This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
DDOS Attacks-A Stealthy Way of Implementation and DetectionIJRES Journal
Cloud Computing is a new paradigm provides various host service [paas, saas, Iaas over the internet.
According to a self-service,on-demand and pay as you use business model,the customers will obtain the cloud
resources and services.It is a virtual shared service.Cloud Computing has three basic abstraction layers System
layer(Virtual Machine abstraction of a server),Platform layer(A virtualized operating system, database and
webserver of a server and Application layer(It includes Web Applications).Denial of Service attack is an attempt
to make a machine or network resource unavailable to the intended user. In DOS a user or organization is
deprived of the services of a resource they would normally expect to have.A Successful DOS attack is a highly
noticeable event impacting the entire online user base.DOS attack is found by First Mathematical Metrical
Method (Rate Controlling,Timing Window,Worst Case and Pattern Matching)DOS attack not only affect the
Quality of the service and also affect the performance of the server. DDOS attacks are launched from Botnet-A
large Cluster of Connected device(cellphone,pc or router) infected with malware that allow remote control by an
attacker. Intruder using SIPDAS in DDOS to perform attack.SIPDAS attack strategies are detected using Heap
Space Monitoring Algorithm.
Cybersecurity Threat Detection of Anomaly Based DDoS Attack Using Machine Lea...IRJET Journal
This document discusses machine learning techniques for detecting distributed denial of service (DDoS) attacks. It reviews related work applying methods like decision trees, support vector machines, naive Bayes, and deep learning to identify DDoS attacks based on network traffic patterns. The document evaluates these algorithms based on accuracy metrics and processing time. It also explores feature selection and parameter tuning to optimize model performance and training efficiency for detecting DDoS attacks.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
This document proposes a system called FireCol, which stands for a collaborative protection network for detecting flooding DDoS attacks. FireCol uses a distributed network of intrusion prevention systems located at internet service providers that form virtual protection rings around hosts. These systems collaborate by exchanging selected traffic information to detect DDoS attacks close to the source. The document outlines the architecture of FireCol and experimental results showing its effectiveness at detecting attacks with low overhead. Future work is mentioned to extend FireCol's capabilities.
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET Journal
This document proposes a method to detect HTTP GET flooding DDoS attacks in cloud computing environments using MapReduce processing. It involves integrating abnormal HTTP request detection rules analyzed through statistical analysis and thresholds into MapReduce. Suspected IP addresses are sent challenge values, and IP addresses that provide normal responses are initially allowed while abnormal responses are filtered for a period of time. MapReduce is used to analyze packet data and detect abnormal GET requests based on factors like the IP, port, and URI to identify malicious traffic patterns characteristic of DDoS attacks. The goal is to ensure availability of target systems and reliable detection of HTTP GET flooding attacks in cloud services.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
DDOS Attacks-A Stealthy Way of Implementation and DetectionIJRES Journal
Cloud Computing is a new paradigm provides various host service [paas, saas, Iaas over the internet.
According to a self-service,on-demand and pay as you use business model,the customers will obtain the cloud
resources and services.It is a virtual shared service.Cloud Computing has three basic abstraction layers System
layer(Virtual Machine abstraction of a server),Platform layer(A virtualized operating system, database and
webserver of a server and Application layer(It includes Web Applications).Denial of Service attack is an attempt
to make a machine or network resource unavailable to the intended user. In DOS a user or organization is
deprived of the services of a resource they would normally expect to have.A Successful DOS attack is a highly
noticeable event impacting the entire online user base.DOS attack is found by First Mathematical Metrical
Method (Rate Controlling,Timing Window,Worst Case and Pattern Matching)DOS attack not only affect the
Quality of the service and also affect the performance of the server. DDOS attacks are launched from Botnet-A
large Cluster of Connected device(cellphone,pc or router) infected with malware that allow remote control by an
attacker. Intruder using SIPDAS in DDOS to perform attack.SIPDAS attack strategies are detected using Heap
Space Monitoring Algorithm.
Cybersecurity Threat Detection of Anomaly Based DDoS Attack Using Machine Lea...IRJET Journal
This document discusses machine learning techniques for detecting distributed denial of service (DDoS) attacks. It reviews related work applying methods like decision trees, support vector machines, naive Bayes, and deep learning to identify DDoS attacks based on network traffic patterns. The document evaluates these algorithms based on accuracy metrics and processing time. It also explores feature selection and parameter tuning to optimize model performance and training efficiency for detecting DDoS attacks.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
This document proposes a system called FireCol, which stands for a collaborative protection network for detecting flooding DDoS attacks. FireCol uses a distributed network of intrusion prevention systems located at internet service providers that form virtual protection rings around hosts. These systems collaborate by exchanging selected traffic information to detect DDoS attacks close to the source. The document outlines the architecture of FireCol and experimental results showing its effectiveness at detecting attacks with low overhead. Future work is mentioned to extend FireCol's capabilities.
IRJET- EEDE- Extenuating EDOS for DDOS and Eluding HTTP Web based Attacks in ...IRJET Journal
This document proposes a method to detect HTTP GET flooding DDoS attacks in cloud computing environments using MapReduce processing. It involves integrating abnormal HTTP request detection rules analyzed through statistical analysis and thresholds into MapReduce. Suspected IP addresses are sent challenge values, and IP addresses that provide normal responses are initially allowed while abnormal responses are filtered for a period of time. MapReduce is used to analyze packet data and detect abnormal GET requests based on factors like the IP, port, and URI to identify malicious traffic patterns characteristic of DDoS attacks. The goal is to ensure availability of target systems and reliable detection of HTTP GET flooding attacks in cloud services.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
An approach for slow distributed denial of service attack detection and allev...nooriasukmaningtyas
Over the last few years, the need for programmable networks has captured the interest of industrialists and academicians. It has led to the development of a paradigm called software defined network (SDN). It separates the network intelligence into the control plane and forwarding logic into the data plane. This architecture gives scope to various security issues of which denial of service (DoS) is the most common and challenging to detect. This paper focuses on the detection and mitigation of a slow DoS attack called Slowloris on Apache2 server in SDN based networks. The proposed solution is called Slowloris detection and mitigation mechanism (SDMM). Mininet, an emulator, and SimpleHTTPServer are used for simulation and the same is implemented using Zodiac FX OpenFlow switch, Ryu controller and Apache2 server. SDMM algorithm detects and mitigates prolonged Slowloris attack in typical networks as well as in slow networks with low bandwidth and high delay in 240-280s with an accuracy of 100% and 98% respectively. It uses expectation of burst size as a key factor for detection.
This document describes a proposed SDN-based scheme for detecting and mitigating distributed denial-of-service (DDoS) attacks mounted by botnets. The scheme involves a DDoS blocking application running on an SDN controller that monitors network traffic flows and detects attacks. When an attack is detected, the application installs rules on SDN switches to block traffic from botnet sources while still allowing legitimate traffic. The target server implements CAPTCHA to differentiate legitimate and bot traffic during attacks. The scheme is implemented using the POX SDN controller and OpenFlow standards and tested on the Mininet emulator.
An intelligent system to detect slow denial of service attacks in software-de...IJECEIAES
Slow denial of service attack (DoS) is a tricky issue in software-defined network (SDN) as it uses less bandwidth to attack a server. In this paper, a slow-rate DoS attack called Slowloris is detected and mitigated on Apache2 and Nginx servers using a methodology called an intelligent system for slow DoS detection using machine learning (ISSDM) in SDN. Data generation module of ISSDM generates dataset with response time, the number of connections, timeout, and pattern match as features. Data are generated in a real environment using Apache2, Nginx server, Zodiac FX OpenFlow switch and Ryu controller. Monte Carlo simulation is used to estimate threshold values for attack classification. Further, ISSDM performs header inspection using regular expressions to mark flows as legitimate or attacked during data generation. The proposed feature selection module of ISSDM, called blended statistical and information gain (BSIG), selects those features that contribute best to classification. These features are used for classification by various machine learning and deep learning models. Results are compared with feature selection methods like Chi-square, T-test, and information gain.
This document summarizes a research paper that proposed and evaluated methods for mitigating denial of service (DoS) and distributed denial of service (DDoS) attacks on virtual machines. The paper implemented iptables connection limits on the host machine to prevent excessive connections from attacking IPs. It also tuned network performance by adjusting the receiving window size to maximize bandwidth utilization. The experimental results showed that the iptables security measures protected against DoS/DDoS attacks while window scaling optimization improved network performance during attacks.
Deep learning approach to DDoS attack with imbalanced data at the application...TELKOMNIKA JOURNAL
A distributed denial of service (DDoS) attack is where one or more computers attack or target a server computer, by flooding internet traffic to the server. As a result, the server cannot be accessed by legitimate users. A result of this attack causes enormous losses for a company because it can reduce the level of user trust, and reduce the company’s reputation to lose customers due to downtime. One of the services at the application layer that can be accessed by users is a web-based lightweight directory access protocol (LDAP) service that can provide safe and easy services to access directory applications. We used a deep learning approach to detect DDoS attacks on the CICDDoS 2019 dataset on a complex computer network at the application layer to get fast and accurate results for dealing with unbalanced data. Based on the results obtained, it is observed that DDoS attack detection using a deep learning approach on imbalanced data performs better when implemented using synthetic minority oversampling technique (SMOTE) method for binary classes. On the other hand, the proposed deep learning approach performs better for detecting DDoS attacks in multiclass when implemented using the adaptive synthetic (ADASYN) method.
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
Abstract Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper different types of DDoS attacks has been studied, a dumb-bell topology have been created and effect of UDP flooding attacks has been analyzed on web service by using attack tools available in DETER testbed. Throughput of web server is analyzed with and without DDoS attacks.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
Security and risk analysis in the cloud with software defined networking arch...IJECEIAES
Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both costeffective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
This document discusses detecting distributed denial-of-service (DDoS) attacks on software defined networks (SDNs). It first provides background on SDNs and DDoS attacks. It then reviews related research on DDoS detection methods for SDNs. The document evaluates these methods based on results using the KDD99 dataset in a simulated SDN environment. It finds that the Double P-value of Transductive Confidence Machines for K-Nearest Neighbors (DPTCM-KNN) method achieved the highest true positive rate and lowest false positive rate, making it the most efficient approach for detecting anomalous flows in SDNs.
