TY - JOUR
T1 - Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN
AU - Ujjan, Raja Majid Ali
AU - Pervez, Zeeshan
AU - Dahal, Keshav
AU - Kashif Bashi, Ali
AU - Mumtaz, Rao
AU - González, J.
PY - 2020/10/31
Y1 - 2020/10/31
N2 - Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95% of True Positive rate with less than 4% of False Positive rate within sFlow based implementation compared to adaptive polling.
AB - Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95% of True Positive rate with less than 4% of False Positive rate within sFlow based implementation compared to adaptive polling.
KW - DDoS
KW - IoT
KW - SDN
KW - Snort
KW - Sampling
U2 - 10.1016/j.future.2019.10.015
DO - 10.1016/j.future.2019.10.015
M3 - Article
SN - 0167-739X
VL - 111
SP - 763
EP - 779
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -