Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm
Flooding attack is a network attack that sends a large amount of traffic to the victim networks or services to cause denial-of-service. In Software-Defined Networking (SDN) environment, this attack might not only breach the hosts and services but also the SDN controller. Besides, it will also cause...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Published: |
Academy and Industry Research Collaboration Center
2020
|
| Subjects: | |
| Online Access: | http://eprints.um.edu.my/25450/ https://doi.org/10.5121/ijcnc.2020.12305 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.um.eprints.25450 |
|---|---|
| record_format |
eprints |
| spelling |
my.um.eprints.254502020-08-25T06:44:50Z http://eprints.um.edu.my/25450/ Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm Oo, Nan Haymarn Risdianto, Aris Cahyadi Ling, Teck Chaw Maw, Aung Htein QA75 Electronic computers. Computer science QA76 Computer software Flooding attack is a network attack that sends a large amount of traffic to the victim networks or services to cause denial-of-service. In Software-Defined Networking (SDN) environment, this attack might not only breach the hosts and services but also the SDN controller. Besides, it will also cause a disconnection of links between the controller and the switches. Thus, an effective detection and mitigation technique of flooding attacks is required. Statistical analysis techniques are widely used for the detection and mitigation of flooding attacks. However, the effectiveness of these techniques strongly depends on the defined threshold. Defining the static threshold is a tedious job and most of the time produces a high false positive alarm. In this paper, we proposed the dynamic threshold which is calculated using modified adaptive threshold algorithm (MATA). The original ATA is based on the Exponential Weighted Moving Average (EWMA) formula which produces the high number of false alarms. To reduce the false alarms, the alarm signal will only be generated after a minimum number of consecutive violations of the threshold. This, however, has increased the false negative rate when the network is under attack. In order to reduce this false negative rate, MATA adapted the baseline traffic info of the network infrastructure. The comparative analysis of MATA and ATA are performed through the measurement of false negative rate, and accuracy of detection rate. Our experimental results show that MATA is able to reduce false negative rates up to 17.74% and increase the detection accuracy of 16.11%over the various types of flooding attacks at the transport layer. © 2020, Academy and Industry Research Collaboration Center (AIRCC). Academy and Industry Research Collaboration Center 2020 Article PeerReviewed Oo, Nan Haymarn and Risdianto, Aris Cahyadi and Ling, Teck Chaw and Maw, Aung Htein (2020) Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm. International Journal of Computer Networks & Communications, 12 (3). pp. 75-95. ISSN 0975-2293 https://doi.org/10.5121/ijcnc.2020.12305 doi:10.5121/ijcnc.2020.12305 |
| institution |
Universiti Malaya |
| building |
UM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaya |
| content_source |
UM Research Repository |
| url_provider |
http://eprints.um.edu.my/ |
| topic |
QA75 Electronic computers. Computer science QA76 Computer software |
| spellingShingle |
QA75 Electronic computers. Computer science QA76 Computer software Oo, Nan Haymarn Risdianto, Aris Cahyadi Ling, Teck Chaw Maw, Aung Htein Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm |
| description |
Flooding attack is a network attack that sends a large amount of traffic to the victim networks or services to cause denial-of-service. In Software-Defined Networking (SDN) environment, this attack might not only breach the hosts and services but also the SDN controller. Besides, it will also cause a disconnection of links between the controller and the switches. Thus, an effective detection and mitigation technique of flooding attacks is required. Statistical analysis techniques are widely used for the detection and mitigation of flooding attacks. However, the effectiveness of these techniques strongly depends on the defined threshold. Defining the static threshold is a tedious job and most of the time produces a high false positive alarm. In this paper, we proposed the dynamic threshold which is calculated using modified adaptive threshold algorithm (MATA). The original ATA is based on the Exponential Weighted Moving Average (EWMA) formula which produces the high number of false alarms. To reduce the false alarms, the alarm signal will only be generated after a minimum number of consecutive violations of the threshold. This, however, has increased the false negative rate when the network is under attack. In order to reduce this false negative rate, MATA adapted the baseline traffic info of the network infrastructure. The comparative analysis of MATA and ATA are performed through the measurement of false negative rate, and accuracy of detection rate. Our experimental results show that MATA is able to reduce false negative rates up to 17.74% and increase the detection accuracy of 16.11%over the various types of flooding attacks at the transport layer. © 2020, Academy and Industry Research Collaboration Center (AIRCC). |
| format |
Article |
| author |
Oo, Nan Haymarn Risdianto, Aris Cahyadi Ling, Teck Chaw Maw, Aung Htein |
| author_facet |
Oo, Nan Haymarn Risdianto, Aris Cahyadi Ling, Teck Chaw Maw, Aung Htein |
| author_sort |
Oo, Nan Haymarn |
| title |
Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm |
| title_short |
Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm |
| title_full |
Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm |
| title_fullStr |
Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm |
| title_full_unstemmed |
Flooding Attack Detection and Mitigation in SDN with Modified Adaptive Threshold Algorithm |
| title_sort |
flooding attack detection and mitigation in sdn with modified adaptive threshold algorithm |
| publisher |
Academy and Industry Research Collaboration Center |
| publishDate |
2020 |
| url |
http://eprints.um.edu.my/25450/ https://doi.org/10.5121/ijcnc.2020.12305 |
| _version_ |
1680857033202466816 |
| score |
13.154949 |