SADM-SDNC: security anomaly detection and mitigation in software-defined networking using C-support vector classificatio
- PDF / 2,220,551 Bytes
- 33 Pages / 439.37 x 666.142 pts Page_size
- 91 Downloads / 211 Views
SADM-SDNC: security anomaly detection and mitigation in software-defined networking using C-support vector classification Tohid Jafarian1 · Mohammad Masdari1 · Ali Ghaffari2 · Kambiz Majidzadeh1 Received: 24 September 2019 / Accepted: 3 November 2020 © Springer-Verlag GmbH Austria, part of Springer Nature 2020
Abstract The inherent features of software-defined networking (SDN) architecture revolutionize traditional network infrastructure and provide the opportunity for integrated and centralized network monitoring. One of the shortcomings of SDNs is related to its high vulnerability to distributed denial of service attacks and other similar ones. In this paper, a novel multi-stage modular approach is proposed for detecting and mitigating security anomalies in SDN environment (SADM-SDNC). The proposed approach uses NetFlow protocol for gathering information and generating dataset and information gain ratio in order to select the effective features. Also, the C-support vector classification algorithm with radial basis function kernel, and features of Floodlight controller for developing a structure with desirable performance were used in the proposed scheme. The experimental results demonstrate that the proposed approach performs better than other methods in terms of enhancing accuracy and detection rate, and reducing classification error and false alarm rate, which were measured as 99.67%, 99.26%, 0.33%, and 0.08% respectively. Finally, thanks to utilizing REST API and Static Entry Pusher technologies in the Floodlight controller, it makes it possible to disconnect any communications with the attacking factors and remove destructive users.
B
Mohammad Masdari [email protected] Tohid Jafarian [email protected] Ali Ghaffari [email protected] Kambiz Majidzadeh [email protected]
1
Department of Computer Engineering, Urmia Branch, Islamic Azad University, Urmia, Iran
2
Department of Computer Engineering, Tabriz Branch, Islamic Azad University, Tabriz, Iran
123
T. Jafarian et al.
Keywords Anomaly detection · C-support vector classification (C-SVC) · SDN · DDoS · NetFlow · Floodlight Mathematics Subject Classification 68M10 · 68M25 · 68M12 · 68M11 · 68T08
1 Introduction With the increase in the number of network equipment and its complexity, integrated and centralized network management is considered to be essential. Software-defined networking (SDN) [1–5] is regarded as an alternative architecture for common inflexible networks, which provides engineers and network managers with numerous facilities and capabilities. In this architecture, the control plane is separated from the data plane [6, 7]. A new architecture of the network uses virtual layers, virtual switches, central controller, communication standards, and high-level application programming interfaces (API). In other words, SDNs are intended to reduce the dependency on hardware and enhances software application, thereby to enhance network smartness. OpenFlow is regarded as one of the early supporting approaches of the SDN archi
Data Loading...