Detection of DDoS Attacks in SDN Switches with Deep Learning and Swarm Intelligence Approach
Subject Areas : IOT
Mohsen Eghbali
1
,
Mohammadreza Mollkhalili Maybodi
2
1 - Department of Computer Engineering, Maybod Branch, Islamic Azad University, Maybod, Iran
2 - Department of Computer Engineering, Maybod Branch, Islamic Azad University, Maybod, Iran
Keywords: Internet of Things, DDoS attacks, Deep learning, Intrusion Detection System, SDN network,
Abstract :
This paper introduces an efficient intrusion detection system for the Internet of Things, addressing the challenge of malware-infected IoT nodes acting as botnet attackers, along with issues in existing intrusion detection systems such as feature selection, data imbalance, and centralization. The proposed system leverages the distributed architecture of SDN. The method begins by balancing the dataset using the SMOTE technique. Essential features are then selected using the African Vulture Optimization Algorithm. Subsequently, an LSTM deep learning model is trained within the SDN controller. SDN switches utilize this trained model for attack detection. To enhance attack mitigation, attacking node addresses are shared among SDN switches, ensuring consistent recognition and enabling effective Distributed Denial-of-Service (DDoS) attack prevention across the network. Experimental results obtained in MATLAB, using the NSL-KDD dataset, demonstrate the proposed method’s effectiveness, achieving an accuracy of 99.34%, a sensitivity of 99.16%, and a precision of 98.93% in attack detection. The proposed method outperforms feature selection methods based on WOA, HHO, and AO algorithms, and deep learning methods like LSTM, RNN, and CNN, particularly in detecting DDoS attacks.
Development of a distributed intrusion detection system based on SDN architecture.
Dataset balancing using SMOTE method in SDN controller.
Introduction of a feature selection and binary version of the AVOA for attack detection.
Integration of swarm intelligence and LSTM deep learning in SDN network to detect IoT attacks.
[1] B. Kaur, S. Dadkhah, F. Shoeleh, E. C. P. Neto, P. Xiong, S. Iqbal, P. Lamontagne, S. Ray and A. A. Ghorbani," Internet of things (IoT) security dataset evolution: Challenges and future directions," Internet of Things., vol. 22, p. 100780, July. 2023, doi: 10.1016/j.iot.2023.100780.
[2] H. Kareemullah, D. Najumnissa, M. M. Shajahan, M. Abhineshjayram, V. Mohan and S. A. Sheerin, "Robotic Arm controlled using IoT application," Computers and Electrical Engineering., vol. 105, p. 108539, Jun. 2023, doi: 10.1016/j.compeleceng.2022.108539.
[3] O. E. Tayfour, A. Mubarakali, A. E. Tayfour, M. N. Marsono, E. Hassan and A. M. Abdelrahman, "Adapting deep learning-LSTM method using optimized dataset in SDN controller for secure IoT," Soft Computing., pp. 1-9, Mar. 2023, doi: 10.1007/s00500-023-08348-w.
[4] A. Bashaiwth, H. Binsalleeh and B. AsSadhan, "An Explanation of the LSTM Model Used for DDoS Attacks Classification," Applied Sciences, vol. 13, no. 15, pp. 1-30, Jul. 2023, doi: 10.3390/app13158820.
[5] DDoS Attacks History. Radware. Available online: https://www.radware.com/security/ddos-knowledge-center/ddos-chronicles/ddos-attacks-history, accessed on 17 July 2023.
[6] K. P. Reddy, K. R. Raju, K. C. Mouli and M. Praveen, "An intelligent network intrusion detection system for anomaly analyzer using machine learning for software defined networks," In AIP Conference Proceedings, vol. 2548, no. 1, July 2023, doi: 10.1063/5.0118479.
[7] R. J. Gohari, L. Aliahmadipour and M. K. Rafsanjani, "Deep learning-based intrusion detection systems: A comprehensive survey of four main fields of cyber security," Journal of Mahani Mathematical Research Center, vol. 12, no. 2, pp. 289-324, May. 2023, doi: 10.22103/jmmr.2022.19961.1305.
