Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks


Faculty of Computer Engineering, University of Isfahan, Isfahan, Iran


Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main control is made unreachable for any reason, the architecture of the network is crashed. A distributed denial of service (DDoS) attack is a threat for the SDN controller which can make it unreachable. In the previous researches in DDoS detection in SDN, not enough work has been done on improvement of accuracy in detection. The proposed solution of this research can detect DDoS attack on SDN controller with a noticeable accuracy and prevents serious damage to the controller. For this purpose, fast entropy of each flow is computed at certain time intervals. Then, by the use of adaptive threshold, the possibility of a DDoS attack is investigated. In order to achieve more accuracy, another method, computing flow initiation rate, is used alongside. After observation of the results of this two methods, according to the described conditions, the existence of an attack is confirmed or rejected, or this decision is made at the next step of the algorithm, with further study of flow statistics of network switches by the perceptron neural network. The evaluation results show that the proposed algorithm has been able to make a significant improvement in detection rate and a reduction in false alarm rate compared to closest previous work, besides maintaining the average detection time on an acceptable level.


1.     Ali, S.T., Sivaraman, V., Radford, A. and Jha, S., "A survey of securing networks using software defined networking", IEEE Transactions on Reliability,  Vol. 64, No. 3, (2015), 1086-1097.
2.     Vizváry, M. and Vykopal, J., "Future of ddos attacks mitigation in software defined networks", in IFIP International Conference on Autonomous Infrastructure, Management and Security, Springer., (2014), 123-127.
3.     Wang, H.-z., Zhang, P., Xiong, L., Liu, X. and Hu, C.-c., "A secure and high-performance multi-controller architecture for software-defined networking", Frontiers of Information Technology & Electronic Engineering,  Vol. 17, No. 7, (2016), 634-646.
4.     Oktian, Y.E., Lee, S. and Lee, H., "Mitigating denial of service (dos) attacks in openflow networks", in Information and Communication Technology Convergence (ICTC), 2014 International Conference on, IEEE., (2014), 325-330.
5.     Jeyanthi, N., Shabeeb, H., Durai, M.S. and Thandeeswaran, R., "Rescue: Reputation based service for cloud user environment", International Journal of Engineering-Transactions B: Applications,  Vol. 27, No. 8, (2014), 1179-1185.
6.     Yan, Q. and Yu, F.R., "Distributed denial of service attacks in software-defined networking with cloud computing", IEEE Communications Magazine,  Vol. 53, No. 4, (2015), 52-59.
7.     Braga, R., Mota, E. and Passito, A., "Lightweight ddos flooding attack detection using nox/openflow", in Local Computer Networks (LCN), 2010 IEEE 35th Conference on, IEEE., (2010), 408-415.
8.     Bohlooli, A. and Jamshidi, K., "A gps-free method for vehicle future movement directions prediction using som for vanet", Applied Intelligence,  Vol. 36, No. 3, (2012), 685-697.
9.     No, G. and Ra, I., "Adaptive ddos detector design using fast entropy computation method", in Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2011 Fifth International Conference on, IEEE., (2011), 86-93.
10.   David, J. and Thomas, C., "Ddos attack detection using fast entropy approach on flow-based network traffic", Procedia Computer Science,  Vol. 50, (2015), 30-36.
11.   Lim, S., Yang, S., Kim, Y., Yang, S. and Kim, H., "Controller scheduling for continued sdn operation under ddos attacks", Electronics Letters,  Vol. 51, No. 16, (2015), 1259-1261.
12.   Mousavi, S.M. and St-Hilaire, M., "Early detection of ddos attacks against sdn controllers", in Computing, Networking and Communications (ICNC), International Conference on, IEEE., (2015), 77-81.
13.   G., V., N., S.S. and Manikandan MSK., "Navie bayes intrusion  classification system for  voice over  internet protocol network using honeypot", International Journal of Engineering Transaction A: Basics,  Vol. 28, No. 1, (2015), 44-51.
14.   Kia, M., "Early detection and mitigation of ddos attackin software defined networks", Ryerson University, Toronto, Ontario, Canada, Ms.c.  (2015),
15.   Khozani, Z.S., Bonakdari, H. and Zaji, A., "Comparison of three soft computing methods in estimating apparent shear stress in compound channels" International Journal of Engineering Transaction C: Aspects,  Vol. 29, No. 9, (2016) , 1219-1226..
16.   Pradeep, J., Srinivasan, E. and Himavathi, S., "Neural network based recognition system integrating feature extraction and classification for english handwritten", International Journal of Engineering-Transactions B: Applications,  Vol. 25, No. 2, (2012), 99-107.
17.   Shamaei, E. and Kaedi, M., "Suspended sediment concentration estimation by stacking the genetic programming and neuro-fuzzy predictions", Applied Soft Computing,  Vol. 45, (2016), 187-196.
18.   Prete, L.R., Schweitzer, C.M., Shinoda, A.A. and de Oliveira, R.L.S., "Simulation in an sdn network scenario using the pox controller", in Communications and Computing (COLCOM), IEEE Colombian Conference on, IEEE., (2014), 1-6.
19. Bohlooli A., Jamshidi K., "Profile based routing in vehicular ad-hoc networks", Science China Information Sciences, Vol. 57, No. 6, (2014). 1-11.