Design & Implementation of Secure AODV In Multicast Routing To Detect DDOS At...IJNSA Journal
The wireless ad hoc network is particularly vulnerable to DOS attacks due to its features of open medium, dynamic changing topology, cooperative algorithms, decentralization of the protocols, and lack of a clear line of defense is a growing problem in networks today. In Mobile Ad hoc Networks (MANET), various types of Denial of Service Attacks (DOS) are possible because of the inherent limitations of its routing protocols. In this paper we will secure the MANET from the DDOS attack. DDOS attacks are similar to DOS attacks but there is a difference between them and that is DDOS attacks involve breaking in to hundreds or thousands of machines, so for this reason, this attack called Distributed. Very often, systems that use for attack is a part of the networks and users of these systems don’t know about that, their systems used for attack to another systems. This kind of attack, consume more bandwidth and uses more sources in network. . In this work, we study the effect of one of the important attacks that called DDOS in MANET on most vulnerability protocol that named AODV. The product of this study is detection of DDOS attack by
using AODV (adhoc on demand distance vector) protocol. Proposed scheme is distributed in nature it has the capability to prevent Distributed DOS (DDOS) as well..
Q-learning based distributed denial of service detectionIJECEIAES
This document summarizes a research paper that proposes a new approach for detecting distributed denial of service (DDoS) attacks in software-defined networks using Q-learning. The proposed approach uses entropy detection and Q-learning to enhance detection and reduce false positives and negatives. Results show the approach detects DDoS attacks faster than entropy detection alone and ensures service continuity for legitimate users by redirecting traffic. The approach increases throughput by up to 50% compared to other methods.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
ddo-s attacks in cloud computing issued taxonomy and future directionmoataz82
This document summarizes research on DDoS attacks in cloud computing. It begins with an introduction to the issues of DDoS attacks in cloud environments and the need for cloud-specific solutions. The document then presents a survey of contributions related to characterization, prevention, detection and mitigation of DDoS attacks in clouds. It develops a taxonomy to classify different solution approaches and identifies weaknesses that need to be addressed. It concludes by outlining design aspects for effective cloud-based DDoS attack solutions and provides evaluation metrics for comparing solutions.
This document discusses the need for a collaborative intrusion detection system (IDS) for cloud computing. It proposes a framework where IDSs in cloud computing regions would correlate alerts from multiple detectors and exchange knowledge with each other. This could help reduce the impact of large-scale coordinated attacks by providing timely notifications about new intrusions. The document reviews related work on cloud logging and forensic analysis, and describes an architecture for a collaborative IDS framework consisting of IDS managers, dispatchers, and elementary detectors that communicate via encrypted messages.
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. To provide secure and reliable services in cloud computing environment is an important issue. To counter a variety of attacks, especially large-scale coordinated attacks, a framework of Collaborative Intrusion Detection System (IDS) is proposed. The proposed system could reduce the impact of these kinds of attacks through providing timely notifications about new intrusions to Cloud users' systems. To provide such ability, IDSs in the cloud computing regions both correlate alerts from multiple elementary detectors and exchange knowledge of interconnected Clouds with each other.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
More Related Content
Similar to Encountering distributed denial of service attack utilizing federated software defined network
An approach for slow distributed denial of service attack detection and allev...nooriasukmaningtyas
Over the last few years, the need for programmable networks has captured the interest of industrialists and academicians. It has led to the development of a paradigm called software defined network (SDN). It separates the network intelligence into the control plane and forwarding logic into the data plane. This architecture gives scope to various security issues of which denial of service (DoS) is the most common and challenging to detect. This paper focuses on the detection and mitigation of a slow DoS attack called Slowloris on Apache2 server in SDN based networks. The proposed solution is called Slowloris detection and mitigation mechanism (SDMM). Mininet, an emulator, and SimpleHTTPServer are used for simulation and the same is implemented using Zodiac FX OpenFlow switch, Ryu controller and Apache2 server. SDMM algorithm detects and mitigates prolonged Slowloris attack in typical networks as well as in slow networks with low bandwidth and high delay in 240-280s with an accuracy of 100% and 98% respectively. It uses expectation of burst size as a key factor for detection.
This document describes a proposed SDN-based scheme for detecting and mitigating distributed denial-of-service (DDoS) attacks mounted by botnets. The scheme involves a DDoS blocking application running on an SDN controller that monitors network traffic flows and detects attacks. When an attack is detected, the application installs rules on SDN switches to block traffic from botnet sources while still allowing legitimate traffic. The target server implements CAPTCHA to differentiate legitimate and bot traffic during attacks. The scheme is implemented using the POX SDN controller and OpenFlow standards and tested on the Mininet emulator.
An intelligent system to detect slow denial of service attacks in software-de...IJECEIAES
Slow denial of service attack (DoS) is a tricky issue in software-defined network (SDN) as it uses less bandwidth to attack a server. In this paper, a slow-rate DoS attack called Slowloris is detected and mitigated on Apache2 and Nginx servers using a methodology called an intelligent system for slow DoS detection using machine learning (ISSDM) in SDN. Data generation module of ISSDM generates dataset with response time, the number of connections, timeout, and pattern match as features. Data are generated in a real environment using Apache2, Nginx server, Zodiac FX OpenFlow switch and Ryu controller. Monte Carlo simulation is used to estimate threshold values for attack classification. Further, ISSDM performs header inspection using regular expressions to mark flows as legitimate or attacked during data generation. The proposed feature selection module of ISSDM, called blended statistical and information gain (BSIG), selects those features that contribute best to classification. These features are used for classification by various machine learning and deep learning models. Results are compared with feature selection methods like Chi-square, T-test, and information gain.
This document summarizes a research paper that proposed and evaluated methods for mitigating denial of service (DoS) and distributed denial of service (DDoS) attacks on virtual machines. The paper implemented iptables connection limits on the host machine to prevent excessive connections from attacking IPs. It also tuned network performance by adjusting the receiving window size to maximize bandwidth utilization. The experimental results showed that the iptables security measures protected against DoS/DDoS attacks while window scaling optimization improved network performance during attacks.
Deep learning approach to DDoS attack with imbalanced data at the application...TELKOMNIKA JOURNAL
A distributed denial of service (DDoS) attack is where one or more computers attack or target a server computer, by flooding internet traffic to the server. As a result, the server cannot be accessed by legitimate users. A result of this attack causes enormous losses for a company because it can reduce the level of user trust, and reduce the company’s reputation to lose customers due to downtime. One of the services at the application layer that can be accessed by users is a web-based lightweight directory access protocol (LDAP) service that can provide safe and easy services to access directory applications. We used a deep learning approach to detect DDoS attacks on the CICDDoS 2019 dataset on a complex computer network at the application layer to get fast and accurate results for dealing with unbalanced data. Based on the results obtained, it is observed that DDoS attack detection using a deep learning approach on imbalanced data performs better when implemented using synthetic minority oversampling technique (SMOTE) method for binary classes. On the other hand, the proposed deep learning approach performs better for detecting DDoS attacks in multiclass when implemented using the adaptive synthetic (ADASYN) method.
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
Abstract Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper different types of DDoS attacks has been studied, a dumb-bell topology have been created and effect of UDP flooding attacks has been analyzed on web service by using attack tools available in DETER testbed. Throughput of web server is analyzed with and without DDoS attacks.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
Security and risk analysis in the cloud with software defined networking arch...IJECEIAES
Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both costeffective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data.
IRJET- A Survey on DDOS Attack in ManetIRJET Journal
This document summarizes a survey on distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANETs). It begins by introducing MANETs and some of the key security issues they face, including DDoS attacks. It then discusses different types of DDoS attacks like flooding and amplification/reflection attacks. The document proposes a new defense scheme against amplification attacks, which exploit protocols like DNS and NTP to amplify traffic. It describes using the Network Security Simulator to model and simulate DDoS attacks with master, zombie, and server entities to evaluate defense techniques and compare the impact of protocols like DNS and NTP.
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
This document discusses detecting distributed denial-of-service (DDoS) attacks on software defined networks (SDNs). It first provides background on SDNs and DDoS attacks. It then reviews related research on DDoS detection methods for SDNs. The document evaluates these methods based on results using the KDD99 dataset in a simulated SDN environment. It finds that the Double P-value of Transductive Confidence Machines for K-Nearest Neighbors (DPTCM-KNN) method achieved the highest true positive rate and lowest false positive rate, making it the most efficient approach for detecting anomalous flows in SDNs.
Design & Implementation of Secure AODV In Multicast Routing To Detect DDOS At...IJNSA Journal
The wireless ad hoc network is particularly vulnerable to DOS attacks due to its features of open medium, dynamic changing topology, cooperative algorithms, decentralization of the protocols, and lack of a clear line of defense is a growing problem in networks today. In Mobile Ad hoc Networks (MANET), various types of Denial of Service Attacks (DOS) are possible because of the inherent limitations of its routing protocols. In this paper we will secure the MANET from the DDOS attack. DDOS attacks are similar to DOS attacks but there is a difference between them and that is DDOS attacks involve breaking in to hundreds or thousands of machines, so for this reason, this attack called Distributed. Very often, systems that use for attack is a part of the networks and users of these systems don’t know about that, their systems used for attack to another systems. This kind of attack, consume more bandwidth and uses more sources in network. . In this work, we study the effect of one of the important attacks that called DDOS in MANET on most vulnerability protocol that named AODV. The product of this study is detection of DDOS attack by
using AODV (adhoc on demand distance vector) protocol. Proposed scheme is distributed in nature it has the capability to prevent Distributed DOS (DDOS) as well..
Q-learning based distributed denial of service detectionIJECEIAES
This document summarizes a research paper that proposes a new approach for detecting distributed denial of service (DDoS) attacks in software-defined networks using Q-learning. The proposed approach uses entropy detection and Q-learning to enhance detection and reduce false positives and negatives. Results show the approach detects DDoS attacks faster than entropy detection alone and ensures service continuity for legitimate users by redirecting traffic. The approach increases throughput by up to 50% compared to other methods.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
ddo-s attacks in cloud computing issued taxonomy and future directionmoataz82
This document summarizes research on DDoS attacks in cloud computing. It begins with an introduction to the issues of DDoS attacks in cloud environments and the need for cloud-specific solutions. The document then presents a survey of contributions related to characterization, prevention, detection and mitigation of DDoS attacks in clouds. It develops a taxonomy to classify different solution approaches and identifies weaknesses that need to be addressed. It concludes by outlining design aspects for effective cloud-based DDoS attack solutions and provides evaluation metrics for comparing solutions.
This document discusses the need for a collaborative intrusion detection system (IDS) for cloud computing. It proposes a framework where IDSs in cloud computing regions would correlate alerts from multiple detectors and exchange knowledge with each other. This could help reduce the impact of large-scale coordinated attacks by providing timely notifications about new intrusions. The document reviews related work on cloud logging and forensic analysis, and describes an architecture for a collaborative IDS framework consisting of IDS managers, dispatchers, and elementary detectors that communicate via encrypted messages.