[8] A. Javadpour, P. Pinto, F. Ja’fari and W. Zhang, "DMAIDPS: a distributed multi-agent intrusion detection and prevention system for cloud IoT environments," Cluster Computing, vol. 26, no. 1, pp. 367-384, May. 2022, doi: 10.1007/s10586-022-03621-3.
[9] S. Javanmardi, M. Shojafar, R. Mohammadi, M. Alazab and A. M. Caruso, "An SDN perspective IoT-Fog security: A survey," Computer Networks, vol. 229, p. 109732, June. 2023, doi: 10.1016/j.comnet.2023.109732.
[10] P. Kumari and A. K. Jain, "A comprehensive study of DDoS attacks over IoT network and their countermeasures," Computers & Security, vol. 127, p. 103096, April 2023, doi: 10.1016/j.cose.2023.103096.
[11] Y. Gao and M. Xu, "Defense against software-defined network topology poisoning attacks," Tsinghua Science and Technology, vol. 28, no. 1, pp. 39-46, February 2023, doi: 10.26599/TST.2021.9010077.
[12] C. Singh and A. K. Jain, "Detection and Mitigation of DDoS Attacks on SDN Controller in IoT Network using Gini Impurity," Computer Security and Reliability, pp. 1-27, May 2023, doi: 10.21203/rs.3.rs-2991752/v1.
[13] D. Jin, S. Chen, H. He, X. Jiang, S. Cheng and J. Yang, "Federated Incremental Learning based Evolvable Intrusion Detection System for Zero-Day Attacks," IEEE Network, vol. 37, no. 1, pp. 125-132, April 2023, doi: 10.1109/MNET.018.2200349.
[14] O. Habibi, M. Chemmakha, and M. Lazaar, "Imbalanced tabular data modelization using CTGAN and machine learning to improve IoT Botnet attacks detection," Engineering Applications of Artificial Intelligence, vol. 118, p. 105669, Feb. 2023, doi: 10.1016/j.engappai.2022.105669.
[15] B. Abdollahzadeh, F. S. Gharehchopogh and S. Mirjalili, "African vultures optimization algorithm: A new nature-inspired metaheuristic algorithm for global optimization problems," Computers & Industrial Engineering, vol. 158, p. 107408, 2021, doi: 10.1016/j.cie.2021.107408.
[16] R. M. A. Haseeb-ur-rehman, A. H. M. Aman, M. K. Hasan, K. A. Z. Ariffin, A. Namoun, A. Tufail and K. H. Kim, "High-Speed Network DDoS Attack Detection: A Survey," Sensors, vol. 23, no. 6850, Aug. 2023, doi: 10.3390/s23156850.
[17] S. Ullah, Z. Mahmood, N. Ali, T. Ahmad and A. Buriro, "Machine Learning-Based Dynamic Attribute Selection Technique for DDoS Attack Classification in IoT Networks," Computers, vol. 12, no. 115, May 2023, doi: 10.3390/computers12060115.
[18] Ö. Tonkal, H. Polat, E. Başaran, Z. Cömert and R. Kocaoğlu, "Machine learning approach equipped with neighbourhood component analysis for DDoS attack detection in software-defined networking," Electronics, vol. 10, no. 11, p. 1227, 2021, doi: 10.3390/electronics10111227.
[19] H. Zhou, Y. Zheng, X. Jia and J. Shu, "Collaborative prediction and detection of DDoS attacks in edge computing: A deep learning-based approach with distributed SDN," Computer Networks, vol. 225, p. 109642, April 2023, doi: 10.1016/j.comnet.2023.109642.
[20] M. Cherian and S. L. Varma, "Secure SDN–IoT Framework for DDoS Attack Detection Using Deep Learning and Counter Based Approach," Journal of Network and Systems Management, vol. 31, no. 54, 2023, doi: 10.1007/s10922-023-09749-w.
[21] T. M. Ghazal, N. A. Al-Dmour, R. A. Said, A. Omidvar, U. Y. Khan, T. R. Soomro, H. M. Alzoubi, M. Alshurideh, T. M. Abdellatif, A. Moubayed and L. Ali, "DDoS Intrusion Detection with Ensemble Stream Mining for IoT Smart Sensing Devices," In The Effect of Information Technology on Business and Marketing Intelligence Systems, pp. 1987-2012, 2023, doi: 10.1007/978-3-031-12382-5_109.
