Skip to main content
SpringerLink
Log in

SADM-SDNC: security anomaly detection and mitigation in software-defined networking using C-support vector classification

  • Regular Paper
  • Published:
Computing Aims and scope Submit manuscript

Abstract

The inherent features of software-defined networking (SDN) architecture revolutionize traditional network infrastructure and provide the opportunity for integrated and centralized network monitoring. One of the shortcomings of SDNs is related to its high vulnerability to distributed denial of service attacks and other similar ones. In this paper, a novel multi-stage modular approach is proposed for detecting and mitigating security anomalies in SDN environment (SADM-SDNC). The proposed approach uses NetFlow protocol for gathering information and generating dataset and information gain ratio in order to select the effective features. Also, the C-support vector classification algorithm with radial basis function kernel, and features of Floodlight controller for developing a structure with desirable performance were used in the proposed scheme. The experimental results demonstrate that the proposed approach performs better than other methods in terms of enhancing accuracy and detection rate, and reducing classification error and false alarm rate, which were measured as 99.67%, 99.26%, 0.33%, and 0.08% respectively. Finally, thanks to utilizing REST API and Static Entry Pusher technologies in the Floodlight controller, it makes it possible to disconnect any communications with the attacking factors and remove destructive users.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Rojas E et al (2018) Are we ready to drive software-defined networks? A comprehensive survey on management tools and techniques. ACM Comput Surv (CSUR) 51(2):27

    Google Scholar 

  2. Bilal R, Khan BM (2019) Software-defined networks (SDN): a survey. In: Gupta B, Agrawal DP (eds) Handbook of research on cloud computing and big data applications in IoT. IGI Global, pp 516–536. https://doi.org/10.4018/978-1-5225-8407-0.ch023

  3. Rana DS, Dhondiyal SA, Chamoli SK (2019) Software defined networking (SDN) challenges, issues and solution. Int J Comput Sci Eng 7(1):884–889

    Google Scholar 

  4. Hu T, Guo Z, Yi P, Baker T, Lan J (2018) Multi-controller based software-defined networking: a survey. IEEE Access 6:15980–15996

    Google Scholar 

  5. Yu C, Lan J, Guo Z, Hu Y, Baker T (2019) An adaptive and lightweight update mechanism for SDN. IEEE Access 7:12914–12927

    Google Scholar 

  6. Benzekki K, El Fergougui A, Elbelrhiti Elalaoui A (2017) Software-defined networking (SDN): a survey. Secur Commun Netw 9(18):5803–5833

    Google Scholar 

  7. Alfoudi ASD, Newaz SS, Ramlie R, Lee GM, Baker T (2019) Seamless mobility management in heterogeneous 5G networks: a coordination approach among distributed sdn controllers. In: 2019 IEEE 89th vehicular technology conference (VTC2019-Spring), IEEE, pp 1–6

  8. Masoudi R, Ghaffari A (2016) Software defined networks: a survey. J Netw Comput Appl 67:1–25

    Google Scholar 

  9. Kreutz D, Ramos FM, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. Proc IEEE 103(1):14–76

    Google Scholar 

  10. Farhady H, Lee H, Nakao A (2015) Software-defined networking: a survey. Comput Netw 81:79–95

    Google Scholar 

  11. Gupta RK, Sahoo B (2018) Security issues in software-defined networks. IUP J Inf Technol 14(2):72–82

    Google Scholar 

  12. Liu Y, Zhao B, Zhao P, Fan P, Liu H (2019) A survey: typical security issues of software-defined networking. China Commun 16(7):13–31

    Google Scholar 

  13. Sahay R, Meng W, Jensen CD (2019) The application of software defined networking on securing computer networks: a survey. J Netw Comput Appl 131:89–108

    Google Scholar 

  14. Sultana N, Chilamkurti N, Peng W, Alhadad R (2019) Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw Appl 12(2):493–501