A Collaborative Intrusion Detection System for Cloud Computingijsrd.com
Cloud computing is a computing paradigm that shifts drastically from traditional computing architecture. Although this new computing paradigm brings many advantages like utility computing model but the design in not flawless and hence suffers from not only many known computer vulnerabilities but also introduces unique information confidentiality, integrity and availability risks as well due its inherent design paradigm. To provide secure and reliable services in cloud computing environment is an important issue. To counter a variety of attacks, especially large-scale coordinated attacks, a framework of Collaborative Intrusion Detection System (IDS) is proposed. The proposed system could reduce the impact of these kinds of attacks through providing timely notifications about new intrusions to Cloud users' systems. To provide such ability, IDSs in the cloud computing regions both correlate alerts from multiple elementary detectors and exchange knowledge of interconnected Clouds with each other.
Similar to Encountering distributed denial of service attack utilizing federated software defined network (20)
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Neural network optimizer of proportional-integral-differential controller par...IJECEIAES
Wide application of proportional-integral-differential (PID)-regulator in industry requires constant improvement of methods of its parameters adjustment. The paper deals with the issues of optimization of PID-regulator parameters with the use of neural network technology methods. A methodology for choosing the architecture (structure) of neural network optimizer is proposed, which consists in determining the number of layers, the number of neurons in each layer, as well as the form and type of activation function. Algorithms of neural network training based on the application of the method of minimizing the mismatch between the regulated value and the target value are developed. The method of back propagation of gradients is proposed to select the optimal training rate of neurons of the neural network. The neural network optimizer, which is a superstructure of the linear PID controller, allows increasing the regulation accuracy from 0.23 to 0.09, thus reducing the power consumption from 65% to 53%. The results of the conducted experiments allow us to conclude that the created neural superstructure may well become a prototype of an automatic voltage regulator (AVR)-type industrial controller for tuning the parameters of the PID controller.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
A review on features and methods of potential fishing zoneIJECEIAES
This review focuses on the importance of identifying potential fishing zones in seawater for sustainable fishing practices. It explores features like sea surface temperature (SST) and sea surface height (SSH), along with classification methods such as classifiers. The features like SST, SSH, and different classifiers used to classify the data, have been figured out in this review study. This study underscores the importance of examining potential fishing zones using advanced analytical techniques. It thoroughly explores the methodologies employed by researchers, covering both past and current approaches. The examination centers on data characteristics and the application of classification algorithms for classification of potential fishing zones. Furthermore, the prediction of potential fishing zones relies significantly on the effectiveness of classification algorithms. Previous research has assessed the performance of models like support vector machines, naïve Bayes, and artificial neural networks (ANN). In the previous result, the results of support vector machine (SVM) were 97.6% more accurate than naive Bayes's 94.2% to classify test data for fisheries classification. By considering the recent works in this area, several recommendations for future works are presented to further improve the performance of the potential fishing zone models, which is important to the fisheries community.
Electrical signal interference minimization using appropriate core material f...IJECEIAES
As demand for smaller, quicker, and more powerful devices rises, Moore's law is strictly followed. The industry has worked hard to make little devices that boost productivity. The goal is to optimize device density. Scientists are reducing connection delays to improve circuit performance. This helped them understand three-dimensional integrated circuit (3D IC) concepts, which stack active devices and create vertical connections to diminish latency and lower interconnects. Electrical involvement is a big worry with 3D integrates circuits. Researchers have developed and tested through silicon via (TSV) and substrates to decrease electrical wave involvement. This study illustrates a novel noise coupling reduction method using several electrical involvement models. A 22% drop in electrical involvement from wave-carrying to victim TSVs introduces this new paradigm and improves system performance even at higher THz frequencies.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
VARIABLE FREQUENCY DRIVE. VFDs are widely used in industrial applications for...PIMR BHOPAL
Variable frequency drive .A Variable Frequency Drive (VFD) is an electronic device used to control the speed and torque of an electric motor by varying the frequency and voltage of its power supply. VFDs are widely used in industrial applications for motor control, providing significant energy savings and precise motor operation.
Generative AI Use cases applications solutions and implementation.pdfmahaffeycheryld
Generative AI solutions encompass a range of capabilities from content creation to complex problem-solving across industries. Implementing generative AI involves identifying specific business needs, developing tailored AI models using techniques like GANs and VAEs, and integrating these models into existing workflows. Data quality and continuous model refinement are crucial for effective implementation. Businesses must also consider ethical implications and ensure transparency in AI decision-making. Generative AI's implementation aims to enhance efficiency, creativity, and innovation by leveraging autonomous generation and sophisticated learning algorithms to meet diverse business challenges.
https://www.leewayhertz.com/generative-ai-use-cases-and-applications/
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
Design and optimization of ion propulsion dronebjmsejournal
Electric propulsion technology is widely used in many kinds of vehicles in recent years, and aircrafts are no exception. Technically, UAVs are electrically propelled but tend to produce a significant amount of noise and vibrations. Ion propulsion technology for drones is a potential solution to this problem. Ion propulsion technology is proven to be feasible in the earth’s atmosphere. The study presented in this article shows the design of EHD thrusters and power supply for ion propulsion drones along with performance optimization of high-voltage power supply for endurance in earth’s atmosphere.
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Prediction of Electrical Energy Efficiency Using Information on Consumer's Ac...PriyankaKilaniya
Energy efficiency has been important since the latter part of the last century. The main object of this survey is to determine the energy efficiency knowledge among consumers. Two separate districts in Bangladesh are selected to conduct the survey on households and showrooms about the energy and seller also. The survey uses the data to find some regression equations from which it is easy to predict energy efficiency knowledge. The data is analyzed and calculated based on five important criteria. The initial target was to find some factors that help predict a person's energy efficiency knowledge. From the survey, it is found that the energy efficiency awareness among the people of our country is very low. Relationships between household energy use behaviors are estimated using a unique dataset of about 40 households and 20 showrooms in Bangladesh's Chapainawabganj and Bagerhat districts. Knowledge of energy consumption and energy efficiency technology options is found to be associated with household use of energy conservation practices. Household characteristics also influence household energy use behavior. Younger household cohorts are more likely to adopt energy-efficient technologies and energy conservation practices and place primary importance on energy saving for environmental reasons. Education also influences attitudes toward energy conservation in Bangladesh. Low-education households indicate they primarily save electricity for the environment while high-education households indicate they are motivated by environmental concerns.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELijaia
As digital technology becomes more deeply embedded in power systems, protecting the communication
networks of Smart Grids (SG) has emerged as a critical concern. Distributed Network Protocol 3 (DNP3)
represents a multi-tiered application layer protocol extensively utilized in Supervisory Control and Data
Acquisition (SCADA)-based smart grids to facilitate real-time data gathering and control functionalities.
Robust Intrusion Detection Systems (IDS) are necessary for early threat detection and mitigation because
of the interconnection of these networks, which makes them vulnerable to a variety of cyberattacks. To
solve this issue, this paper develops a hybrid Deep Learning (DL) model specifically designed for intrusion
detection in smart grids. The proposed approach is a combination of the Convolutional Neural Network
(CNN) and the Long-Short-Term Memory algorithms (LSTM). We employed a recent intrusion detection
dataset (DNP3), which focuses on unauthorized commands and Denial of Service (DoS) cyberattacks, to
train and test our model. The results of our experiments show that our CNN-LSTM method is much better
at finding smart grid intrusions than other deep learning algorithms used for classification. In addition,
our proposed approach improves accuracy, precision, recall, and F1 score, achieving a high detection
accuracy rate of 99.50%.
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
Encountering distributed denial of service attack utilizing federated software defined network
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 14, No. 1, February 2024, pp. 574~588
ISSN: 2088-8708, DOI: 10.11591/ijece.v14i1.pp574-588 574
Journal homepage: http://ijece.iaescore.com
Encountering distributed denial of service attack utilizing
federated software defined network
Rima Abdelhadi, Moath H. Alsafasfeh, Bilal I. Alqudah
Department of Computer Engineering, Faculty of Engineering, Al-Hussein Bin Talal University, Ma'an, Jordan
Article Info ABSTRACT
Article history:
Received Apr 23, 2023
Revised Jul 10, 2023
Accepted Jul 17, 2023
This research defines the distributed denial of service (DDoS) problem in
software-defined-networks (SDN) environments. The proposes solution uses
Software defined networks capabilities to reduce risk, introduces a
collaborative, distributed defense mechanism rather than server-side
filtration. Our proposed network detection and prevention agent (NDPA)
algorithm negotiates the maximum amount of traffic allowed to be passed to
server by reconfiguring network switches and routers to reduce the ports'
throughput of the network devices by the specified limit ratio. When the
passed traffic is back to normal, NDPA starts network recovery to normal
throughput levels, increasing ports' throughput by adding back the limit ratio
gradually each time cycle. The simulation results showed that the proposed
algorithms successfully detected and prevented a DDoS attack from
overwhelming the targeted server. The server was able to coordinate its
operations with the SDN controllers through a communication mechanism
created specifically for this purpose. The system was also able to determine
when the attack was over and utilize traffic engineering to improve the
quality of service (QoS). The solution was designed with a sophisticated way
and high level of separation of duties between components so it would not
be affected by the design aspect of the network architecture.
Keywords:
Detection and prevention
Distributed denial of service
attack
Distributed solution
Quality of service
Software defined network
This is an open access article under the CC BY-SA license.