[22] X. H. Nguyen and K. H. Le, "Robust detection of unknown DoS/DDoS attacks in IoT networks using a hybrid learning model," Internet of Things, vol. 23, p. 100851, 2023, doi: 10.1016/j.iot.2023.100851.
[23] A. Hekmati, N. Jethwa, E. Grippo and B. Krishnamachari, "Correlation-Aware Neural Networks for DDoS Attack Detection In IoT Systems," Computer Science, Feb. 2023,
doi: 10.48550/arXiv.2302.07982.
[24] N. Pandey and P. K. Mishra, "Performance analysis of entropy variation-based detection of DDoS attacks in IoT," Internet of Things, vol. 23, p. 100812, October. 2023, doi: 10.1016/j.iot.2023.100812.
[25] P. Shukla, C. R. Krishna and N. V. Patil, "EIoT-DDoS: embedded classification approach for IoT traffic-based DDoS attacks," Cluster Computing, pp. 1-20, 2023, doi: 10.1007/s10586-023-04027-5.
[26] S. S. S. Othman, C. F. M. Foozy and S. N. B. Mustafa, "Feature Selection of Distributed Denial of Service (DDos) IoT Bot Attack Detection Using Machine Learning Techniques," Journal of Soft Computing and Data Mining, vol. 4, no. 1, pp. 63-71, 2023, doi: 10.30880/jscdm.2023.04.01.006.
[27] I. Priyadarshini, P. Mohanty, A. Alkhayyat, R. Sharma and S. Kumar, "SDN and application layer DDoS attacks detection in IoT devices by attention‐based Bi‐LSTM‐CNN," Transactions on Emerging Telecommunications Technologies, vol. 34, no. 4, pp. 1-14, Feb.2023, doi: 10.1002/ett.4758.
[28] J. N. Lee and J. Y. Lee, "An Efficient SMOTE-Based Deep Learning Model for Voice Pathology Detection," Applied Sciences, vol. 13, no. 3571, Feb. 2023, doi: 10.3390/app13063571.
[29] J. Too, A. R. Abdullah and N. Mohd Saad, "Binary competitive swarm optimizer approaches for feature selection," Computation, vol. 7, no. 31, 2019, doi: 10.3390/computation7020031.
[30] R. Elsayed, R. Hamada, M. Hammoudeh, M. Abdalla and S. A. Elsaid, "A Hierarchical Deep Learning-Based Intrusion Detection Architecture for Clustered Internet of Things," Journal of Sensor and Actuator Networks, vol. 12, no. 3, December 2022, doi: 10.3390/jsan12010003.
[31] G. Dlamini and M. Fahim, "DGM: a data generative model to improve minority class presence in anomaly detection domain," Neural Computing and Applications, vol. 33, no. 33, pp. 13635-13646, 2021, doi: 10.1007/s00521-021-05993-w.
[32] K. O. Adefemi Alimi, K. Ouahada, A. M. Abu-Mahfouz, S. Rimer and O. A. Alimi, "Refined LSTM based intrusion detection for denial-of-service attack in Internet of Things," Journal of sensor and actuator networks, vol. 11, no. 32, July 2022, doi: 10.3390/jsan11030032.
[33] M. Bakro, R. R. Kumar, A. A. Alabrah, Z. Ashraf, S. K. Bisoy, N. Parveen, S. Khawatmi and A. Abdelsalam, "Efficient Intrusion Detection System in the Cloud Using Fusion Feature Selection Approaches and an Ensemble Classifier," Electronics, vol. 12, no. 11, May 2023, doi: 10.3390/electronics12112427.
[34] M. H. Alwan, Y. I. Hammadi, O. A. Mahmood, A. Muthanna and A. Koucheryavy, "High Density Sensor Networks Intrusion Detection System for Anomaly Intruders Using the Slime Mould Algorithm," Electronics, vol. 11, no. 20, October 2022, doi: 10.3390/electronics11203332.