    Google Scholar 

  15. Ai J, Chen H, Guo Z, Cheng G, Baker T (2020) Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment. Future Gener Comput Syst 111:841–852

    Google Scholar 

  16. Tariq N, Asim M, Maamar Z, Farooqi MZ, Faci N, Baker T (2019) A mobile code-driven trust mechanism for detecting internal attacks in sensor node-powered IoT. J Parall Distrib Comput 134:198–206

    Google Scholar 

  17. Wang Y, Guo Y, Guo Z, Baker T, Liu W (2020) CLOSURE: a cloud scientific workflow scheduling algorithm based on attack–defense game model. Future Gener Comput Syst 111:460–474

    Google Scholar 

  18. Akhunzada A et al (2016) Secure and dependable software defined networks. J Netw Comput Appl 61:199–221

    Google Scholar 

  19. Ahmad I, Namal S, Ylianttila M, Gurtov A (2015) Security in software defined networks: a survey. IEEE Commun Surv Tutor 17(4):2317–2346

    Google Scholar 

  20. Jafarian T, Masdari M, Ghaffari A, Majidzadeh K (2020) A survey and classification of the security anomaly detection mechanisms in software defined networks. Cluster Comput. https://doi.org/10.1007/s10586-020-03184-1

    Article  Google Scholar 

  21. Bawany NZ, Shamsi JA, Salah K (2017) DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab J Sci Eng 42(2):425–441

    Google Scholar 

  22. Yan Q, Yu FR, Gong Q, Li J (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor 18(1):602–622

    Google Scholar 

  23. da Silva AS, Wickboldt JA, Granville LZ, Schaeffer-Filho A (2016) ATLANTIC: a framework for anomaly traffic detection, classification, and mitigation in SDN. In: Network operations and management symposium (NOMS), 2016 IEEE/IFIP, pp 27–35: IEEE

  24. Ahmed M, Mahmood AN, Islam MR (2016) A survey of anomaly detection techniques in financial domain. Future Gener Comput Syst 55:278–288

    Google Scholar 

  25. Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31

    Google Scholar 

  26. Sun R, Zhang S, Yin C, Wang J, Min S (2019) Strategies for data stream mining method applied in anomaly detection. Cluster Comput 22(2):399–408

    Google Scholar 

  27. Wang J, Xia L (2019) Abnormal behavior detection in videos using deep learning. Cluster Comput 22(4):9229–9239

    MathSciNet  Google Scholar 

  28. Velliangiri S, Premalatha J (2019) Intrusion detection of distributed denial of service attack in cloud. Cluster Comput 22(5):10615–10623

    Google Scholar 

  29. Yin C, Zhang S, Yin Z, Wang J (2019) Anomaly detection model based on data stream clustering. Cluster Comput 22:1729–1738. https://doi.org/10.1007/s10586-017-1066-2

    Article  Google Scholar 

  30. Jaber AN, Rehman SU (2020) FCM–SVM based intrusion detection system for cloud computing environment. Cluster Comput 23:3221–3231. https://doi.org/10.1007/s10586-020-03082-6

    Article  Google Scholar 

  31. Aljawarneh S, Yassein MB, Aljundi M (2019) An enhanced J48 classification algorithm for the anomaly intrusion detection systems. Cluster Comput 22(5):10549–10565

    Google Scholar 

  32. Karmakar KK, Varadharajan V, Tupakula U (2019) Mitigating attacks in software defined networks. Cluster Comput 22(4):1143–1157

    Google Scholar 

  33. Badotra S, Panda SN (2019) SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking. Cluster Comput. https://doi.org/10.1007/s10586-020-03133-y

    Article  Google Scholar 

  34. Kokila R, Selvi ST, Govindarajan K (2014) DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 sixth international conference on advanced computing (ICoAC), pp 205–210: IEEE

  35. Hommes S, State R, Engel T (2014) Implications and detection of DoS attacks in OpenFlow-based networks. In: 2014 IEEE global communications conference, pp 537–543: IEEE