Corresponding Author:
Rima Abdelhadi
Department of Computer Engineering, Faculty of Engineering, Al-Hussein Bin Talal University
King Hussien Bin Talal University Str, Ma'an, Jordan
Email: Alqudah@ahu.edu.jo
1. INTRODUCTION
The use of online services is increasing, making it easier for attackers to find targets to achieve their
goals. A very effective attack on online services is the denial-of-service attack (DoS) or the distributed form
of it (DDoS). This attack can last for days, weeks, or even months, and can cost companies in average about
$1.6 Million USD and others about $20,000 USD per day. DoS and DDoS attacks aim to prevent employees
and customers from reaching services provided by the servers and can have catastrophic consequences if the
attack takes place in servers providing healthcare services or emergency services [1]. On October 21, 2016, a
stream of distributed denial of service (DDoS) attacks involving tens of millions of internet protocol (IP)
addresses had been noted and attacked dynamic domain name system (DNS). The magnitude of the attack
was claimed to be 1.2 Tbps and it involved internet of things (IoT) devices. To restore trust, researchers
should investigate different methodologies to limit the consequences of the attack on victims and providers
[1], [2]. The following is a summary of some techniques used to mitigate the danger of DDoS. Some studies
categorized the attacks by the nature of the targeted part of the system, such as cisco, where it classified the
attacks into: i) volume-based DDoS attacks: the attack targets server resources and facility bandwidth,
networking equipment; ii) application DDoS attacks: this type of attack overwhelms services (i.e. voice over
2. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
575
IP (VoIP), hypertext transfer protocol (HTTP), domain name servers (DNS)); and iii) low-rate DoS (LDoS)
attacks: this type attacks do not flood the network with traffic; however, it targets applications weaknesses
such as (Slowloris) attack. However, Kaspersky security company classified DDoS attacks based on the
method attack follow rather than what does the attack target on the victim system as a weakness. Kaspersky
specified the following steps to protect against the attack: i) tolerate a web-server configuration against
DDoS attacks, ii) alter an internet service providers (ISP) firewall to allow only the traffic complimenting to
the services on the company side, iii) tweak a firewall to fight synchronization connection (SYN) flood
attacks, iv) migrate public resources to another IP address; and v) relocate all business-critical applications to
the cloud or move to the separate public subnet.
2. LITERATUR REVIEW
A denial of service (DoS) attack attempts to prohibit a client from accessing a certain service or to
reduce the quality of the services provided. The severity of the attack is determined by the volume of traffic
directed towards the victim. It is a one-to-one attack in the case of a DoS attack.
Hatagundi and Kumaraswamy [4] provided a survey for possible attacks in software-defined-
networks (SDN) networks and the possible methods of mitigation. The study specified four goals to achieve:
− Analyze various attack on the SDN environment, including DoS and DDoS.
− To determine the state of the system by measuring the unpredictability or entropy in switches and
controllers using statistical methods.
− To determine whether the system is under attack based on a predefined entropy threshold.
− To compute bandwidth utilization by each switch, assign a priority, and arrange packet flow using time
slice allocation algorithms depending on the priority.
The methodology for mitigating DDoS attack is based on first identifying DDoS using an entropy
detection attack and then mitigating it using a bandwidth prediction method. When a time slice allocation
approach is implemented, the findings reveal that the switches with higher priority receive better time
allocation. However, the authors encountered certain difficulties, such as the fact that OpenFlow security
features typically incorporate more sophisticated logics rather than simplification and packet pausing or
forwarding. The security of the OpenFlow feature necessitates the adoption of a controller that is platform
dependent, followed by the creation of a security application that is platform dependent.
Dong et al. [5] provided a survey about the distributed nature of the DoS attack and the effect of the
advances in computational ability in impowering DDoS attacks on the SDN itself. They also studied the
cloud architecture of SDN. From the design point of view, the design of SDN represented in three plans,
application plan: where the user applications run. The control plan: where the controllers reside and manage
connected devices. The last plan is the data plan that represents the managed routers by the second plan. SDN
architecture and design aspects described in detail in many literature [6]–[10], When compared to traditional
networks, SDN offers the following advantages:
− Global authority: The controller has a thorough understanding of the network topology, network state,
and application requirements.
− Adaptability and programmability: The data plane can be customized flexibly to enhance network resource
allocation.
− Availability: The controller's communications with forwarding devices are not reliant on the device
providers.
In the case of a DDoS attack, many networks or bots will flood the victim with traffic [11].
Canadian Institute for Cybersecurity at University of Brunswick came up with a new taxonomy for DDoS
attacks that can be done using user datagram protocol/transmission control protocol (UDP/TCP) at the
application layer. The classification came up to cover new possible attacks [12], [13] .
The problem of DDoS attack in SDN covered from many points of views, Liu et al. [14] provided a
survey covering the security issues in SDN from north to south, the authors introduced the background,
architecture and working process of SDN, and summarized and analyzed the typical security issues from
north to south. They also review and analyzed existing solutions and research progress of each layer, such as
authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and
flow rule consistency detection.
Chen et al. [15] focused on his research on increasing the efficiency and decreasing the latency
when preventing a DDoS attack targeting SDN infrastructure by utilizing decision trees (DT), they called it
DETPro. The intention is to make the framework lightweight through deciding what to do based on DT. They
addressed the issue by proposing a DDoS attack detection module based on a modified decision tree
algorithm that is both accurate and quick to process. The proposed DDoS attack mitigation module includes a
dynamic whitelist system that can block attack traffic while forwarding benign traffic in real time. Then they
3. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 14, No. 1, February 2024: 574-588
576
combined them in a "time-efficient, lightweight system" (DETPro) that incorporates both methodologies.
DETPro can detect DDoS attacks accurately in the early stages, defend against DDoS attacks effectively, and
safeguard the network, according to the testing results from the research they presented.
Sanjeetha et al. [16] focused in their research on DDoS attacks on primary victim servers flooded by
high traffic. DDoS attack can be instigated on a primary server present in SDN during high traffic scenarios.
The purpose of their research is to show how attackers can use a mechanism designed to deal with flow table
space exhaustion in high-traffic conditions to conduct a DDoS attack on a primary server via the controller.
They next attempted to detect and separate the assault flow from normal traffic.
Finally, they safeguard the core server against controller-initiated attacks and resource risks. Their
work is mostly focused on improving DDoS categorization methods, with the following contributions: First,
after being trained by a self-organizing map (SOM). They offer two approaches with different trade-off
priorities for classifying normal and DDoS attack traffic a SOM distributed-center classification approach
that is employed when SOM training is complete. This heuristic technique achieves a quick processing time
while maintaining an acceptable level of accuracy. Second, they offer an SDN-based DDoS attack detection
platform that has been built in a testbed utilizing SDN switches. This testbed allows the system to estimate
the accuracy and processing time of several algorithms, as well as compare them.
Nam et al. [17] focused in their study on identifying DDoS attacks, which have been a long-standing
issue in network security. They used two approaches with distinct tradeoff priorities to categorize regular and
DDoS attack traffic. To have a faster processing time and a more precise detecting method, as well as to
assign different priority than existing detecting algorithms, they included four new SDN controller modules:
monitor, algorithm, alert, and DDoS mitigation, as well as a lightweight SDN-based DDoS detection and
mitigation architecture. The entropy of the source IP address (etpSrcIP), the entropy of the source port
(etpSrcP), the entropy of the destination port (etpDstP), the entropy of the packet protocol (etpProtocol), and
the total number of packets were then examined and categorized to detect distinct types of DDoS assaults
(totalPacket). When given different priorities, traditional detection algorithms have been demonstrated to
perform worse than the proposed techniques. They addressed some of the issues that researchers
investigating DDoS attacks encounter, such as the similarities between DDoS attack and regular traffic
patterns, the spread of big DDoS attacks powered by IoT bots, and the attributes that are manually picked for
each type of host and each type of attack.
Ubale and Jain [18] investigated the SDN centralized functionality issue, which makes it vulnerable
to TCP SYN flood attacks, which degrade server resources and transform the controller into a single point of
failure by exhausting controller resources. Additionally, it causes a data plane saturation attack. The
researchers used two functional modules: the hashing module and the flow aggregator module, to avoid TCP
SYN flood DDoS attacks in SDN settings, address security issues such as ternary content addressable
memory (TCAM) exhaustion attacks, and overcome the disadvantages of standard SDN, and the
(OPERETTA and SLICOTS) modules that is implemented in the controller to investigate SYN flood attack.
They addressed the problem by first proposing their (SRL) hashing module, a competent and streamlined
framework for mitigating TCP SYN flood attacks that is implemented in the controller, then installing
permanent forwarding for requested connections and after handshake completion SRL moves user to
Whitelist and using hashing module to replace flow rules from flow table according to priority of hash value.
A flow aggregator was used to stop the malicious connection requests. They were able to detect a slow rate
DDoS attack by limiting TCP connection requests. Finally, SRL was implemented in the Floodlight
controller under various attacking and usual traffic scenarios. According to their research, SRL has only a
minor impact on SDN controller operations. If there was a difficulty, it permitted real users to connect, as
well as recognizing malicious users who conducted a complete TCP handshake before beginning an attack.
Using a prototype implementation of SLR, SRL performance and efficiency are compared to SLICOTS,
OPERETTA, and standard SDN, revealing that SLR has a lower service delivery time for requests under
attack, lower CPU utilization caused by regular traffic with many users, a lower number of real entries
getting replaced before the attack, and the lowest DDoS attack detection rate. The main challenge is
determining the threshold value; if it is too high, attack detection may be slowed, and if it is too low,
erroneous findings may occur.
Aryal et al. [19] proposed a model for detecting DDoS attacks in 5G networks using SDN. A hybrid
method is used, with five separate machine learning classifiers used to calculate a dynamic threshold. The
proposed strategy is a hybrid approach that combines statistical analysis and machine learning. In an iterative
process, data sets are evaluated and compared to a dynamic threshold. Sixteen features are retrieved, and
correlation values between the features are examined using machine learning. With the deployment of SDN,
the system provided dynamic configuration with software defined security (SDS). The traffic is constantly
evaluated to improve the controller's efficacy in terms of task handling capacity. In terms of accuracy,
precision, and efficiency, the suggested method outperforms current conventional approaches. In terms of
4. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
577
outcomes, machine learning is also being used to improve detection precision. This improves accuracy from
nearly 87% to 99.86% while lowering the false positive rate (FPR). The findings achieved using
experimental data sets outperformed previous methods. Different machine learning techniques were
employed for poor outcomes, and the findings showed that their model surpassed others in terms of accuracy
and precision.
Sharma [20] research discussed that configuring detection and prevention strategies were the current
remedies for the DDoS attack. All solutions require pre-configuration and cannot be modified or accepted in
response to changes in the network or the nature of the attack. This study attempts to propose a DDoS
solution based on SDN architecture. Their goals were to allow networks to regulate their behavior and take
appropriate measures when they were attacked, to measure efficiency and resilience against DDoS attacks
and false policy-based attacks by comparing the architecture to filter-based intrusion prevention
architectures, and to provide real-time monitoring and reactive service by combining management
applications at the control plane in SDN with multi-agent system (MAS) and statistical modeling. Then it
aimed to use the programmatic interface of SDN coupled with MAS to represent and reason knowledge about
network topology and state, then to identify and avoid potential threats by using data flows rather than
individual packets, and finally to control and manage large-scale networks with the least amount of
downtime. The authors outlined the difficulties encountered during the research as follows: it is hard to
recognize a real-world example in which an attack was discovered in SDN networks due to a lack of
availability. Comparative research employing a common benchmark that has yet to be developed or
established. The suggested agent-based self-mitigating architecture takes use of trade-offs between the
timeliness and volume of load data exposed, as well as the efficiency and granularity of the control input
required for quick reconfiguration.
