Papers
Topics
Authors
Recent
Search
2000 character limit reached

Toward a real-time TCP SYN Flood DDoS mitigation using Adaptive Neuro-Fuzzy classifier and SDN Assistance in Fog Computing

Published 27 Nov 2023 in cs.CR | (2311.15633v1)

Abstract: The growth of the Internet of Things (IoT) has recently impacted our daily lives in many ways. As a result, a massive volume of data is generated and needs to be processed in a short period of time. Therefore, the combination of computing models such as cloud computing is necessary. The main disadvantage of the cloud platform is its high latency due to the centralized mainframe. Fortunately, a distributed paradigm known as fog computing has emerged to overcome this problem, offering cloud services with low latency and high-access bandwidth to support many IoT application scenarios. However, Attacks against fog servers can take many forms, such as Distributed Denial of Service (DDoS) attacks that severely affect the reliability and availability of fog services. To address these challenges, we propose mitigation of Fog computing-based SYN Flood DDoS attacks using an Adaptive Neuro-Fuzzy Inference System (ANFIS) and Software Defined Networking (SDN) Assistance (FASA). The simulation results show that FASA system outperforms other algorithms in terms of accuracy, precision, recall, and F1-score. This shows how crucial our system is for detecting and mitigating TCP SYN floods DDoS attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (59)
  1. H. Saidi, N. Labraoui, A. A. A. Ari, and D. Bouida, “Remote health monitoring system of elderly based on fog to cloud (f2c) computing,” pp. 1–7, 2020.
  2. M. Babaghayou, N. Labraoui, and A. A. A. Ari, “Location-privacy evaluation within the extreme points privacy (epp) scheme for vanet users,” International Journal of Strategic Information Technology and Applications (IJSITA), vol. 10, no. 2, pp. 44–58, 2019.
  3. M. Babaghayou, N. Labraoui, A. A. Abba Ari, M. A. Ferrag, L. Maglaras, and H. Janicke, “Whisper: A location privacy-preserving scheme using transmission range changing for internet of vehicles,” Sensors, vol. 21, no. 7, p. 2443, 2021.
  4. H. Saidi, N. Labraoui, A. A. A. Ari, L. A. Maglaras, and J. H. M. Emati, “Dsmac: Privacy-aware decentralized self-management of data access control based on blockchain for health data,” IEEE Access, vol. 10, pp. 101 011–101 028, 2022.
  5. S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks,” IEEE communications surveys & tutorials, vol. 15, no. 4, pp. 2046–2069, 2013.
  6. S. Sumathi and N. Karthikeyan, “Retracted article: Detection of distributed denial of service using deep learning neural network,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 6, pp. 5943–5953, 2021.
  7. K. Bhushan et al., “Ddos attack defense framework for cloud using fog computing,” in 2017 2nd IEEE international conference on recent trends in electronics, information & communication technology (RTEICT).   IEEE, 2017, pp. 534–538.
  8. B. Paharia and K. Bhushan, “Fog computing as a defensive approach against distributed denial of service (ddos): A proposed architecture,” in 2018 9th international conference on computing, communication and networking technologies (ICCCNT).   IEEE, 2018, pp. 1–7.
  9. B. A. A. Nunes, M. Mendonca, X.-N. Nguyen, K. Obraczka, and T. Turletti, “A survey of software-defined networking: Past, present, and future of programmable networks,” IEEE Communications surveys & tutorials, vol. 16, no. 3, pp. 1617–1634, 2014.
  10. S. Javanmardi, M. Shojafar, R. Mohammadi, A. Nazari, V. Persico, and A. Pescapè, “Fupe: A security driven task scheduling approach for sdn-based iot–fog networks,” Journal of information security and applications, vol. 60, p. 102853, 2021.
  11. S. Javanmardi, M. Shojafar, R. Mohammadi, M. Alazab, and A. M. Caruso, “An sdn perspective iot-fog security: A survey,” Computer Networks, vol. 229, p. 109732, 2023.
  12. A. S. Boroujerdi and S. Ayat, “A robust ensemble of neuro-fuzzy classifiers for ddos attack detection,” in Proceedings of 2013 3rd International Conference on Computer Science and Network Technology.   IEEE, 2013, pp. 484–487.
  13. P. A. R. Kumar and S. Selvakumar, “Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems,” Computer Communications, vol. 36, no. 3, pp. 303–319, 2013.
  14. “Kdd data set,” http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 1999.
  15. A. Aldweesh, A. Derhab, and A. Z. Emam, “Deep learning approaches for anomaly-based intrusion detection systems: A survey, taxonomy, and open issues,” Knowledge-Based Systems, vol. 189, p. 105124, 2020.
  16. S. Fichera, L. Galluccio, S. C. Grancagnolo, G. Morabito, and S. Palazzo, “Operetta: An openflow-based remedy to mitigate tcp synflood attacks against web servers,” Computer Networks, vol. 92, pp. 89–100, 2015.
