Skip to main content
SpringerLink
Log in

SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Software-defined networking (SDN) is an approach in the network that provides many advantages with the help of separating the intelligence of the network (controller) with the underlying network infrastructure (data plane). But this isolation also gives birth to many security concerns; therefore, the need to protect the network from various attacks is becoming mandatory. Distributed Denial of Service (DDoS) in SDN is one such attack that is becoming a hurdle to its growth. Before the mitigation of DDoS attacks, the primary step is to detect them. In this paper, an early DDoS detection tool is created by using SNORT IDS (Intrusion Detection System). This tool is integrated with popularly used SDN controllers (Opendaylight and Open Networking Operating System). For the experimental setup, five different network scenarios are considered. In each scenario number of hosts, switches and data packets vary. For the creation of different hosts, switches the Mininet emulation tool is used whereas for generating the data packets four different penetration tools such as Hping3, Nping, Xerxes, Tor Hammer, LOIC are used. The generated data packets are ranging from (50,000 per second–2,50,000 per second) and the number of hosts/switches are ranging from (50–250) in every scenario respectively. The data traffic is bombarded towards the controllers and the evaluation of these packets is achieved by making use of Wireshark. The analysis of our DDoS detection system is performed on the basis of various parameters such as time to detect the DDoS attack, Round Trip Time (RTT), percentage of packet loss and type of DDoS attack. It is found that ODL takes minimum time to detect the successful DDoS attack and more time to go down than ONOS. Our tool ensures the timely detection of fast DDoS attacks which delivers the better performance of the SDN controller and not compromising the overall functionality of the entire network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Xia, W., Wen, Y., Foh, C.H., Niyato, D., Xie, H.: A survey on software-defined networking. IEEE Commun. Surveys Tutor. 17(1), 27–51 (2015)

    Article  Google Scholar 

  2. Lantz, B., Heller, B., & McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, p. 19. ACM (2010)

  3. Feamster, N., Rexford, J., Zegura, E.: The road to SDN: an intellectual history of programmable networks. ACM SIGCOMM Comput. Commun. Rev. 44(2), 87–98 (2014)

    Article  Google Scholar 

  4. Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634 (2014)

    Article  Google Scholar 

  5. Shenker, S., Casado, M., Koponen, T., McKeown, N.: The future of networking, and the past of protocols. Open Netw. Summit 20, 1–30 (2011)

    Google Scholar 

  6. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Turner, J.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  7. Fernandez, M.P.: Comparing OpenFlow controller paradigms scalability: reactive and proactive. In: 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA), pp. 1009–1016. IEEE (2013)

  8. Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)

    Article  Google Scholar 

  9. https://www.globenewswire.com/newsrelease/2019/04/04/1797303/0/en/Software-Defined-Networking-SDN-Market-Size-USD-59-Billion-by-202Growing-at-Massive-CAGR-of-42-41.html. Accessed 01 Oct 2019

  10. https://www.transformingnetworkinfrastructure.com/news/2019/03/22/8923883.htm. Accessed 15 Oct 2019

  11. https://www.networkworld.com/article/3209131/what-sdn-is-and-where-its-going.html. Accessed 30 Oct 2019

  12. Gupta, B.B., Agrawal, D.P. (eds.): Handbook of Research on Cloud Computing and Big Data Applications in IoT. IGI Global, Pennsylvania (2019)

    Google Scholar 

  13. Jammal, M., Singh, T., Shami, A., Asal, R., Li, Y.: Software defined networking: state of the art and research challenges. Comput. Netw. 72, 74–98 (2014)

    Article  Google Scholar 

  14. Badotra, S., Singh, J.: A review paper on software defined networking. Int. J. Adv. Res. Comput. Sci. 8(3), 2 (2017)

    Google Scholar 

  15. Kamal, A.E., Han, L., Lu, L., Jabbar, S.: Guest editorial: Special issue on software defined networking: trends, challenges, and prospective smart solutions. Peer-to-Peer Netw. Appl. 12(2), 291–294 (2019)

    Article  Google Scholar 

  16. Nayyer, A., Sharma, A.K., Awasthi, L.K.: Issues in software-defined networking. In: Proceedings of 2nd International Conference on Communication, Computing and Networking, pp. 989–997. Springer, Singapore (2019)

  17. Bhushan, K., Gupta, B.B.: Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J. Amb. Intell. Hum. Comput. 10(5), 1985–1997 (2019)

    Article  Google Scholar 

  18. Scott-Hayward, S., O'Callaghan, G., Sezer, S.: SDN security: A survey. In 2013 IEEE SDN For Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)

  19. Badotra, S., & Panda, S.N. Evaluation and comparison of OpenDayLight and open networking operating system in software-defined networking. Cluster Computing, pp. 1–11

  20. Fernandes, G., Rodrigues, J.J., Carvalho, L.F., Al-Muhtadi, J.F., Proença, M.L.: A comprehensive survey on network anomaly detection. Telecommun. Syst. 70(3), 447–489 (2019)