Hyun et al. [21] maintain server stability by limiting the number of packets entering the server per
second, without discriminating between legitimate users and botnets. Per the findings, network administrators
and web administrators can use the SDN controller to adjust network packet flow based on the company's
overall environment and specific network environment. Kalliola et al. [22] studied the DDoS flooding attack
and the method to mitigate it with SDN by managing traffic. They established an approach based on learning
traffic values and allocating appropriate resources to withstand the attack. The proposed approach is designed
to protect both end hosts and network links from packet and bandwidth flooding assaults. The technique in
this study allows optional input from external signature-based blacklist sources, as well as traffic
management. The report stated that even when confronted with an overwhelming attack, the efficacy in
preserving service was in the range of (50% to 80%). Blacklist integration and level of protection are two of
the research's challenges: the method permits the integration of fixed or dynamic blacklists consisting of
particular IP addresses. Because the defensive mechanism functions at the IP layer, attacks targeting higher
levels are not covered.
Manso et al. [23] develop and deploy a software-defined intrusion detection system (IDS) that
identifies and mitigates attacks at their source, assuring network infrastructure availability and sustaining the
QoS even while an online service is already under attack. Their IDS detects DDoS-based cyber-attack
scenarios automatically and limits them at the client level, reducing the negative repercussions of the attack's
wider effect for possible victims, and then notifies SDN controller as soon as an attack is discovered. Their
method additionally sends from the SDN controller to network devices some essential traffic forwarding
decisions. An event is created whenever a substantial change in the traffic trend is noticed; if an event linked
with a DDoS attack is triggered, an SDN controller produces flow rules to restrict the malicious traffic.
According to the findings, their method right away detects a variety of DDoS-based cyber-attacks, mitigates
their negative impacts on network performance, and ensures that normal traffic is delivered correctly while
neutral traffic is protected. Their defensive technique would be most successful if it was installed as near to
the attack source that creates rogue traffic as feasible, which would need coordination among many service
providers to authenticate packet source addresses and apply other flow-based filtering capabilities. This
analysis might be carried out by a federation of SDN controllers, one for each service provider.
Mousavi and St-Hilaire [24] focused on the hypothesis that SDN could be a single point of failure
that could be attacked by DDoS. Such controller attacks will deplete the resources of the intended victim.
The proposed solution is a potential tool for early detection (when more than 500 packets are assumed as
attack traffic threshold). The researchers relied on incoming traffic's randomness, where entropy refers to the
probability of an event occurring given the total number of events, which in this case is incoming packets.
The proposed method is based on assessing the network's randomness; if one machine receives more
traffic (regardless of the source of the traffic), the entropy will fall due to a lack of randomness on the
network. The following two factors influenced their methodology; the Windows definition: where either the
number of packets or the time interval were described as Windows, and the Threshold: within this window,
entropy is calculated to determine the degree of uncertainty in the incoming packets. According to the study,
the proposed method can detect DDoS attacks within the first 500 packets of attack traffic and can recognize
5. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 14, No. 1, February 2024: 574-588
578
both the controller and the targeted host. In a dynamic environment, human involvement is essential. Each
time the network configuration changes, a new threshold and entropy must be calculated. The threshold is
chosen experimentally, which implies that if the threshold is incorrectly set, several attacks may succeed, or
legitimate traffic may be blocked.
Sahay et al. [25] proposed an automatic DDoS attack mitigation utilizing SDN. Customers can
request DDoS mitigation services from ISPs using a distributed collaborative framework. ISPs can modify
the label of aberrant traffic and divert it to security middle boxes upon request, while attack detection and
analysis modules are deployed at the customer's end, avoiding privacy breaches and other legal issues.
3. PROBLEM FORMULATION
The network is illustrated using conceptual representation of SDN box (controller and switches).
Connection between controllers does not mean a direct hard wire between them, but it represents a
communication ability. Network representation or topology did not follow one common network architecture
or design such as star or tree or any single architecture.
The representation will be a mix between them to show the problem with many possible
complications. As shown in Figure 1, a victimized server located in network (v) is being attacked by bots
located in networks (A) and (B). There are many possible routes between attacking bots and victimized
server. Traffic oriented to victimized server will go through many SDN nodes that have enough capabilities
to process traffic and communicate.
Figure 1. Scenario of DDoS attack in SDN managed network
Assuming a victim (v) connected to internet with many routes available towards it from outside.
Some attacker (E) located somewhere in a remote network. The attacker managed to prepare many bots (bn)
where (n) is the network ID the bot (b) belongs to. Each bot (b) is generating oriented traffic (tn) towards (v).
On the path to (v), generated packets/traffic will be routed by many switches or routers, both are denoted as
(sRd) where (R) is the router ID connecting (s) the source network ID and (d) the destination network ID.
6. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
579
Despite that all routers are transferring malicious traffic from bots to victim (v), routers can do nothing but
passing the traffic if not classified as malicious traffic (traffic to drop).
In one hand, the installed firewall on the victimized side must deal with all incoming traffic. On the
other hand, network must be busy with malicious traffic (𝑡𝑥) that should not be transmitted through the
network. The traffic directed to the victim machine (𝑡𝑣) is explained in (1), where the (𝑡𝑥) is the attack traffic
from network x and (𝑡𝑙) is the legitimate traffic from any link l.
𝑡𝑣 = (∑ (𝑡𝑥)
𝑛
𝑥=1 ) + (𝑡𝑙) ∶ 𝑡𝑙 𝑖𝑠 𝑡ℎ𝑒 𝐿𝑒𝑔𝑖𝑡𝑖𝑚𝑎𝑡𝑒 𝑡𝑟𝑎𝑓𝑓𝑖𝑐 𝑡𝑜𝑤𝑎𝑟𝑑𝑠 𝑣 𝑓𝑟𝑜𝑚 𝑎𝑛𝑦 𝑙𝑖𝑛𝑘 "𝑙" (1)
The machine will be under attack when the sum of illegal traffic (𝑡𝑥) is much more than the
legitimate traffic (𝑡𝑙) as shown in (2). although, it worth noticing that the legitimate traffic effect might be
high in some applications, such as video broadcasting. However, attackers still send a very high volume of
traffic to overwhelm victim servers.
(∑ (𝑡𝑥)
𝑛
𝑥=1 ) ≫ (𝑡𝑙): (𝑡𝑥) 𝑖𝑠 𝑡ℎ𝑒 𝑎𝑡𝑡𝑎𝑐𝑘 𝑡𝑟𝑎𝑓𝑓𝑖𝑐 𝑣𝑜𝑙𝑢𝑚𝑒 𝑓𝑟𝑜𝑚 𝑛𝑒𝑡𝑤𝑜𝑟𝑘 "𝑥" (2)
Our goal will be minimizing the total (𝑡𝑥) to maximize the chance of (𝑡𝑙), which is the legal traffic,
to reach its destination (v). If that goal achieved, then the risk of the attack is minimized, and the victim (v)
will have enough time to heal and recover from the attack while continue to provide service. The following
section will explain the problem when SDN components used rather than regular switches and routers. If the
distance between any group of bots attacking the victim (v) is given by (db) measured by number of hubs or
controllers, traffic (t) will be much higher when getting closer to the victim (v), as explained in (3).
(𝑡𝑥1: 𝑑𝑏) < (𝑡𝑥2 ∶ 𝑑𝑏 − 1) < ⋯ < (𝑡𝑥𝑛 ∶ 𝑑𝑏 − 𝑛𝑏 − 1)
These yields → (𝑡𝑥1: 𝑑𝑏) ≪ (𝑡𝑥𝑛 ∶ 𝑑𝑏 − 𝑛𝑏 − 1) (3)
where (tx) is the malicious traffic toward (v) from bots (b), db-n is the distance getting less when (n)
increase. The reason for this accumulation of traffic is the fact that many nodes will start to join traffic in
the nodes close to the victim. We will be using this phenomenon to trace back the malicious traffic to the
source.
4. PROPOSED SOLUTION
In our proposed solution, detection and prevention for DDoS attacks can be initiated either from the
server side or from the controller side. Figure 2 shows the flow chart for both cases of detection and
prevention. To coordinate and manage the attack mitigation process, we provided software called “agent”.
The agent job is to take discissions based on statistics provided by controllers. In the server-side agent,
depends on frequent readings for metrics (CPU utilization, memory consumption and network traffic). If
measurements showed that utilization levels are near to the maximum available resources’ utilization with a
very high network use, it will be an indication of DDoS attack, then the victimized server agent will notify
the edge SDN controller by a flag representing possible positive diagnosis. Figure 2(a) shows the flowchart
for detection and the stage where the server asks for the prevention process to be started by edge SDN
controller. Servers normally suffer from the DDoS attack before getting detected by the network since the
attack is coming from several sources.
The edge SDN controller is capable of doing diagnosis by measuring external traffic and bandwidth
consumption against maximum known history. If there was a high traffic rate much higher than the usual
known behavior or close to the maximum bandwidth available, then the controller is suspecting a DDoS
attack and asking the server to initiate self-evaluation process and waits for its response, this detection flow
can work effectively when victimized servers are powerful enough and detect the attack late. Figure 2(b)
shows the flow chart for the designed detection process. However, the edge SDN controller will ask the
victimized server to confirm the result the controllers found regarding the potential attack.
The evaluation process on the victim server (VSe) is expressed by (4), since the DOS attack goal is
to prevent the server from providing service, we specified a threshold for each studied metric considered as
the upper boundary for resource utilization before considered over-utilized.
𝑉𝑆𝑒 = (𝐶𝑃𝑈𝑢 > 𝑚𝑎𝑥𝐶𝑃𝑈𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 || 𝑀𝐸𝑀𝑢 > 𝑚𝑎𝑥𝑀𝑒𝑚𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑)
& 𝑁𝑊𝑢 > 𝑚𝑎𝑥𝑁𝑒𝑡𝑤𝑜𝑟𝑘𝑇ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 (4)
7. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 14, No. 1, February 2024: 574-588
580
(a) (b)
Figure 2. Prediction and detection process starting, (a) from the victim side, (b) from edge SDN controllers
5. ALGORITHM
Algorithm 1 shows the victimized server-side agent. The server agent job is to evaluate the
victimized server status and communicate with the edge SDN controllers (the controllers whose job is to
manage the routers and switches connected to the server or servers subject to attack “victimized”). Lines
(1-6) sets the acceptable thresholds on the simulated network. Each network has its own settings based on the
nature of services running on the network; for example, gaming network has higher CPU usage than a
network with database servers. However, a network with video streaming services will consume memory and
network more than CPU. The variable “maxRound” in line 5 sets the maximum number of evaluations
allowed for the server before sounding alters regarding a possible DoS attack.
