, 65-79 (2016)
[127] Cui, J.; He, J.; Xu, Y.; Zhong, H., TDDAD: Time-based detection and defense scheme against DDoS attack on SDN controller, (Australasian Conference on Information Security and Privacy (2018), Springer), 649-665 · Zbl 06944270
[128] Li, C.; Wu, Y.; Yuan, X.; Sun, Z.; Wang, W.; Li, X.; Gong, L., Detection and defense of DDoS attack-based on deep learning in OpenFlow-based SDN, Int. J. Commun. Syst., 31, 5, Article e3497 pp. (2018)
[129] Nam, T. M.; Phong, P. H.; Khoa, T. D.; Huong, T. T.; Nam, P. N.; Thanh, N. H.; Thang, L. X.; Tuan, P. A.; Loi, V. D., Self-organizing map-based approaches in DDoS flooding detection using SDN, (2018 International Conference on Information Networking. 2018 International Conference on Information Networking, ICOIN (2018), IEEE), 249-254
[130] Novaes, M. P.; Carvalho, L. F.; Lloret, J.; Proença, M. L., Long short-term memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment, IEEE Access, 8, 83765-83781 (2020)
[131] Dotcenko, S.; Vladyko, A.; Letenko, I., A fuzzy logic-based information security management for software-defined networks, (16th International Conference on Advanced Communication Technology (2014), IEEE), 167-171
[132] Chin, T.; Mountrouidou, X.; Li, X.; Xiong, K., Selective packet inspection to detect DoS flooding using software defined networking (SDN), (2015 IEEE 35th International Conference on Distributed Computing Systems Workshops (2015), IEEE), 95-99
[133] Xiao, P.; Li, Z.; Qi, H.; Qu, W.; Yu, H., An efficient DDoS detection with bloom filter in SDN, (2016 IEEE Trustcom/BigDataSE/ISPA (2016), IEEE), 1-6
[134] AlEroud, A.; Alsmadi, I., Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach, J. Netw. Comput. Appl., 80, 152-164 (2017)
[135] Conti, M.; Gangwal, A.; Gaur, M. S., A comprehensive and effective mechanism for DDoS detection in SDN, (2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications. 2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications, WiMob (2017), IEEE), 1-8
[136] Kalkan, K.; Gür, G.; Alagöz, F., Sdnscore: A statistical defense mechanism against DDoS attacks in sdn environment, (2017 IEEE Symposium on Computers and Communications. 2017 IEEE Symposium on Computers and Communications, ISCC (2017), IEEE), 669-675
[137] Wang, J.; Wen, R.; Li, J.; Yan, F.; Zhao, B.; Yu, F., Detecting and mitigating target link-flooding attacks using sdn, IEEE Trans. Dependable Secure Comput., 16, 6, 944-956 (2018)
[138] Wang, H.; Xu, L.; Gu, G., Floodguard: A dos attack prevention extension in software-defined networks, (2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2015), IEEE), 239-250
[139] Piedrahita, A. F.M.; Rueda, S.; Mattos, D. M.; Duarte, O. C.M., Flowfence: a denial of service defense system for software defined networking, (2015 Global Information Infrastructure and Networking Symposium. 2015 Global Information Infrastructure and Networking Symposium, GIIS (2015), IEEE), 1-6
[140] Wang, X.; Chen, M.; Xing, C., SDSNM: a software-defined security networking mechanism to defend against DDoS attacks, (2015 Ninth International Conference on Frontier of Computer Science and Technology (2015), IEEE), 115-121
[141] Yuan, B.; Zou, D.; Yu, S.; Jin, H.; Qiang, W.; Shen, J., Defending against flow table overloading attack in software-defined networks, IEEE Trans. Serv. Comput., 12, 2, 231-246 (2016)
[142] Dridi, L.; Zhani, M. F., SDN-guard: DoS attacks mitigation in SDN networks, (2016 5th IEEE International Conference on Cloud Networking. 2016 5th IEEE International Conference on Cloud Networking, Cloudnet (2016), IEEE), 212-217