  17. G. Ramadhan, Y. Kurniawan, and C.-S. Kim, “Design of tcp syn flood ddos attack detection using artificial immune systems,” in 2016 6th International Conference on System Engineering and Technology (ICSET).   IEEE, 2016, pp. 72–76.
  18. A. Ahalawat, K. S. Babu, A. K. Turuk, and S. Patel, “A low-rate ddos detection and mitigation for sdn using renyi entropy with packet drop,” Journal of Information Security and Applications, vol. 68, p. 103212, 2022.
  19. N. Hoque, H. Kashyap, and D. K. Bhattacharyya, “Real-time ddos attack detection using fpga,” Computer Communications, vol. 110, pp. 48–58, 2017.
  20. S. Jin and D. S. Yeung, “A covariance analysis model for ddos attack detection,” in 2004 IEEE International Conference on Communications (IEEE Cat. No. 04CH37577), vol. 4.   IEEE, 2004, pp. 1882–1886.
  21. S.-C. Tsai, I.-H. Liu, C.-T. Lu, C.-H. Chang, and J.-S. Li, “Defending cloud computing environment against the challenge of ddos attacks based on software defined network,” in Advances in Intelligent Information Hiding and Multimedia Signal Processing: Proceeding of the Twelfth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Nov., 21-23, 2016, Kaohsiung, Taiwan, Volume 1.   Springer, 2017, pp. 285–292.
  22. A. Bhardwaj, V. Mangat, R. Vig, S. Halder, and M. Conti, “Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions,” Computer Science Review, vol. 39, p. 100332, 2021.
  23. S. Rajagopal, P. P. Kundapur, and K. Hareesha, “Towards effective network intrusion detection: from concept to creation on azure cloud,” IEEE Access, vol. 9, pp. 19 723–19 742, 2021.
  24. N. N. Tuan, P. H. Hung, N. D. Nghia, N. Van Tho, T. V. Phan, and N. H. Thanh, “A robust tcp-syn flood mitigation scheme using machine learning based on sdn,” in 2019 International Conference on Information and Communication Technology Convergence (ICTC).   IEEE, 2019, pp. 363–368.
  25. R. Priyadarshini, R. Kumar Barik, and H. Dubey, “Fog-sdn: A light mitigation scheme for ddos attack in fog computing framework,” International Journal of Communication Systems, vol. 33, no. 9, p. e4389, 2020.
  26. M. V. de Assis, L. F. Carvalho, J. J. Rodrigues, J. Lloret, and M. L. Proença Jr, “Near real-time security system applied to sdn environments in iot networks using convolutional neural network,” Computers & Electrical Engineering, vol. 86, p. 106738, 2020.
  27. M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proença Jr, “Adversarial deep learning approach detection and defense against ddos attacks in sdn environments,” Future Generation Computer Systems, vol. 125, pp. 156–167, 2021.
  28. J. A. Perez-Diaz, I. A. Valdovinos, K.-K. R. Choo, and D. Zhu, “A flexible sdn-based architecture for identifying and mitigating low-rate ddos attacks using machine learning,” IEEE Access, vol. 8, pp. 155 859–155 872, 2020.
  29. O. Brun, Y. Yin, E. Gelenbe, Y. M. Kadioglu, J. Augusto-Gonzalez, and M. Ramos, “Deep learning with dense random neural networks for detecting attacks against iot-connected home environments,” in Security in Computer and Information Sciences: First International ISCIS Security Workshop 2018, Euro-CYBERSEC 2018, London, UK, February 26-27, 2018, Revised Selected Papers 1.   Springer International Publishing, 2018, pp. 79–89.
  30. S. Evmorfos, G. Vlachodimitropoulos, N. Bakalos, and E. Gelenbe, “Neural network architectures for the detection of syn flood attacks in iot systems,” in Proceedings of the 13th ACM International Conference on PErvasive Technologies Related to Assistive Environments, 2020, pp. 1–4.
  31. R. Devi, R. K. Jha, A. Gupta, S. Jain, and P. Kumar, “Implementation of intrusion detection system using adaptive neuro-fuzzy inference system for 5g wireless communication network,” AEU-International Journal of Electronics and Communications, vol. 74, pp. 94–106, 2017.
  32. O. Osanaiye, K.-K. R. Choo, and M. Dlodlo, “Distributed denial of service (ddos) resilience in cloud: Review and conceptual cloud ddos mitigation framework,” Journal of Network and Computer Applications, vol. 67, pp. 147–165, 2016.
  33. S. Khattak, N. R. Ramay, K. R. Khan, A. A. Syed, and S. A. Khayam, “A taxonomy of botnet behavior, detection, and defense,” IEEE communications surveys & tutorials, vol. 16, no. 2, pp. 898–924, 2013.
  34. N. Hoque, D. K. Bhattacharyya, and J. K. Kalita, “Botnet in ddos attacks: trends and challenges,” IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2242–2270, 2015.
  35. B. Paharia and K. Bhushan, “A comprehensive review of distributed denial of service (ddos) attacks in fog computing environment,” Handbook of Computer Networks and Cyber Security: Principles and Paradigms, pp. 493–524, 2020.
