Loading [a11y]/accessibility-menu.js
A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning | IEEE Journals & Magazine | IEEE Xplore
Subscribe
ADVANCED SEARCH
Journals & Magazines >IEEE Access >Volume: 8

A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning

Jesús Arturo Pérez-Díaz; Ismael Amezcua Valdovinos; Kim-Kwang Raymond Choo; Dakai Zhu
All Authors
Open Access
Comment(s)
Under a Creative Commons License
A flexible modular architecture that allows the identification and mitigation of LR-DDoS attacks in SDN environments. The controller uses the identification API to intera...

Abstract:

While there have been extensive studies of denial of service (DoS) attacks and DDoS attack mitigation, such attacks remain challenging to mitigate. For example, Low-Rate ...Show More

Metadata

Abstract:

While there have been extensive studies of denial of service (DoS) attacks and DDoS attack mitigation, such attacks remain challenging to mitigate. For example, Low-Rate DDoS (LR-DDoS) attacks are known to be difficult to detect, particularly in a software-defined network (SDN). Hence, in this paper we present a flexible modular architecture that allows the identification and mitigation of LR-DDoS attacks in SDN settings. Specifically, we train the intrusion detection system (IDS) in our architecture using six machine learning (ML) models (i.e., J48, Random Tree, REP Tree, Random Forest, Multi-Layer Perceptron (MLP), and Support Vector Machines (SVM)) and evaluate their performance using the Canadian Institute of Cybersecurity (CIC) DoS dataset. The findings from the evaluation demonstrate that our approach achieves a detection rate of 95%, despite the difficulty in detecting LR-DoS attacks. We also remark that in our deployment, we use the open network operating system (ONOS) controller running on Mininet virtual machine in order for our simulated environment to be as close to real-world production networks as possible. In our testing topology, the intrusion prevention detection system mitigates all attacks previously detected by the IDS system. This demonstrates the utility of our architecture in identifying and mitigating LR-DDoS attacks.
A flexible modular architecture that allows the identification and mitigation of LR-DDoS attacks in SDN environments. The controller uses the identification API to intera...
Published in: IEEE Access ( Volume: 8)
Page(s): 155859 - 155872
Date of Publication: 25 August 2020
Electronic ISSN: 2169-3536
DOI: 10.1109/ACCESS.2020.3019330

Funding Agency:

Author image of Jesús Arturo Pérez-Díaz
Escuela de Ingeniería y Ciencias, Tecnologico de Monterrey, Monterrey, México
Jesús Arturo Pérez-Díaz received the B.Sc. degree in computer science from the Autonomous University of Aguascalientes, in 1995, for which he received the Best Student Award, and the Ph.D. degree in new advances in computer science systems from the Universidad de Oviedo, in 2000. He became a Full Associate Professor at the University of Oviedo, from 2000 to 2002. He was recognized by the COIMBRA group as one of the Best Y...Show More
Jesús Arturo Pérez-Díaz received the B.Sc. degree in computer science from the Autonomous University of Aguascalientes, in 1995, for which he received the Best Student Award, and the Ph.D. degree in new advances in computer science systems from the Universidad de Oviedo, in 2000. He became a Full Associate Professor at the University of Oviedo, from 2000 to 2002. He was recognized by the COIMBRA group as one of the Best Y...View more
Author image of Ismael Amezcua Valdovinos
Facultad de Telemática, Universidad de Colima, Colima, México
Ismael Amezcua Valdovinos received the B.Sc. degree in computer science from the Universidad de Colima, in 2007, and the Ph.D. degree from the Tecnológico de Monterrey, Campus Cuernavaca, in 2013, where he worked on developing communication protocols for multi-homed devices. He is currently a Professor with the Facultad de Telemática, Universidad de Colima, México. His research interests include wireless sensor networks, ...Show More
Ismael Amezcua Valdovinos received the B.Sc. degree in computer science from the Universidad de Colima, in 2007, and the Ph.D. degree from the Tecnológico de Monterrey, Campus Cuernavaca, in 2013, where he worked on developing communication protocols for multi-homed devices. He is currently a Professor with the Facultad de Telemática, Universidad de Colima, México. His research interests include wireless sensor networks, ...View more
Author image of Kim-Kwang Raymond Choo
Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, USA
Department of Computer Science, The University of Texas at San Antonio, San Antonio, USA
Kim-Kwang Raymond Choo (Senior Member, IEEE) received the Ph.D. degree in information security from the Queensland University of Technology, Australia, in 2006. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He was a recipient of the...Show More
Kim-Kwang Raymond Choo (Senior Member, IEEE) received the Ph.D. degree in information security from the Queensland University of Technology, Australia, in 2006. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He was a recipient of the...View more
Author image of Dakai Zhu
Department of Computer Science, The University of Texas at San Antonio, San Antonio, USA
Dakai Zhu (Senior Member, IEEE) received the Ph.D. degree in computer science from the University of Pittsburgh, Pittsburgh, PA, USA, in 2004. He joined The University of Texas at San Antonio, in 2005, where he is currently a Professor with the Department of Computer Science. His current research interests include real-time embedded systems, low-power computing, fault-tolerant, and cloud computing. He was a recipient of t...Show More
Dakai Zhu (Senior Member, IEEE) received the Ph.D. degree in computer science from the University of Pittsburgh, Pittsburgh, PA, USA, in 2004. He joined The University of Texas at San Antonio, in 2005, where he is currently a Professor with the Department of Computer Science. His current research interests include real-time embedded systems, low-power computing, fault-tolerant, and cloud computing. He was a recipient of t...View more
Contents