Algorithm 1. Victimized server-side agent
ServerAgent():
1. Set alertForPossibleAttack=FALSE
2. Set CPUThreshold=0.95
3. Set MemThreshold=0.95
4. Set NetThreshold=0.80
5. Set maxRounds=100
6. Set recoveryTime=5000ms
7. Set round=0.
8. While (true)
9. networkUtilize= NetworkThroughput/Networkbandwidth
10. CPUutilize=getCPUUtilization ()
11. MemUtilize= getMemoryUtilization ()
12. If ((CPUutilize>CPUThreshold)||(MemUtilize>MemThreshold))&&(networkUtilize>NetThreshold)
12.1. round++.
12.2. if (round > maxRounds)
12.2.1. round=0
12.2.2. alertForPossibleAttack=TRUE
12.2.3. If (EdgeControllerAgent.HighTraffic==FALSE) raise(internalAttack)
12.2.4. If (EdgeControllerAgent.HighTraffic==TRUE) && alertForPossibleAttack
Then
ControllerResponse= EdgeControllerAgent.C2C ()
12.2.5. Wait(recoveryTime)
13. Else
13.1. alertForPossibleAttack=FALSE
14. wait(10ms)
15. end while
A
8. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
581
In line 12, the algorithm for the server agent tests the current CPU utilization, memory utilization,
and network utilization against the maximum values expected. If either CPU or memory are highly consumed
with a high network usage, the algorithm will count that as a positive sign (line 12.1). in line (12.2) if the
total positive checks exceed the maximum allowed threshold, the line (12.2.2) will set the flag for possible
attack to (TRUE) to indicate a possible attack. The algorithm will stop the evaluation for a while (line 12.2.6)
after alerting the controller managing the local network routers and switches. This “wait time” assumes that
the controller will take an action and allow that action enough time to reflect on the server status. This time is
adjustable as well.
In line (12.2.3) the server will get a feedback form the controller. The received feedback represents
the network status of the outer network (outside the facility network). If the outer network has no high traffic
and the server still getting high traffic from somewhere, then the server will raise a flag for a possible Internal
DoS attack. In such case, the server must check for data theft (or very high information transfer rate) and
investigate its legality.
Algorithm 2 describes the agent that runs on the SDN controllers participating in the network
detection and prevention process. The edge SDN controller agent’s algorithm checks the network traffic
status by calling the predict high traffic algorithm (Algorithm 3) in line 2. If there was high traffic, the edge
SDN controller agent’s algorithm asks the victimized server if there was a possible attack alert due to a
continuous increase in traffic detected and waits for its response. This notification will trigger the process of
attack detection by calling the C2C algorithm (Algorithm 4) in line 3.1 which calls NDPA algorithm
(Algorithm 5).
Algorithm 2. SDN controller-side agent
SDNControllerAgent
1. while (TRUE)
2. HighTraffic PredictHighTraffic()
2.1. if (HighTraffic)
2.1.1. serverResponse=getServer(alertForPossibleAttack)
3. if (serverResponse=TRUE or NULL)
3.1. Call C2C( )
4. Wait(delay)
5. End while
Algorithm 3. Predicting high traffic
1. set MaxHistory [NoOfManagedNetworkingDevices]= {0}
2. set HighTraffic=FALSE. public
3. set MaxTotal=0, maxSmapleCount=100, delay=1000ms
4. set trafficToleranceFactor =w
5. set counter=0
6. set static oldHistory=0
7. while (true)
8. for each managed networking device
8.1. MaxHistory[device(i)] = device(i).getmaxtraffic
8.2. MaxTotal=MaxTotal+ MaxHistory[device(i)]
9. If (OldHistory + trafficToleranceFactor <MaxTotal)
9.1. counter=counter+1
9.2. if (counter >maxSmapleCount)
9.1.1. set HighTraffic=TRUE
9.1.2. counter=0
10. Wait(delay)
11. oldHistory=MaxTotal
12. End while
Algorithm 3 predicts if there was unusual high traffic referring to network device traffic history and
pre-set traffic threshold. Lines 1-6 of the algorithm is setting the initial values; each network can be
configured based on its nature. For example, if the network is designed to carry backups at a certain time,
then traffic tolerance factor (line 4) can be adjusted dynamically to avoid wrong detections. The
maxSampleCount parameter controls the sampling lifecycle. The MaxTotal parameter keeps track of the
maximum traffic known and detected in the history of the detection cycle for all devices the controller
manages. The algorithm in line 8 iterates over each managed networking device (i.e. routers and switches)
the controller manages and get the maximum traffic passed through the device and store it regardless the
source or the destination.
Lin1e 9 checks the maxTotal for the current round of sampling in addition to a pre-defined tolerance
factor with the maximum known history. If the new readings are bigger than the history, then the algorithm
starts counting that towards a cycle of detection (lines 9.1 and 9.2). Algorithm 4 calls the predict high traffic
algorithm (Algorithm 3), if the return value was true which means high traffic detected, C2C algorithm will
9. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 14, No. 1, February 2024: 574-588
582
call the network detection and prevention agent’s algorithm NDPA (Algorithm 5) and it will return a report
of the network device’s ID that has the high traffic to the calling algorithm.
Algorithm 4. Controller to controller communication algorithm
C2C( ):
1. highTrafficSources[]=null
2. while (TRUE)
3. HighTraffic PredictHighTraffic()
3.1. if (HighTraffic)
3.1.1. highTrafficSources.add[] NDPA(MyID)
3.1.2. ReportBack(callerID, HighTraffic)
4. Wait(delay)
End while
The two previous algorithms (the server agent algorithm and the controller agent algorithm)
collectively build a common opinion and negotiate it to predict the possible attack based on the traffic nature
and the server status. If they predict an attack is about to happen or happening then the victimized server can
call the C2C algorithm which starts the NDPA algorithm, and the edge controller can call C2C algorithm in
line (3) which starts NDPA algorithm in line (2.1.1). The NDPA works by negotiating the maximum traffic
allowed to pass reconfiguring switches and routers.
Algorithm 5. Network detection and prevention agent (NDPA)
1. StatusList[] NDPA(callerID)
2. Set initial=0.5%
3. Set static limitRatio= initial
4. Local:
5. If(PredictHighTraffic() == TRUE )
5.1. For each Network Device (ND):
5.1.1. ND→ Reduce_BW(limitRatio)
5.1.2. StatusList.add(HighTraffic, MyID)
5.2. limitRatio= limitRatio+initial
5.3. For each neighbouring controller (NCi) :
5.3.1. NCi→ C2C ( )
6. Elseif (limitRatio>initial )
6.1. limitRatio= limitRatio – initial
6.2. For each Network Device (ND):
6.2.1. ND→ Increase_BW(initial)
7. ReportBack(StatusList,callerID)
The NDPA algorithm calls the predict high traffic algorithm (Algorithm 3). A “TRUE” returned
value means high traffic detected. Thus, NDPA will start reducing the throughput of the ports by the limit
ratio of 25% initially in line 4.1.1 or any other ratio specified by the engineers. As long as the high traffic is
“TRUE” the throughput reduction will be increased by 25% each round as shown in line 4.2. NDPA will
contact its neighboring controllers to check their network devices for high traffic by calling C2C algorithm
line 4.3.1.
If the predict high traffic algorithm return value was “FALSE”, which means traffic is not high or
high traffic reduced; NDPA starts the network recovery to normal throughput levels as shown in lines 5-5.2.1
by increasing ports throughput gradually adding 25% back to the port each time. The NDPA algorithm will
update the history list to new values.
It is worth mentioning that the NDPA algorithm, which is a network throughput reduction policy,
applies only to a network connection that produces the highest traffic only in abnormal rates compared to its
history. Other links and nodes in the network will not suffer from any reduction in throughput and will be
served normally. This guarantees that only abnormal sub-networks or nodes causing undesired behavior will
be affected by the reduction.
6. RESULTS
Algorithm simulation results showed the ability of the proposed algorithm to detect possible
DDoS attacks in a tree topology network. As shown in Table 1, after observing the incremental nature of
traffic volume causing the CPU to suffer high utilization, the server started negotiating traffic with the
edge controller. At time 20 through 24 the utilization became very high, and the traffic throughput
reached the maximum allowed amount. At that point the server started a positive detection process in
collaboration with the edge controller. The detection process lasted for 4 cycles. In time 25 the controller
started reducing the maximum amount of traffic by 25% to become 75% of the original throughput.
10. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
583
However, the problem is not solved because the server reported back a high utilization. The controller
takes further steps to mitigate the high traffic by reducing another 25% of throughput and so on-going
form 100% throughput to 75%, then 56.25%, 42.1875%, 31.640625%, 23.730469%, till 17.797852%, and
finally 13.348389% of the original throughput which allows 11,676 kilobytes per second to be passed to
the server.
Table 1. Very high normal traffic followed by attack traffic
Time Utilization % Throughput % Total
Traffic
Passed
Traffic
attack detected
CPU Memory Network
1 80 65 100 100 11,900 11,900 FALSE
2 81.904 66.904 100 100 11,900 11,900 FALSE
3 83.808 68.808 100 100 11,900 11,900 FALSE
…. ….. ….. ….. ….. ….. ….. …..