[143] Phan, T. V.; Van Toan, T.; Van Tuyen, D.; Huong, T. T.; Thanh, N. H., OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks, (2016 IEEE Sixth International Conference on Communications and Electronics. 2016 IEEE Sixth International Conference on Communications and Electronics, ICCE (2016), IEEE), 13-18
[144] Sahay, R.; Blanc, G.; Zhang, Z.; Debar, H., ArOMA: An SDN based autonomic DDoS mitigation framework, Comput. Secur., 70, 482-499 (2017)
[145] Hameed, S.; Ahmed Khan, H., SDN based collaborative scheme for mitigation of DDoS attacks, Future Internet, 10, 3, 23 (2018)
[146] Conti, M.; Lal, C.; Mohammadi, R.; Rawat, U., Lightweight solutions to counter DDoS attacks in software defined networking, Wirel. Netw., 25, 5, 2751-2768 (2019)
[147] Karmakar, K. K.; Varadharajan, V.; Tupakula, U., Mitigating attacks in software defined networks, Cluster Comput., 22, 4, 1143-1157 (2019)
[148] Wang, Y.; Hu, T.; Tang, G.; Xie, J.; Lu, J., SGS: Safe-guard scheme for protecting control plane against DDoS attacks in software-defined networking, IEEE Access, 7, 34699-34710 (2019)
[149] Da Silva, A. S.; Machado, C. C.; Bisol, R. V.; Granville, L. Z.; Schaeffer-Filho, A., Identification and selection of flow features for accurate traffic classification in SDN, (2015 IEEE 14th International Symposium on Network Computing and Applications (2015), IEEE), 134-141
[150] Agarwal, S.; Kodialam, M.; Lakshman, T., Traffic engineering in software defined networks, (2013 Proceedings IEEE INFOCOM (2013), IEEE), 2211-2219
[151] C.E. Rothenberg, M.R. Nascimento, M.R. Salvador, C.N.A. Corrêa, S. Cunha de Lucena, R. Raszuk, Revisiting routing control platforms with the eyes and muscles of software-defined networking, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 13-18.
[152] Xie, J.; Yu, F. R.; Huang, T.; Xie, R.; Liu, J.; Wang, C.; Liu, Y., A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges, IEEE Commun. Surv. Tutor., 21, 1, 393-430 (2018)
[153] Vissicchio, S.; Vanbever, L.; Bonaventure, O., Opportunities and research challenges of hybrid software defined networks, ACM SIGCOMM Comput. Commun. Rev., 44, 2, 70-75 (2014)
[154] J. McCauley, A. Panda, M. Casado, T. Koponen, S. Shenker, Extending SDN to large-scale networks, Open Networking Summit, 2013, pp. 1-2.
[155] S. Hassas Yeganeh, Y. Ganjali, Kandoo: a framework for efficient and scalable offloading of control applications, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 19-24.
[156] Li, W.; Meng, W.; Kwok, L. F., A survey on openFlow-based software defined networks: Security challenges and countermeasures, J. Netw. Comput. Appl., 68, 126-139 (2016)
[157] Bhatia, S.; Mohay, G.; Tickle, A.; Ahmed, E., Parametric differences between a real-world distributed denial-of-service attack and a flash event, (2011 Sixth International Conference on Availability, Reliability and Security (2011), IEEE), 210-217
[158] Behal, S.; Kumar, K.; Sachdeva, M., Characterizing DDoS attacks and flash events: Review, research gaps and future directions, Comp. Sci. Rev., 25, 101-114 (2017)
[159] Floyd, S.; Paxson, V., Difficulties in simulating the Internet, IEEE/ACM Trans. Netw., 9, 4, 392-403 (2001)
[160] Yao, L.; Hong, P.; Zhou, W., Evaluating the controller capacity in software defined networking, (2014 23rd International Conference on Computer Communication and Networks. 2014 23rd International Conference on Computer Communication and Networks, ICCCN (2014), IEEE), 1-6
[161] Wang, P.; Chao, K.-M.; Lin, H.-C.; Lin, W.-H.; Lo, C.-C., An efficient flow control approach for SDN-based network threat detection and migration using support vector machine, (2016 IEEE 13th International Conference on E-Business Engineering. 2016 IEEE 13th International Conference on E-Business Engineering, ICEBE (2016), IEEE), 56-63
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.