  36. Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62:122–136

    Google Scholar 

  37. Sathya R, Thangarajan R (2015) Efficient anomaly detection and mitigation in software defined networking environment. In: 2015 2nd international conference on electronics and communication systems (ICECS), pp 479–484: IEEE

  38. Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Trustcom/BigDataSE/ISPA, 2015 IEEE, vol 1, pp 310–317: IEEE

  39. Niyaz Q, Sun W, Javaid AY (2016) A deep learning based DDoS detection system in software-defined networking (SDN). arXiv:1611.07400

  40. Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Secur Commun Netw. https://doi.org/10.1155/2018/9804061

    Article  Google Scholar 

  41. Garg S, Kaur K, Kumar N, Rodrigues JJ (2019) Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in SDN: a social multimedia perspective. IEEE Trans Multimed 21(3):566–578

    Google Scholar 

  42. Tang TA, McLernon D, Mhamdi L, Zaidi SAR, Ghogho M (2019) Intrusion detection in SDN-based networks: deep recurrent neural network approach. In: Alazab M, Tang M (eds) Deep learning applications for cyber security. Advanced sciences and technologies for security applications. Springer, Cham. https://doi.org/10.1007/978-3-030-13057-2_8

    Chapter  Google Scholar 

  43. Dey SK, Uddin MR, Rahman MM (2020) Performance analysis of SDN-based intrusion detection model with feature selection approach. In: Proceedings of international joint conference on computational intelligence, pp 483–494. Springer

  44. Nunes BAA, Mendonca M, Nguyen X-N, Obraczka K, Turletti T (2014) A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun Surv Tutor 16(3):1617–1634

    Google Scholar 

  45. Xia W, Wen Y, Foh CH, Niyato D, Xie H (2015) A survey on software-defined networking. IEEE Commun Surv Tutor 17(1):27–51

    Google Scholar 

  46. Lockwood JW, et al. (2007) NetFPGA–an open platform for gigabit-rate network switching and routing. In: 2007 IEEE international conference on microelectronic systems education (MSE’07), pp 160–161:IEEE

  47. Pfaff B, Pettit J, Amidon K, Casado M, Koponen T, Shenker S (2009) Extending networking into the virtualization layer. In: Hotnets

  48. F. O. A. http://www.projectfloodlight.org/

  49. Mattos DM, et al. (2011) Omni: openflow management infrastructure. In: 2011 international conference on the network of the future (NOF), pp 52–56: IEEE

  50. T. O. A. http://trema.github.com/trema/

  51. R. O. A. http://osrg.github.com/ryu/

  52. Gude N et al (2008) NOX: towards an operating system for networks. ACM SIGCOMM Comput Commun Rev 38(3):105–110

    Google Scholar 

  53. Shalimov A, Zuikov D, Zimarina D, Pashkov V, Smeliansky R (2013) Advanced study of SDN/OpenFlow controllers. In: Proceedings of the 9th central & eastern european software engineering conference in Russia, p 1. ACM

  54. O. O. A. http://www.opendaylight.org/

  55. Li L, Chou W, Zhou W, Luo M (2016) Design patterns and extensibility of REST API for networking applications. IEEE Trans Netw Serv Manag 13(1):154–167

    Google Scholar 

  56. Zhou W, Li L, Luo M, Chou W (2014) REST API design patterns for SDN northbound API. In: 2014 28th international conference on advanced information networking and applications workshops, pp 358–365. IEEE

  57. Lara A, Quesada L (2018) Performance analysis of SDN northbound interfaces. In: 2018 IEEE 10th Latin-American conference on communications (LATINCOM), pp 1–6. IEEE

  58. Jerome A, Yuksel M, Ahmed SH, Bassiouni M (2018) SDN-based load balancing for multi-path TCP. In: IEEE INFOCOM 2018-IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp 859–864. IEEE