  36. C. L. Schuba, I. V. Krsul, M. G. Kuhn, E. H. Spafford, A. Sundaram, and D. Zamboni, “Analysis of a denial of service attack on tcp,” in Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097).   IEEE, 1997, pp. 208–223.
  37. R. Santos, D. Souza, W. Santo, A. Ribeiro, and E. Moreno, “Machine learning algorithms to detect ddos attacks in sdn,” Concurrency and Computation: Practice and Experience, vol. 32, no. 16, p. e5402, 2020.
  38. J.-S. Jang, “Anfis: adaptive-network-based fuzzy inference system,” IEEE transactions on systems, man, and cybernetics, vol. 23, no. 3, pp. 665–685, 1993.
  39. S. Benfriha and N. Labraoui, “Insiders detection in the uncertain iod using fuzzy logic,” in 2022 International Arab Conference on Information Technology (ACIT).   IEEE, 2022, pp. 1–6.
  40. N. Walia, H. Singh, and A. Sharma, “Anfis: Adaptive neuro-fuzzy inference system-a survey,” International Journal of Computer Applications, vol. 123, no. 13, 2015.
  41. S. Ghosh, S. Biswas, D. Sarkar, and P. P. Sarkar, “A novel neuro-fuzzy classification technique for data mining,” Egyptian Informatics Journal, vol. 15, no. 3, pp. 129–147, 2014.
  42. D. P. Kingma and J. Ba, “Adam: A method for stochastic optimization,” arXiv preprint arXiv:1412.6980, 2014.
  43. R. Devi, R. K. Jha, A. Gupta, S. Jain, and P. Kumar, “Implementation of intrusion detection system using adaptive neuro-fuzzy inference system for 5g wireless communication network,” AEU-International Journal of Electronics and Communications, 74, 94-106., 2017.
  44. V. Bureva, “Generalized net model of information security activities in the automated information systems,” in Advances and New Developments in Fuzzy Logic and Technology: Selected Papers from IWIFSGN’2019–The Eighteenth International Workshop on Intuitionistic Fuzzy Sets and Generalized Nets held on October 24-25, 2019 in Warsaw, Poland.   Springer, 2021, pp. 280–288.
  45. A. Aguado, M. Davis, S. Peng, M. V. Alvarez, V. López, T. Szyrkowiec, A. Autenrieth, R. Vilalta, A. Mayoral, R. Muñoz et al., “Dynamic virtual network reconfiguration over sdn orchestrated multitechnology optical transport domains,” Journal of Lightwave Technology, vol. 34, no. 8, pp. 1933–1938, 2016.
  46. K. Bakshi, “Considerations for software defined networking (sdn): Approaches and use cases,” in 2013 IEEE Aerospace Conference.   IEEE, 2013, pp. 1–9.
  47. D. Samociuk, “Secure communication between openflow switches and controllers,” AFIN 2015, vol. 39, 2015.
  48. S. Sathyadevan, K. Achuthan, R. Doss, and L. Pan, “Protean authentication scheme–a time-bound dynamic keygen authentication technique for iot edge nodes in outdoor deployments,” IEEE access, vol. 7, pp. 92 419–92 435, 2019.
  49. J.-P. A. Yaacoub, O. Salman, H. N. Noura, N. Kaaniche, A. Chehab, and M. Malli, “Cyber-physical systems security: Limitations, issues and future trends,” Microprocessors and microsystems, vol. 77, p. 103201, 2020.
  50. Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (sdn) and distributed denial of service (ddos) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE communications surveys & tutorials, vol. 18, no. 1, pp. 602–622, 2015.
  51. R. Vishwakarma and A. K. Jain, “A survey of ddos attacking techniques and defence mechanisms in the iot network,” Telecommunication systems, vol. 73, no. 1, pp. 3–25, 2020.
  52. “M. team, mininet overview,” http://mininet.org/overview/, 2023.
  53. “Ryu sdn framework,” https://ryu-sdn.org/l, 2023.
  54. S. Bhardwaj and S. N. Panda, “Performance evaluation using ryu sdn controller in software-defined networking environment,” Wireless Personal Communications, vol. 122, no. 1, pp. 701–723, 2022.
  55. “Keras.io,” https://keras.io, 2023.
  56. M. Abadi, “Tensorflow: learning functions at scale,” in Proceedings of the 21st ACM SIGPLAN International Conference on Functional Programming, 2016, pp. 1–1.
  57. S. Prusty, S. Patnaik, and S. K. Dash, “Skcv: Stratified k-fold cross-validation on ml classifiers for predicting cervical cancer,” Frontiers in Nanotechnology, vol. 4, p. 972421, 2022.
  58. I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (ddos) attack dataset and taxonomy,” in 2019 International Carnahan Conference on Security Technology (ICCST).   IEEE, 2019, pp. 1–8.
  59. Y. Xia, C. Liu, Y. Li, and N. Liu, “A boosted decision tree approach using bayesian hyper-parameter optimization for credit scoring,” Expert systems with applications, vol. 78, pp. 225–241, 2017.
Citations (3)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up