Aslam Muhammad, Ye Dengpan, Tariq Aqil, Asad Muhammad, Hanif Muhammad, Ndzi David, Chelloug Samia Allaoua, Elaziz Mohamed Abd, Al-Qaness Mohammed A A, Jilani Syeda Fizzah
School of Computing, Engineering and Physical Sciences, University of the West of Scotland, Glasgow G72 0LH, UK.
School of Cyber Sceince and Engineering, Wuhan University, Wuhan 430079, China.
Sensors (Basel). 2022 Mar 31;22(7):2697. doi: 10.3390/s22072697.
The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.
物联网(IoT)智能网络基础设施的发展面临着复杂的分布式拒绝服务(DDoS)安全攻击的巨大威胁。企业网络现有的网络安全解决方案对于物联网来说成本高昂且不可扩展。最近开发的软件定义网络(SDN)的集成减少了物联网网络设备大量的计算开销,并实现了额外的安全措施。在启用SDN的物联网网络基础设施的前期阶段,基于采样的安全方法目前导致准确率低和DDoS攻击检测率低。在本文中,我们提出了一种基于自适应机器学习的启用SDN的分布式拒绝服务攻击检测与缓解(AMLSDM)框架。所提出的AMLSDM框架在自适应机器学习分类模型的支持下,为物联网设备开发了一种启用SDN的安全机制,以实现对DDoS攻击的成功检测和缓解。所提出的框架在自适应多层前馈方案中利用机器学习算法,通过检查被检查网络流量的静态特征来成功检测DDoS攻击。在所提出的自适应多层前馈框架中,第一层利用支持向量机(SVM)、朴素贝叶斯(NB)、随机森林(RF)、k近邻(kNN)和逻辑回归(LR)分类器,从特定于训练和测试环境的数据集中构建一个检测DDoS攻击的模型。第一层的输出传递给集成投票(EV)算法,该算法累积第一层分类器的性能。在第三层,自适应框架测量实时网络流量,以检测网络流量中的DDoS攻击。所提出的框架利用远程SDN控制器通过开放流(OF)交换机缓解检测到的DDoS攻击,并为合法的网络主机重新配置网络资源。实验结果表明,与现有最先进的解决方案相比,所提出的框架在DDoS检测准确率更高和误报率更低方面具有更好的性能。
