A multi-layered intrusion detection system for software defined networking <sup>☆</sup>

Bour, H; Abolhasan, M; Jafarizadeh, S; Lipman, J; Makhdoom, I

A multi-layered intrusion detection system for software defined networking <sup>☆</sup>

Bour, H Abolhasan, M

Jafarizadeh, S Lipman, J

Makhdoom, I

Permalink

Publisher:: PERGAMON-ELSEVIER SCIENCE LTD
Publication Type:: Journal Article
Citation:: Computers and Electrical Engineering, 2022, 101
Issue Date:: 2022-07-01

Closed Access

	Filename	Description	Size
	A multi-layered intrusion detection system for software defined networking.pdf	Published version	2.54 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Bour, H
dc.contributor.author	Abolhasan, M https://orcid.org/0000-0002-4282-6666
dc.contributor.author	Jafarizadeh, S
dc.contributor.author	Lipman, J https://orcid.org/0000-0003-2877-1168
dc.contributor.author	Makhdoom, I https://orcid.org/0000-0002-6205-5897
dc.date.accessioned	2023-03-17T02:02:15Z
dc.date.available	2023-03-17T02:02:15Z
dc.date.issued	2022-07-01
dc.identifier.citation	Computers and Electrical Engineering, 2022, 101
dc.identifier.issn	0045-7906
dc.identifier.issn	1879-0755
dc.identifier.uri	http://hdl.handle.net/10453/167416
dc.description.abstract	The majority of existing DDoS defense mechanisms in SDN impose a significant computational burden on the controller and employ limited flow statistics and packet features. Tackling these issues, this paper presents a multi-layer defense mechanism that detects and mitigates three distinct types of flooding DDoS attacks. In the proposed framework, the detection process consists of flow-based and packet-based attack detection mechanisms employing Extreme Learning Machine-based Single-hidden Layer Feedforward Networks (ELM-SLFNs) and Case-based Information Entropy (C-IE), respectively. Moreover, the affected switches are avoided in the optimal path determined by the Floyd-Warshall algorithm, where the switches are classified based on the Hidden Markov Model (HMM) using the extracted packet features. Our simulation demonstrates the improved performance of our framework compared to similar schemes proposed in the literature in terms of different metrics, including attack detection rate, detection accuracy, false-positive rate, switch failure ratio, packet loss rate, response time, and CPU utilization.
dc.language	English
dc.publisher	PERGAMON-ELSEVIER SCIENCE LTD
dc.relation.ispartof	Computers and Electrical Engineering
dc.relation.isbasedon	10.1016/j.compeleceng.2022.108042
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0803 Computer Software, 0805 Distributed Computing, 0906 Electrical and Electronic Engineering
dc.subject.classification	Electrical & Electronic Engineering
dc.title	A multi-layered intrusion detection system for software defined networking <sup>☆</sup>
dc.type	Journal Article
utslib.citation.volume	101
utslib.for	0803 Computer Software
utslib.for	0805 Distributed Computing
utslib.for	0906 Electrical and Electronic Engineering
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Strength - CRIN - Realtime Information Networks
pubs.organisational-group	/University of Technology Sydney/Strength - GBDTC - Global Big Data Technologies
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
utslib.copyright.status	closed_access	*
dc.date.updated	2023-03-17T02:02:14Z
pubs.publication-status	Published
pubs.volume	101

Abstract:

The majority of existing DDoS defense mechanisms in SDN impose a significant computational burden on the controller and employ limited flow statistics and packet features. Tackling these issues, this paper presents a multi-layer defense mechanism that detects and mitigates three distinct types of flooding DDoS attacks. In the proposed framework, the detection process consists of flow-based and packet-based attack detection mechanisms employing Extreme Learning Machine-based Single-hidden Layer Feedforward Networks (ELM-SLFNs) and Case-based Information Entropy (C-IE), respectively. Moreover, the affected switches are avoided in the optimal path determined by the Floyd-Warshall algorithm, where the switches are classified based on the Hidden Markov Model (HMM) using the extracted packet features. Our simulation demonstrates the improved performance of our framework compared to similar schemes proposed in the literature in terms of different metrics, including attack detection rate, detection accuracy, false-positive rate, switch failure ratio, packet loss rate, response time, and CPU utilization.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/167416