23 97.3630 83.82553 100 100 12,495 12,495 FALSE
24 99.3622 85.82473 100 100 12,460 12,460 FALSE
25 97.3686 83.83113 100 75 12,600 12,500 TRUE
26 99.3686 85.83113 100 56.25 12,600 12,500 TRUE
27 100 87.83113 100 42.1875 12,600 12,500 TRUE
28 100 89.83113 100 31.640625 13,300 12,500 TRUE
29 100 91.83113 100 23.730469 13,300 12,500 TRUE
30 100 93.83113 100 17.797852 13,300 12,500 TRUE
31 100 95.83113 100 13.348389 13,300 12,500 TRUE
32 100 97.83113 100 16.463013 11,676 11,676 FALSE
33 98.1318 95.96297 100 12.34726 12,600 12,500 TRUE
34 95 93.06483 100 15.228287 10,801 10,801 FALSE
35 93.2718 91.33667 100 11.421215 13,300 12,500 TRUE
36 90.5082 88.66984 100 14.086164 9,989 9,989 FALSE
37 92.1064 90.26808 100 17.372936 12,320 12,320 FALSE
38 94.0776 92.23928 100 13.029702 13,300 12,500 TRUE
39 96.0776 94.23928 100 16.069967 11,396 11,396 FALSE
40 97.9010 96.06264 100 12.052475 12,600 12,500 TRUE
41 94.9059 93.15951 100 14.864719 10,542 10,542 FALSE
42 96.5927 94.84623 100 11.14854 12,600 12,500 TRUE
43 93.6630 92.00391 100 13.749865 9,751 9,751 FALSE
44 92.1029 90.44375 100 16.958166 12,026 12,026 FALSE
45 94.0270 92.36792 100 12.718625 13,300 12,500 TRUE
Figure 3 shows the growing traffic flow toward the victim server, and the area between dashed lines
A and B in Figure 3 shows approximately where the proposed algorithm started detecting a possible attack.
Figure 4 shows the throughput of traffic in the local victim server network, where the dashed line A
approximates the time when the NDPA algorithm decided to run a throughput reduction policy to reduce the
possible malicious traffic. The area after dashed line B in both figures represents the drop in resource
consumption due to throughput reduction enforced by the prevention algorithm (NDPA).
The zigzag behavior in Figure 4 indicates the areas where the algorithm assumes a possible recovery
in server resources and tries to restore normal traffic gradually, however, when continuity in attack is
detected, the algorithm enforces the throughput reduction again to insure providing service and server not to
crash. The detection process lasted for 4 cycles. In time 25 the controller started reducing the maximum
amount of traffic by 25% to become 75% of the original throughput. However, the problem is not solved
because the server reported back a high utilization. The controller takes further steps to mitigate the high
traffic by reducing another 25% of throughput and so on-going from 100% throughput to 75%, then 56.25%,
42.19%, 31.64%, 23.73%, to 17.79%, and finally 13.35% of the original throughput which allows
11,676 kilobytes per second to be passed to the server.
In the second experiment, Table 2, it is assumed that the victim server and the edge controller have
no previous experience with attack, no traffic history available for server or edge controller. However, the
server will start working using the pre-set metrics or default and thresholds. The edge controller will assume
that the server will be able to detect any abnormal levels of utilization and report it back through the
controller agent. The controller then starts with the NDPA algorithm to limit the traffic after making sure that
the reported metrics form the server are not due to internal attack from the server side. As shown in Table 2,
the server reported back to the controller with attack detected in time slice 7. The controller started the
process of limiting the traffic throughput to acceptable levels. In time 20, it is noticeable from the traffic
amount that the attack stopped by the attacker. The detection and prevention method stopped and most
importantly it restored the network ability to transfer more information by gradually increase the upper limit
allowed throughput.
12. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
585
Figures 5 and 6 show the analysis of the victim server and NDPA algorithm response to a
temporary attack during normal high demand on server resources. This detection process in this scenario
started from the controller agent side. The detection and prevention algorithm detected that before that and
started reducing the network traffic to a level that the server can continue providing service as shown in
Figure 5 in area A. in area B, the system was stable until the attack stopped around time 23. NDPA
restored network throughput since the server is not suffering from over-utilization to normal levels as
shown in Figure 5 area C. As shown in Figure 6, in time 13 the server was suffering from a potential
DDoS attack, and server resources are over-utilized. In time 23 the NDPA algorithm was able to lower the
throughput lowering the CPU utilization to acceptable ratio. Simulation results demonstrated that the
proposed algorithms were able to detect and prevent the server from crashing and continued providing
services despite the DDoS attack because the throughput reduction applied to all network routes that
generate high traffic only.
Figure 5. Throughput recovery to normal after temporary DDoS attack
Figure 6. Resources consumption for temporary attack and during a normal high traffic
In the 3rd
experiment; we assume an attack traffic initiated from the neighboring network, then the
attacker stops the attack. What is assumed that the NDPA should be able to detect the attack, limit the
throughput, then when the attack is over, NDPA must restore the network throughput to its original values.
This behavior must protect the sever form the bad traffic. As shown in Table 3, first router (Router0)
managed by (Controller 2) is passing safe traffic. However, (Router1) is passing very large traffic and
causing a DDoS attack symptom. However, traffic is coming from different sources and other networks.
At time 4, (Router1) experienced limitations imposed by the managing controller based on the
commination and negotiation with the edge controller. From the table, it is observable that (Router0) did not
suffer any reduction in the throughput due to NDPA control of traffic on the network. The edge-router
throughput was reduced to be able to prevent any local high traffic on the incoming uplinks, though, the good
13. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 14, No. 1, February 2024: 574-588
586
about that is the local traffic will not be affected by the reduction since the new throughput will be more
sufficient to pass the safe traffic through towards the server. Users might experience some delay, but the
server will not crash due to high traffic.
Table 3. Two-level architecture, experiment 3 results
Time
Edge-
Controller
Traffic
Edge-
Router
Traffic
isHigh
Traffic
Edge-Router
Throughput
Ratio
Controller2
Traffic
Managed by Controller2, Router0 and Router1 from network2 connected
to the Edge-Router from the previous network
Router0
Traffic
isHigh
Traffic
Router0
Throughput
Ratio
Router1
Traffic
isHigh
Traffic
Router1
Throughput
Ratio
1 14,900 14,900 TRUE 100 16,800 1,400 FALSE 100 15,400 TRUE 100
2 13,700 13,700 TRUE 100 21,700 700 FALSE 100 21,000 TRUE 100
3 13,700 13,700 TRUE 100 18,200 700 FALSE 100 17,500 TRUE 100
4 14,900 14,900 TRUE 75 22,400 1,400 FALSE 100 21,000 TRUE 75
5 12,975 12,975 TRUE 56.25 23,100 2,100 FALSE 100 21,000 TRUE 56.25
6 10,631 10,631 FALSE 75 23,100 2,100 FALSE 100 21,000 TRUE 42.1875
7 9,735 9,735 FALSE 100 21,210 210 FALSE 100 21,000 TRUE 31.640625
8 15,860 15,860 TRUE 100 21,560 1,960 FALSE 100 19,600 TRUE 31.640625
9 14,900 14,900 TRUE 100 21,000 1,400 FALSE 100 19,600 TRUE 31.640625
10 14,900 14,900 TRUE 100 21,000 1,400 FALSE 100 19,600 TRUE 31.640625
11 13,700 13,700 TRUE 75 13,300 700 FALSE 100 12,600 TRUE 23.730469
12 10,575 10,575 FALSE 100 13,300 700 FALSE 100 12,600 TRUE 17.797852
13 13,700 13,700 TRUE 100 14,000 700 FALSE 100 13,300 TRUE 17.797852
14 14,900 14,900 TRUE 100 15,400 1,400 FALSE 100 14,000 TRUE 17.797852
15 22,100 22,100 TRUE 75 18,200 5,600 FALSE 100 12,600 TRUE 13.348389
16 10,575 10,575 FALSE 100 12,376 700 FALSE 100 11,676 FALSE 17.797852
17 14,660 14,660 TRUE 75 13,860 1,260 FALSE 100 12,600 TRUE 13.348389
18 11,535 11,535 FALSE 100 12,936 1,260 FALSE 100 11,676 FALSE 17.797852
19 13,700 13,700 TRUE 75 13,300 700 FALSE 100 12,600 TRUE 13.348389
20 10,575 10,575 FALSE 100 12,376 700 FALSE 100 11,676 FALSE 17.797852
21 18,400 18,400 TRUE 100 15,400 4,200 FALSE 100 11,200 FALSE 17.797852
22 12,400 12,400 FALSE 100 11,900 700 FALSE 100 11,200 FALSE 23.730469
23 12,400 12,400 FALSE 100 11,900 700 FALSE 100 11,200 FALSE 23.730469
24 12,400 12,400 FALSE 100 11,900 700 FALSE 100 11,200 FALSE 23.730469
25 12,300 12,300 FALSE 100 11,550 1,050 FALSE 100 10,500 FALSE 23.730469
26 11,700 11,700 FALSE 100 11,200 700 FALSE 100 10,500 FALSE 23.730469
27 11,700 11,700 FALSE 100 11,200 700 FALSE 100 10,500 FALSE 23.730469
28 11,510 11,510 FALSE 100 11,235 385 FALSE 100 10,850 FALSE 23.730469
29 10,970 10,970 FALSE 100 10,920 70 FALSE 100 10,850 FALSE 31.640625
30 12,400 12,400 FALSE 100 11,900 700 FALSE 100 11,200 FALSE 31.640625
31 20,300 20,300 TRUE 100 16,800 4,900 FALSE 100 11,900 FALSE 31.640625
32 20,300 20,300 TRUE 100 16,800 4,900 FALSE 100 11,900 FALSE 31.640625
33 13,100 13,100 TRUE 100 12,600 700 FALSE 100 11,900 FALSE 31.640625
34 13,100 13,100 TRUE 75 12,600 700 FALSE 100 11,900 FALSE 42.1875
35 6,473 6,473 FALSE 100 12,600 700 FALSE 100 11,900 FALSE 56.25
36 4,450 4,450 FALSE 100 4,200 350 FALSE 100 3,850 FALSE 75
37 11,450 11,450 FALSE 100 11,200 350 FALSE 100 10,850 FALSE 75
38 13,120 13,120 TRUE 75 12,320 1,120 FALSE 100 11,200 FALSE 100
39 13,940 13,940 TRUE 56.25 13,090 1,190 FALSE 100 11,900 FALSE 100
40 9,071 9,071 FALSE 75 13,090 1,190 FALSE 100 11,900 FALSE 100
41 7,380 7,380 FALSE 100 6,930 630 FALSE 100 6,300 FALSE 100
42 7,380 7,380 FALSE 100 6,930 630 FALSE 100 6,300 FALSE 100
43 6,560 6,560 FALSE 100 6,160 560 FALSE 100 5,600 FALSE 100
44 13,940 13,940 TRUE 100 13,090 1,190 FALSE 100 11,900 FALSE 100
45 13,940 13,940 TRUE 75 13,090 1,190 FALSE 100 11,900 FALSE 100
46 11,415 11,415 FALSE 100 13,090 1,190 FALSE 100 11,900 FALSE 100
47 13,100 13,100 TRUE 75 12,600 700 FALSE 100 11,900 FALSE 100
48 4,450 4,450 FALSE 100 4,200 350 FALSE 100 3,850 FALSE 100
49 11,450 11,450 FALSE 100 11,200 350 FALSE 100 10,850 FALSE 100
50 13,600 13,600 TRUE 75 12,600 1,400 FALSE 100 11,200 FALSE 100
51 10,575 10,575 FALSE 100 12,600 700 FALSE 100 11,900 FALSE 100
As shown in Figure 7, controller 2 monitoring and managing network 2 concluded that the routers in
the network are passing very high traffic through. Meanwhile server is suffering the high traffic and reported
it back to the edge-controller agent. In its turn, the edge-controller initiated a controller-to-controller
communication (C2C) to track down traffic. it is noticeable Figure 7, in cycle 11, that controller 2 and just
after implementing NDPA started observing lower traffic than before. This new traffic is a direct result of
controllers implementing throughput reduction policy in routers they manage.