  59. Chin T, Xiong K, Hu C (2018) Phishlimiter: a phishing detection and mitigation approach using software-defined networking. IEEE Access 6:42516–42531

    Google Scholar 

  60. Lantz B, Heller B, McKeown N (2010) A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM workshop on hot topics in networks, p 19. ACM

  61. Li B, Springer J, Bebis G, Gunes MH (2013) A survey of network flow applications. J Netw Comput Appl 36(2):567–581

    Google Scholar 

  62. Kerr DR, Bruins BL (2001) Network flow switching and flow data export,” ed: Google Patents

  63. Nacshon L, Puzis R, Zilberman P (2016) Floware: balanced flow monitoring in software defined networks. arXiv:1608.03307

  64. Hosseinzadeh M, Rahmani AM, Vo B, Bidaki M, Masdari M, Zangakani M (2020) Improving security using SVM-based anomaly detection: issues and challenges. Soft Comput. https://doi.org/10.1007/s00500-020-05373-x

    Article  Google Scholar 

  65. Masdari M, Khezri H (2020) Towards fuzzy anomaly detection-based security: a comprehensive review. Fuzzy Optim Decis Making. https://doi.org/10.1007/s10700-020-09332-x

    Article  Google Scholar 

  66. Masdari M, Khezri H (2020) A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl Soft Comput. https://doi.org/10.1016/j.asoc.2020.106301

    Article  Google Scholar 

  67. Masdari M, Jalali M (2016) A survey and taxonomy of DoS attacks in cloud computing. Secur Commun Netw 9(16):3724–3751

    Google Scholar 

  68. Kotsiantis SB, Zaharakis I, Pintelas P (2007) Supervised machine learning: a review of classification techniques. Emerg Artif Intell Appl Comput Eng 160:3–24

    Google Scholar 

  69. Nguyen TT, Armitage GJ (2008) A survey of techniques for internet traffic classification using machine learning. IEEE Commun Surv Tutor 10(1–4):56–76

    Google Scholar 

  70. Harrington P (2012) Machine learning in action. Manning Publications Co., New York

    Google Scholar 

  71. Chapaneri R, Shah S (2019) A comprehensive survey of machine learning-based network intrusion detection. In: Satapathy S, Bhateja V, Das S (eds) Smart intelligent computing and applications. Smart innovation, Systems and technologies, vol 104. Springer, Singapore. https://doi.org/10.1007/978-981-13-1921-1_35

  72. Lin C-H, Liu J-C, Ho C-H (2008) Anomaly detection using LibSVM training tools. In: 2008 international conference on information security and assurance (isa 2008), pp 166–171. IEEE

  73. Avallone S, Guadagno S, Emma D, Pescapè A, Ventre G (2004) D-ITG distributed internet traffic generator. In: First international conference on the quantitative evaluation of systems, 2004. QEST 2004. Proceedings, pp 316–317. IEEE

  74. Avallone S, Pescape A, Ventre G (2003) Distributed internet traffic generator (D-ITG): analysis and experimentation over heterogeneous networks. In: Poster at international conference on network protocols, ICNP

  75. Ops B (2016) Denial-of-service Attack–DOS using hping3 with spoofed IP in Kali Linux. BlackMORE Ops. BlackMORE Ops, 17

  76. Sanfilippo S (2005) Hping3 (8)-Linux Man Page,” línea]. Disponible en: https://linux.die.net/man/8/hping3. [Accedido: 11-sep-2017]

  77. Tools K (2014) hping3. ICMP or SYN flooding tool,” ed

  78. Buchanan B, Flandrin F, Macfarlane R, Graves J (2010) A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service (DDoS). In: Cyberforensics 2011. http://researchrepository.napier.ac.uk/output/201098

  79. Hofmann M, Klinkenberg R (2013) RapidMiner: data mining use cases and business analytics applications. CRC Press, Boca Raton

