Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN

Raja Majid Ali Ujjan, Zeeshan Pervez*, Keshav Dahal, Ali Kashif Bashi, Rao Mumtaz, J. González

*Corresponding author for this work

Research output: Contribution to journalArticle

Abstract

Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade\- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95\% of True Positive rate with less than 4\% of False Positive rate within sFlow based implementation compared to adaptive polling.
Original languageEnglish
JournalFuture Generation Computer Systems
Early online date1 Nov 2019
DOIs
Publication statusE-pub ahead of print - 1 Nov 2019

Fingerprint

Sampling
Intrusion detection
Heterogeneous networks
Processing
Computer networks
Switches
Hardware
Data storage equipment
Deep learning
Software defined networking
Internet of things
Denial-of-service attack

Keywords

  • DDoS
  • IoT
  • SDN
  • Snort
  • Sampling

Cite this

@article{5b7a5c7fe461406a9ba253188b2293c6,
title = "Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN",
abstract = "Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade\- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95\{\%} of True Positive rate with less than 4\{\%} of False Positive rate within sFlow based implementation compared to adaptive polling.",
keywords = "DDoS, IoT, SDN, Snort, Sampling",
author = "Ujjan, {Raja Majid Ali} and Zeeshan Pervez and Keshav Dahal and {Kashif Bashi}, Ali and Rao Mumtaz and J. Gonz{\'a}lez",
year = "2019",
month = "11",
day = "1",
doi = "10.1016/j.future.2019.10.015",
language = "English",
journal = "Future Generation Computer Systems",
issn = "0167-739X",
publisher = "Elsevier B.V.",

}

Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. / Ujjan, Raja Majid Ali; Pervez, Zeeshan; Dahal, Keshav; Kashif Bashi, Ali; Mumtaz, Rao ; González, J.

In: Future Generation Computer Systems, 01.11.2019.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN

AU - Ujjan, Raja Majid Ali

AU - Pervez, Zeeshan

AU - Dahal, Keshav

AU - Kashif Bashi, Ali

AU - Mumtaz, Rao

AU - González, J.

PY - 2019/11/1

Y1 - 2019/11/1

N2 - Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade\- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95\% of True Positive rate with less than 4\% of False Positive rate within sFlow based implementation compared to adaptive polling.

AB - Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade\- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95\% of True Positive rate with less than 4\% of False Positive rate within sFlow based implementation compared to adaptive polling.

KW - DDoS

KW - IoT

KW - SDN

KW - Snort

KW - Sampling

U2 - 10.1016/j.future.2019.10.015

DO - 10.1016/j.future.2019.10.015

M3 - Article

JO - Future Generation Computer Systems

JF - Future Generation Computer Systems

SN - 0167-739X

ER -