A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks.
Software-defined networks offer a new approach that attracts the attention of most academic and industrial circles due to the features it contains. However, some loopholes make such modern networks vulnerable to many types of attacks. Among the most important types of these attacks is the Distribute...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Public Library of Science (PLoS)
2022-01-01
|
Series: | PLoS ONE |
Online Access: | https://doi.org/10.1371/journal.pone.0273681 |
_version_ | 1811260701501554688 |
---|---|
author | Fatty M Salem Hoda Youssef Ihab Ali Ayman Haggag |
author_facet | Fatty M Salem Hoda Youssef Ihab Ali Ayman Haggag |
author_sort | Fatty M Salem |
collection | DOAJ |
description | Software-defined networks offer a new approach that attracts the attention of most academic and industrial circles due to the features it contains. However, some loopholes make such modern networks vulnerable to many types of attacks. Among the most important types of these attacks is the Distributed Denial of Service (DDoS) attack, which in turn affects the network's performance and delays many real user requests. As one of the main features of SDN is the centralization of all the control plane in the SDN controller, it becomes a central point of attack that may compromise the whole network. Hence, in our proposed approach, we aim to mitigate the DDoS attack that maybe launched to compromise the SDN controller, flood the control plane and cripple the entire network. Many DDoS mitigation scheme have been proposed, however, determining the threshold between legitimate requests and malicious requests is still a challenging task. Our proposed approach relies on a two-phases algorithm that assigns a variable trust value for every user. This trust value is compared with schemes relying on a threshold value that changes dynamically and assists in detecting the DDoS attack. The first phase of our two-phases algorithm is Header fields extraction, and the second phase is calculating the trust value based on header fields information. Our proposed approach shows better performance than related detection schemes in terms of accuracy, detection rate, and false-positive rate. Where the accuracy of the system reaches up to 98.83% which is high compared to other traditional methods. |
first_indexed | 2024-04-12T18:51:32Z |
format | Article |
id | doaj.art-e684f1b3974842608c596e2533722f0a |
institution | Directory Open Access Journal |
issn | 1932-6203 |
language | English |
last_indexed | 2024-04-12T18:51:32Z |
publishDate | 2022-01-01 |
publisher | Public Library of Science (PLoS) |
record_format | Article |
series | PLoS ONE |
spelling | doaj.art-e684f1b3974842608c596e2533722f0a2022-12-22T03:20:28ZengPublic Library of Science (PLoS)PLoS ONE1932-62032022-01-01178e027368110.1371/journal.pone.0273681A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks.Fatty M SalemHoda YoussefIhab AliAyman HaggagSoftware-defined networks offer a new approach that attracts the attention of most academic and industrial circles due to the features it contains. However, some loopholes make such modern networks vulnerable to many types of attacks. Among the most important types of these attacks is the Distributed Denial of Service (DDoS) attack, which in turn affects the network's performance and delays many real user requests. As one of the main features of SDN is the centralization of all the control plane in the SDN controller, it becomes a central point of attack that may compromise the whole network. Hence, in our proposed approach, we aim to mitigate the DDoS attack that maybe launched to compromise the SDN controller, flood the control plane and cripple the entire network. Many DDoS mitigation scheme have been proposed, however, determining the threshold between legitimate requests and malicious requests is still a challenging task. Our proposed approach relies on a two-phases algorithm that assigns a variable trust value for every user. This trust value is compared with schemes relying on a threshold value that changes dynamically and assists in detecting the DDoS attack. The first phase of our two-phases algorithm is Header fields extraction, and the second phase is calculating the trust value based on header fields information. Our proposed approach shows better performance than related detection schemes in terms of accuracy, detection rate, and false-positive rate. Where the accuracy of the system reaches up to 98.83% which is high compared to other traditional methods.https://doi.org/10.1371/journal.pone.0273681 |
spellingShingle | Fatty M Salem Hoda Youssef Ihab Ali Ayman Haggag A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks. PLoS ONE |
title | A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks. |
title_full | A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks. |
title_fullStr | A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks. |
title_full_unstemmed | A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks. |
title_short | A variable-trust threshold-based approach for DDOS attack mitigation in software defined networks. |
title_sort | variable trust threshold based approach for ddos attack mitigation in software defined networks |
url | https://doi.org/10.1371/journal.pone.0273681 |
work_keys_str_mv | AT fattymsalem avariabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT hodayoussef avariabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT ihabali avariabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT aymanhaggag avariabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT fattymsalem variabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT hodayoussef variabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT ihabali variabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks AT aymanhaggag variabletrustthresholdbasedapproachforddosattackmitigationinsoftwaredefinednetworks |