14. Int J Elec & Comp Eng ISSN: 2088-8708
Encountering distributed denial of service attack utilizing federated software defined … (Rima Abdelhadi)
587
Figure 7. Two controllers traffic detection
7. CONCLUSION
Software defined networks can be used to provide a variety of services, such as security, with a
sophisticated design and separation of duties between components to prevent DDoS attacks. Basic
assumptions made for this solution to work as intended are: The ability for controllers to communicate
efficiently, controllers have some computational power, routers and switches throughput can be reconfigured,
and controllers can get statistics about routers’ traffic. As shown by experiments designed, the proposed
solution and its algorithms managed to detect and the proposed solution was able to prevent a DDoS attack
from overwhelming the server, orchestrate its work with controllers, detect if the attack was over, and restore
throughput to its original values to elevate the QoS provided to customers and networks.
REFERENCES
[1] Kaspersky Lab, “Distributed denial of service: How DDoS attacks work,” Kaspersky, https://me-en.kaspersky.com/resource-
center/preemptive-safety/how-does-ddos-attack-work (accessed May 22, 2022).
[2] T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of distributed denial-of-service attack, prevention, and mitigation
techniques,” International Journal of Distributed Sensor Networks, vol. 13, no. 12, Art. no. 155014771774146, Dec. 2017,
doi: 10.1177/1550147717741463.
[3] W. Queiroz, M. A. M. Capretz, and M. Dantas, “An approach for SDN traffic monitoring based on big data techniques,” Journal
of Network and Computer Applications, vol. 131, pp. 28–39, Apr. 2019, doi: 10.1016/j.jnca.2019.01.016.
[4] M. D. Hatagundi and H. V. Kumaraswamy, “A comprehensive survey on different attacks on SDN and approaches to mitigate,”
in Proceedings of the 3rd International Conference on Computing Methodologies and Communication, ICCMC 2019, IEEE, Mar.
2019, pp. 624–627, doi: 10.1109/ICCMC.2019.8819717.
[5] S. Dong, K. Abbas, and R. Jain, “A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing
environments,” IEEE Access, vol. 7, pp. 80813–80828, 2019, doi: 10.1109/ACCESS.2019.2922196.
[6] D. Chouhan and A. Pal, “Detection and mitigation of mitigate denial of service (Dos) attacks using trust-based mechanism,”
International Journal of Scientific Research & Engineering Trends (IJSRET), vol. 7, no. 4, 2021.
[7] L. F. Eliyan and R. di Pietro, “DoS and DDoS attacks in software defined networks: A survey of existing solutions and research
challenges,” Future Generation Computer Systems, vol. 122, pp. 149–171, Sep. 2021, doi: 10.1016/j.future.2021.03.011.
[8] S. B. Chinmay Dharmadhikari, Salil Kulkarni, Swarali Temkar, “A study of DDoS attacks in software defined networks,” A Study
of DDoS Attacks in Software Defined Networks, vol. 6, no. 12, 2019.
[9] B. Kumar Joshi, N. Joshi, and M. Chandra Joshi, “Early detection of distributed denial of service attack in era of software-defined
network,” in 2018 11th International Conference on Contemporary Computing, IC3 2018, IEEE, Aug. 2018, doi:
10.1109/IC3.2018.8530546.
[10] Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in
cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys and Tutorials,
vol. 18, no. 1, pp. 602–622, 2016, doi: 10.1109/COMST.2015.2487361.
[11] N. N. Tuan, P. H. Hung, N. D. Nghia, N. Van Tho, T. Van Phan, and N. H. Thanh, “A DDoS attack mitigation scheme in ISP
networks using machine learning based on SDN,” Electronics (Switzerland), vol. 9, no. 3, p. 413, Feb. 2020, doi:
10.3390/electronics9030413.
[12] UNB, “DDoS evaluation dataset (CIC-DDoS2019),” Canadian Institute for Cybersecurity, https://www.unb.ca/cic/datasets/ddos-
2019.html (accessed Jul. 13, 2023).
[13] H. A. Alamri and V. Thayananthan, “Bandwidth control mechanism and extreme gradient boosting algorithm for protecting
software-defined networks against DDoS attacks,” IEEE Access, vol. 8, pp. 194269–194288, 2020, doi:
10.1109/ACCESS.2020.3033942.
[14] Y. Liu, B. Zhao, P. Zhao, P. Fan, and H. Liu, “A survey: Typical security issues of software-defined networking,” China
Communications, vol. 16, no. 7, pp. 13–31, Jul. 2020, doi: 10.23919/jcc.2019.07.002.
[15] Y. Chen, J. Pei, and D. Li, “DETPro: A high-efficiency and low-latency system against DDoS attacks in SDN based on decision
tree,” in IEEE International Conference on Communications, IEEE, May 2019, doi: 10.1109/ICC.2019.8761580.
15. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 14, No. 1, February 2024: 574-588
588
[16] R. Sanjeetha, A. Prasanna, D. Pradeep Kumar, and A. Kanavalli, “Mitigation of controller induced DDoS attack on primary server
in high traffic scenarios of software defined networks,” in International Symposium on Advanced Networks and
Telecommunication Systems, ANTS, IEEE, Dec. 2018, doi: 10.1109/ANTS.2018.8710066.
[17] T. M. Nam et al., “Self-organizing map-based approaches in DDoS flooding detection using SDN,” in International Conference
on Information Networking, IEEE, Jan. 2018, pp. 249–254, doi: 10.1109/ICOIN.2018.8343119.
[18] T. Ubale and A. K. Jain, “SRL: An TCP SYNFLOOD DDoS mitigation approach in software-defined networks,” in Proceedings
of the 2nd International Conference on Electronics, Communication and Aerospace Technology, ICECA 2018, IEEE, Mar. 2018,
pp. 956–962, doi: 10.1109/ICECA.2018.8474561.
[19] B. Aryal, R. Abbas, and I. B. Collings, “SDN enabled DDoS attack detection and mitigation for 5G networks,” Journal of
Communications, vol. 16, no. 7, pp. 267–275, 2021, doi: 10.12720/jcm.16.7.267-275.
[20] V. Sharma, “Multi-agent based intrusion prevention and mitigation architecture for software defined networks,” in International
Conference on Information and Communication Technology Convergence: ICT Convergence Technologies Leading the Fourth
Industrial Revolution, ICTC 2017, IEEE, Oct. 2017, pp. 686–692, doi: 10.1109/ICTC.2017.8191067.
[21] D. Hyun, J. Kim, D. Hong, and J. Jeong, “SDN-based network security functions for effective DDoS attack mitigation,” in
International Conference on Information and Communication Technology Convergence: ICT Convergence Technologies Leading
the Fourth Industrial Revolution, ICTC 2017, IEEE, Oct. 2017, pp. 834–839, doi: 10.1109/ICTC.2017.8190794.
[22] A. Kalliola, K. Lee, H. Lee, and T. Aura, “Flooding DDoS mitigation and traffic management with software defined networking,”
in 2015 IEEE 4th International Conference on Cloud Networking, CloudNet 2015, IEEE, Oct. 2015, pp. 248–254, doi:
10.1109/CloudNet.2015.7335317.
[23] P. Manso, J. Moura, and C. Serrão, “SDN-based intrusion detection system for early detection and mitigation of DDoS attacks,”
Information (Switzerland), vol. 10, no. 3, p. 106, Mar. 2019, doi: 10.3390/info10030106.
[24] S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” in 2015 International Conference
on Computing, Networking and Communications, ICNC 2015, IEEE, Feb. 2015, pp. 77–81, doi: 10.1109/ICCNC.2015.7069319.
[25] R. Sahay, G. Blanc, Z. Zhang, and H. Debar, “Towards autonomic DDoS mitigation using software defined networking,”
in Proceedings 2015 Workshop on Security of Emerging Networking Technologies, Internet Society, 2015, doi:
10.14722/sent.2015.23004.
BIOGRAPHIES OF AUTHORS
Rima Abdelhadi received a B.Sc. degree in science, majoring in computer science
from Mutah University, Alkarak, Jordan, in 2002, and a Master of Engineering, specializing in
computer and networks engineering in 2022, from Al-Hussein bin Talal University, Ma’an,
Jordan. Alqudah focuses on her work in computer security and protection, Protecting
infrastructure and resources. She can be contacted at email: rima.qudah@gmail.com
Moath H. Alsafasfeh associate professor electrical and computer engineering
2017 from Western Michigan University (WMU), USA, an M.Eng. in Communication and
Computer Engineering from Universiti Kebangsaan Malaysia (UKM) in June 2011, and
B.Eng. Computer Engineering from Mutah University, Jordan. Dr. Alsafasfeh is an associate
professor in the College of Engineering, Department of Computer Engineering, and also the
Director of the Academic Development and Quality Assurance Center at Al-Hussein bin Talal
University. Research interests are parallel processing, multiprocessor, and multicore systems;
computer vision, image processing, and pattern recognition; AI and machine learning; non-
destructive testing and evaluation; renewable energy systems (solar panels and gardens);
drones and quadcopters. He can be contacted at email: moath.alsafasfeh@ahu.edu.jo
Bilal I. Alqudah assistant professor of computer security and privacy protection
at the College of Engineering at Al-Hussein Bin Talal University, Ma'an. He holds a Ph.D. in
computer security and privacy protection, and a master's degree in computer science from the
Bobby B. Lyle College of Engineering, Southern Methodist University, Dallas, Texas- USA,
bachelor’s degree in computer science from Mutah University in Karak, Jordan. Dr. Alqudah
has held many local and international training seminars and conferences in their field of
specialization. Dr. Alqudah focuses on computer security and privacy research, electronic
medical record, and access controlling in addition to other areas of interest. He can be
contacted at email: alqudah@ahu.edu.jo.