    Google Scholar 

  80. Raschka S (2015) Python machine learning. Packt Publishing Ltd, Birmingham

    Google Scholar 

  81. Karegowda AG, Manjunath A, Jayaram M (2010) Comparative study of attribute selection using gain ratio and correlation based feature selection. Int J Inf Technol Knowl Manag 2(2):271–277

    Google Scholar 

  82. Mladenić D (2006) Feature Selection for dimensionality reduction. In: Saunders C, Grobelnik M, Gunn S, Shawe-Taylor J (eds) Subspace, latent structure and feature selection SLSFS 2005. Lecture notes in computer science, vol 3940. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11752790_5

  83. Yang J, Honavar V (1998) Feature subset selection using a genetic algorithm. In: Liu H., Motoda H. (eds) Feature extraction, construction and selection. The Springer international series in engineering and computer science, vol 453. Springer, Boston, MA. https://doi.org/10.1007/978-1-4615-5725-8_8c

  84. Novakovic J, Veljovic A (2011) C-support vector classification: selection of kernel and parameters in medical diagnosis. In: 2011 IEEE 9th international symposium on intelligent systems and informatics, pp 465–470. IEEE

  85. Banados JA, Espinosa KJ (2014) Optimizing support vector machine in classifying sentiments on product brands from Twitter. In: IISA 2014, the 5th international conference on information, intelligence, systems and applications, pp 75–80. IEEE

  86. Zhao S, Hao X, Li X (2008) Segmentation of fingerprint images using support vector machines. In: 2008 second international symposium on intelligent information technology application, vol 2, pp 427–423. EEE

  87. Xi X-C, Poo A-N, Chou S-K (2007) Support vector regression model predictive control on a HVAC plant. Control Eng Pract 15(8):897–908

    Google Scholar 

  88. Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273–297

    MATH  Google Scholar 

  89. Boser BE, Guyon IM, Vapnik VN (1992) A training algorithm for optimal margin classifiers. In: Proceedings of the fifth annual workshop on computational learning theory, pp 144–152. ACM

  90. Boser BE, Guyon IM, Vapnik VN (2003) A training algorithm for optimal margin classifiers. In: Proceedings of the 5th annual ACM workshop on computational learning theory, pp 144–152

  91. Hussain J, Lalmuanawma S, Chhakchhuak L (2016) A two-stage hybrid classification technique for network intrusion detection system. Int J Comput Intell Syst 9(5):863–875

    Google Scholar 

  92. Witten IH, Frank E, Hall MA, Pal CJ (2016) Data mining: practical machine learning tools and techniques. Morgan Kaufmann, Burlington

    Google Scholar 

  93. Chang C-C, Lin C-J (2011) LIBSVM: a library for support vector machines. ACM Trans Intell Syst Technol (TIST) 2(3):27

    Google Scholar 

  94. Haykin S (1994) Neural networks: a comprehensive foundation. Prentice Hall PTR, Upper Saddle River

    MATH  Google Scholar 

  95. Bishop CM (2006) Pattern recognition and machine learning. Springer, Berlin

    MATH  Google Scholar 

  96. Russell SJ, Norvig P (2016) Artificial intelligence: a modern approach. Pearson Education Limited, Malaysia

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Urmia Branch, Islamic Azad University, Urmia, Iran

    Tohid Jafarian, Mohammad Masdari & Kambiz Majidzadeh

  2. Department of Computer Engineering, Tabriz Branch, Islamic Azad University, Tabriz, Iran

    Ali Ghaffari

Authors
  1. Tohid Jafarian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Masdari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ali Ghaffari
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kambiz Majidzadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Masdari.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jafarian, T., Masdari, M., Ghaffari, A. et al. SADM-SDNC: security anomaly detection and mitigation in software-defined networking using C-support vector classification. Computing 103, 641–673 (2021). https://doi.org/10.1007/s00607-020-00866-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-020-00866-x

Keywords

Mathematics Subject Classification

Search

Navigation