TPAAD: Two-phase authentication system for denial of service attack detection and mitigation using machine learning in software-defined network

Najmun, Nisa and Adnan Shahid, Khan and Zeeshan, Ahmed and Najmun, Nisa (2024) TPAAD: Two-phase authentication system for denial of service attack detection and mitigation using machine learning in software-defined network. International Journal of Network Management, 34 (2). pp. 1-20. ISSN 2024;e2258

[img] PDF
TPAAD - Copy.pdf
Download (171kB)
Official URL: https://onlinelibrary.wiley.com/doi/full/10.1002/n...

Abstract

Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead.

Item Type: Article
Uncontrolled Keywords: attack detection, attack mitigation, CICDoS 2017 dataset, denial-of-service attacks (DoS), distributed denial-of-service (DDoS) attacks, KNN, machine learning (ML), Mininet, open flow, RYU controller, software-defined networking (SDN), SVM, Two-Phase Authentication of Attack Detection.
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Faculties, Institutes, Centres > Faculty of Computer Science and Information Technology
Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: Khan
Date Deposited: 18 Jan 2024 07:52
Last Modified: 18 Jan 2024 07:52
URI: http://ir.unimas.my/id/eprint/44224

Actions (For repository members only: login required)

View Item View Item
UNIMAS Institutional Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.