    Article  Google Scholar 

  21. Gupta, B.B., Badve, O.P.: Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comput. Appl. 28(12), 3655–3682 (2017)

    Article  Google Scholar 

  22. Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413–424. ACM (2013)

  23. Piedrahita, A.F.M., Rueda, S., Mattos, D.M., & Duarte, O.C.M.: FlowFence: a denial of service defense system for software defined networking. In: 2015 Global Information Infrastructure and Networking Symposium (GIIS), pp. 1–6. IEEE (2015)

  24. Ombase, P.M., Kulkarni, N.P., Bagade, S.T., Mhaisgawali, A.V.: DoS attack mitigation using rule based and anomaly based techniques in software defined networking. In: 2017 International Conference on Inventive Computing and Informatics (ICICI), pp. 469–475. IEEE (2017)

  25. You, X., Feng, Y., Sakurai, K.: Packet In message based DDoS attack detection in SDN network using OpenFlow. In: 2017 Fifth International Symposium on Computing and Networking (CANDAR), pp. 522–528. IEEE (2017)

  26. Kia, M. (2015). Early Detection and Mitigation of DDoS Attacks in Software Defined Networks (Doctoral dissertation, Master’s Thesis, Ryerson University, Toronto, ON, Canada).

  27. Mousavi, S.M., & St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: 2015 International Conference on Computing, Networking and Communications (ICNC), pp. 77–81. IEEE (2015)

  28. Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: Aopenflow-based intrusion prevention system in cloud environment. In: 2013 second GENI research and educational experiment workshop, pp. 89–92. IEEE (2013)

  29. Sahay, R., Blanc, G., Zhang, Z., Debar, H.: Towards autonomic DDoS mitigation using software defined networking (2015)

  30. Chowdhary, A., Pisharody, S., Alshamrani, A., Huang, D.: Dynamic game based security framework in SDN-enabled cloud networking environments. In: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 53–58. ACM (2017)

  31. Jevtic, S., Lotfalizadeh, H., Kim, D.S.: Toward network-based ddos detection in software-defined networks. In: Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication, p. 40. ACM (2018)

  32. Choi, Y.: Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure. In: Proceedings of European NetFPGA developers workshop (2010)

  33. Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: 2015 IEEE Trustcom/BigDataSE/ISPA, Vol. 1, pp. 310–317. IEEE (2015)

  34. Manso, P., Moura, J., Serrão, C.: SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information 10(3), 106 (2019)

    Article  Google Scholar 

  35. Ahalawat, A., Dash, S.S., Panda, A., Babu, K.S.: Entropy Based DDoS Detection and Mitigation in OpenFlow Enabled SDN. In: 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), pp. 1–5. IEEE (2019)

  36. www.mininet.org. Accessed 02 Dec 2019

  37. Badotra, S., Singh, J.: Open daylight as a controller for software defined networking. Int. J. Adv. Res. Comput. Sci. 8(5), 1105–1111 (2017)

    Google Scholar 

  38. https://snort.org/. Accessed 28 Dec 2019

  39. Roesch, M.: Snort: lightweight intrusion detection for networks. Lisa 99(1), 229–238 (1999)

    MathSciNet  Google Scholar 

  40. Gupta, A., Sharma, L.S.: Performance evaluation of snort and suricata intrusion detection systems on ubuntu server. In: Proceedings of ICRIC 2019, pp. 811–821. Springer, Cham (2020)

  41. Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., Mishra, A. K.: Performance Comparison and Analysis of Slowloris, GoldenEye and Xerxes DDoS Attack Tools. In: 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 318–322. IEEE (2018)

  42. Behal, S., Kumar, K.: Characterization and comparison of DDoS attack tools and traffic generators: a review. IJ Netw. Security 19(3), 383–393 (2017)

    Google Scholar 

  43. Hoque, N., Bhuyan, M.H., Baishya, R.C., Bhattacharyya, D.K., Kalita, J.K.: Network attacks: taxonomy, tools and systems. J. Netw. Comput. Appl. 40, 307–324 (2014)

    Article  Google Scholar 

  44. Guozi, S.U.N., Jiang, W., Yu, G.U., Danni, R.E.N., Huakang, L.I.: DDoS attacks and flash event detection based on flow characteristics in SDN. In: 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS), pp. 1–6 (2018)

Download references

Author information

Authors and Affiliations

  1. Chitkara University Institute of Engineering and Technology, Chitkara University, Punjab, India

    Sumit Badotra & Surya Narayan Panda

Authors
  1. Sumit Badotra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Surya Narayan Panda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sumit Badotra.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Badotra, S., Panda, S.N. SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking. Cluster Comput 24, 501–513 (2021). https://doi.org/10.1007/s10586-020-03133-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03133-y

Keywords

Search

Navigation