Author image of Jesús Arturo Pérez-Díaz
Escuela de Ingeniería y Ciencias, Tecnologico de Monterrey, Monterrey, México
Jesús Arturo Pérez-Díaz received the B.Sc. degree in computer science from the Autonomous University of Aguascalientes, in 1995, for which he received the Best Student Award, and the Ph.D. degree in new advances in computer science systems from the Universidad de Oviedo, in 2000. He became a Full Associate Professor at the University of Oviedo, from 2000 to 2002. He was recognized by the COIMBRA group as one of the Best Young Latin-American Researchers, in 2006, and received a research stay at Louvain le nouveau University, Belgium. He has been awarded by the CIGRE and by Intel for the development of innovative systems. He is currently a Researcher and Professor with the ITESM–Campus Querétaro, México, and a member of the Mexican Researchers National System. His research interests include cyber security in SDN and design of communications protocols, where he has supervised several master and Ph.D. theses in the field.
Jesús Arturo Pérez-Díaz received the B.Sc. degree in computer science from the Autonomous University of Aguascalientes, in 1995, for which he received the Best Student Award, and the Ph.D. degree in new advances in computer science systems from the Universidad de Oviedo, in 2000. He became a Full Associate Professor at the University of Oviedo, from 2000 to 2002. He was recognized by the COIMBRA group as one of the Best Young Latin-American Researchers, in 2006, and received a research stay at Louvain le nouveau University, Belgium. He has been awarded by the CIGRE and by Intel for the development of innovative systems. He is currently a Researcher and Professor with the ITESM–Campus Querétaro, México, and a member of the Mexican Researchers National System. His research interests include cyber security in SDN and design of communications protocols, where he has supervised several master and Ph.D. theses in the field.View more
Author image of Ismael Amezcua Valdovinos
Facultad de Telemática, Universidad de Colima, Colima, México
Ismael Amezcua Valdovinos received the B.Sc. degree in computer science from the Universidad de Colima, in 2007, and the Ph.D. degree from the Tecnológico de Monterrey, Campus Cuernavaca, in 2013, where he worked on developing communication protocols for multi-homed devices. He is currently a Professor with the Facultad de Telemática, Universidad de Colima, México. His research interests include wireless sensor networks, Industrial Internet of Things (IIoT), and software-defined networks (SDN).
Ismael Amezcua Valdovinos received the B.Sc. degree in computer science from the Universidad de Colima, in 2007, and the Ph.D. degree from the Tecnológico de Monterrey, Campus Cuernavaca, in 2013, where he worked on developing communication protocols for multi-homed devices. He is currently a Professor with the Facultad de Telemática, Universidad de Colima, México. His research interests include wireless sensor networks, Industrial Internet of Things (IIoT), and software-defined networks (SDN).View more
Author image of Kim-Kwang Raymond Choo
Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, USA
Department of Computer Science, The University of Texas at San Antonio, San Antonio, USA
Kim-Kwang Raymond Choo (Senior Member, IEEE) received the Ph.D. degree in information security from the Queensland University of Technology, Australia, in 2006. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He was a recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, the Outstanding Associate Editor of 2018 for the IEEE Access, the British Computer Society’s 2019 Wilkes Award Runner-up, the 2019 EURASIP JWCN Best Paper Award, the Korea Information Processing Society’s JIPS Survey Paper Award (Gold) 2019, the IEEE Blockchain 2019 Outstanding Paper Award, the Inscrypt 2019 Best Student Paper Award, the IEEE TrustCom 2018 Best Paper Award, the ESORICS 2015 Best Research Paper Award, the 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, the Fulbright Scholarship, in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society’s Wilkes Award, in 2008.
Kim-Kwang Raymond Choo (Senior Member, IEEE) received the Ph.D. degree in information security from the Queensland University of Technology, Australia, in 2006. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He was a recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, the Outstanding Associate Editor of 2018 for the IEEE Access, the British Computer Society’s 2019 Wilkes Award Runner-up, the 2019 EURASIP JWCN Best Paper Award, the Korea Information Processing Society’s JIPS Survey Paper Award (Gold) 2019, the IEEE Blockchain 2019 Outstanding Paper Award, the Inscrypt 2019 Best Student Paper Award, the IEEE TrustCom 2018 Best Paper Award, the ESORICS 2015 Best Research Paper Award, the 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, the Fulbright Scholarship, in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society’s Wilkes Award, in 2008.View more
Author image of Dakai Zhu
Department of Computer Science, The University of Texas at San Antonio, San Antonio, USA
Dakai Zhu (Senior Member, IEEE) received the Ph.D. degree in computer science from the University of Pittsburgh, Pittsburgh, PA, USA, in 2004. He joined The University of Texas at San Antonio, in 2005, where he is currently a Professor with the Department of Computer Science. His current research interests include real-time embedded systems, low-power computing, fault-tolerant, and cloud computing. He was a recipient of the U.S. National Science Foundation Faculty Early Career Development Award in 2010.
Dakai Zhu (Senior Member, IEEE) received the Ph.D. degree in computer science from the University of Pittsburgh, Pittsburgh, PA, USA, in 2004. He joined The University of Texas at San Antonio, in 2005, where he is currently a Professor with the Department of Computer Science. His current research interests include real-time embedded systems, low-power computing, fault-tolerant, and cloud computing. He was a recipient of the U.S. National Science Foundation Faculty Early Career Development Award in 2010.View more

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.