Enriched Model of Case Based Reasoning and Neutrosophic Intelligent System for DDoS Attack Defence in Software Defined Network based Cloud
Article Sidebar
Main Article Content
Abstract
Software Defined Networking in Cloud paradigm is most suitable for dynamic functionality and reduces the computation complexity. The routers and switches located at the network's boundaries are managed by software-defined netwrking (SDN) using open protocols and specialised open programmable interfaces. But the security threats often degrade the performance of SDN due to its constraints of resource usage. The most sensitive components which are vulnerable to DDoS attacks are controller and control plane bandwidth. The existing conventional classification algorithms lacks in detection of new or unknown traffic packets which are malicious and results in degradation of SDN performance in cloud resources. Hence, in this paper double filtering methodology is devised to detect both known and unknown pattern of malicious packets which affects the bandwidth of the control panel and the controller. The case-based reasoning is adapted for determining the known incoming traffic patterns before entering the SDN system. It classifies the packets are normal or abnormal based on the previous information gathered. The traffic patterns which is not matched from the previous patterns is treated as indeterministic packet and it is defined more precisely using the triplet representation of Neutrosophic intelligent system. The grade of belongingness, non-belongingness and indeterminacyis used as the main factors to detect the new pattern of attacking packets more effectively. From the experimental outcomes it is proved that DDoS attack detection in SDN based cloud environment is improved by adopting CBR-NIS compared to the existing classification model.
Article Details
References
B. Rashidi, C. Fung, and E. Bertino, ``A collaborative DDoS defence framework using network function virtualization,'' IEEE Trans. Inf. Forensics Security, vol. 12, no. 10, pp. 2483_2497, 2017.
Q. Yan, W. Huang, X. Luo, Q. Gong, and F. R. Yu, ``A multi-level DDoS mitigation framework for the industrial Internet of Things,'' IEEE Commun. Mag., vol. 56, no. 2, pp. 30_36, 2018.
Sindia, Dhas, Julia. (2017). SDN based DDoS attack detection and mitigation in cloud. International Journal of Control Theory and Applications. 10. 39-47.
Yuhua Xu, Yunfeng Yu, Hanshu Hong, Zhixin Sun, "DDoS Detection Using a Cloud-Edge Collaboration Method Based on Entropy-Measuring SOM and KD-Tree in SDN", Security and Communication Networks, vol. 2021, pages 12, 2021.
G. Kaur and P. Gupta, “Classifier for DDoS attack detection in software defined networks,” Internet of Things in Business Transformation: Developing an Engineering and Business Strategy for Industry 5.0, vol. 20, pp. 71–90, 2021
Yu, S., Zhang, J., Liu, J. et al. A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN. J Wireless Com Network 2021, 90 (2021).
P. T. Dinh and M. Park, "BDF-SDN: A Big Data Framework for DDoS Attack Detection in Large-Scale SDN-Based Cloud," 2021 IEEE Conference on Dependable and Secure Computing (DSC), 2021, pp. 1-8.
Muhammad Imran, Muhammad Hanif Durad, Farrukh Aslam Khan, Abdelouahid Derhab, Towardan optimal solution against denial of service attacks in software defined networks. Future GenerationComputer Systems, 92 pages :444–453, 2019
Z. Chen, F. Jiang, Y. Cheng, X. Gu, W. Liu and J. Peng, "XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud," 2018 IEEE International Conference on Big Data and Smart Computing (BigComp), 2018, pp. 251-256,
Sufian Hameed, Hassan Ahmed Khan, SDN based collaborative scheme for mitigation of DDoS attacks.Future Internet, 10(3), 2018.
J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau,J. Wu, Realtime DDoS defense using cots SDN switches via adaptive correlation analysis, IEEE Transactions on Information Forensics and Security,13(7):1838–1853, 2018.
F. Khashab, J. Moubarak, A. Feghali and C. Bassil, "DDoS Attack Detection and Mitigation in SDN using Machine Learning," 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), 2021, pp. 395-401
M. Myint Oo, S. Kamolphiwong, T. Kamolphiwong S. Vasupongayya, "Advanced Support Vector Machine- (ASVM-) Based Detection for Distributed Denial of Service (DDoS) Attack on Software Defined Networking (SDN)", Journal of Computer Networks and Communications, vol. 2019, pp. 1-12, 2019
V. Itagi, M. Javali, H. Madhukeshwar, P. Shettar, P. Somashekar and D. G. Narayan, "DDoS Attack Detection in SDN Environment using Bi-directional Recurrent Neural Network," 2021 IEEE International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics (DISCOVER), 2021, pp. 123-128.
S. Gumaste, D. G. Narayan, S. Shinde and K Amit, "Detection of DDoS attacks in OpenStack-based private cloud using apache spark", J. Telecommun. Inf. Technol, vol. 4, pp. 62-71, Jan. 2021
Tao Wang, Hongchang Chen, Guozhen Cheng, Yulin Lu, "SDNManager: A Safeguard Architecture for SDN DoS Attacks Based on Bandwidth Prediction", Security and Communication Networks, vol. 2018, Article ID 7545079, 16 pages, 2018
Chantamit-o-pas, Pattanapong & Goyal, Madhu. (2018). A Case-Based Reasoning Framework for Prediction of Stroke. 10.1007/978-981-10-5508-9_21.
F. Smarandache, “Definition of Neutrosophic Logic – A Generalization of the Intuitionistic Fuzzy Logic”, Proceedings of the Third Conference of the European Society for FuzzyLogic and Technology, EUSFLAT 2003, September 10-12, 2003, Zittau, Germany; University of Applied Sciences at ZittauGoerlitz, 141- 146.
Smarandache, Florentin. “A Unifying Field in Logics: Neutrosophic Logic”. Philosophy (1999): 1-141.