Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network

As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2020, Vol.8, p.17404-17418
Hauptverfasser:	Zhijun, Wu, Qing, Xu, Jingjie, Wang, Meng, Yue, Liang, Liu
Format:	Artikel
Sprache:	eng
Schlagworte:	Accuracy Algorithms Computer crime Computer Science Computer Science, Information Systems Cybersecurity Denial of service attacks Denial-of-service attack detection Engineering Engineering, Electrical & Electronic Factorization factorization machine Feature extraction Frequency modulation Low-rate denial of service Machine learning Machine learning algorithms multi-feature Science & Technology Software software defined network Software-defined networking Support vector machines Switches Technology Telecommunications
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	17418
container_issue
container_start_page	17404
container_title	IEEE access
container_volume	8
creator	Zhijun, Wu Qing, Xu Jingjie, Wang Meng, Yue Liang, Liu
description	As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.
doi_str_mv	10.1109/ACCESS.2020.2967478
format	Article
fullrecord	<record><control><sourceid>proquest_webof</sourceid><recordid>TN_cdi_webofscience_primary_000524753200074</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8962081</ieee_id><doaj_id>oai_doaj_org_article_ba7cbba4e38940d384d06cdff4eee02a</doaj_id><sourcerecordid>2454765028</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-658f15f90ecf14916704038171c09fd4b9bc00b4f5c0bf6b4da0eb937a187af63</originalsourceid><addsrcrecordid>eNqNkUtvEzEUhUcIJKrSX9DNSCxRwvVj_FiGSVsqBZAILFhZtucanJZx8TiK4NfjZqqIJd746uic48fXNJcEloSAfrvq-6vtdkmBwpJqIblUz5ozSoResI6J5__ML5uLadpBXapKnTxrvm3SYfHZFmzX67RtV6VYf9eusaAvMY3tOzvh0Nbh2vqScvxjj_IH63_EEds4ttsUysHmWoChSkP7Ecsh5btXzYtg7ye8eNrPm6_XV1_694vNp5vbfrVZeA6qLESnAumCBvSBcE2EBA5MEUk86DBwp50HcDx0HlwQjg8W0GkmLVHSBsHOm9u5d0h2Zx5y_Gnzb5NsNEch5e_G5hL9PRpnpXfOcmRKcxiY4gMIP4TAERGorV2v566HnH7tcSpml_Z5rNc3lHdcig6oqi42u3xO05QxnE4lYB6RmBmJeURinpDUlJpTB3QpTD7i6PGUrEg6ymXHaJ0k72M5fnSf9mOp0Tf_H63uy9kd66tOLqUFrdTZX1Hrp68</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2454765028</pqid></control><display><type>article</type><title>Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Zhijun, Wu ; Qing, Xu ; Jingjie, Wang ; Meng, Yue ; Liang, Liu</creator><creatorcontrib>Zhijun, Wu ; Qing, Xu ; Jingjie, Wang ; Meng, Yue ; Liang, Liu</creatorcontrib><description>As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2020.2967478</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>PISCATAWAY: IEEE</publisher><subject>Accuracy ; Algorithms ; Computer crime ; Computer Science ; Computer Science, Information Systems ; Cybersecurity ; Denial of service attacks ; Denial-of-service attack ; detection ; Engineering ; Engineering, Electrical & Electronic ; Factorization ; factorization machine ; Feature extraction ; Frequency modulation ; Low-rate denial of service ; Machine learning ; Machine learning algorithms ; multi-feature ; Science & Technology ; Software ; software defined network ; Software-defined networking ; Support vector machines ; Switches ; Technology ; Telecommunications</subject><ispartof>IEEE access, 2020, Vol.8, p.17404-17418</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>true</woscitedreferencessubscribed><woscitedreferencescount>63</woscitedreferencescount><woscitedreferencesoriginalsourcerecordid>wos000524753200074</woscitedreferencesoriginalsourcerecordid><citedby>FETCH-LOGICAL-c408t-658f15f90ecf14916704038171c09fd4b9bc00b4f5c0bf6b4da0eb937a187af63</citedby><cites>FETCH-LOGICAL-c408t-658f15f90ecf14916704038171c09fd4b9bc00b4f5c0bf6b4da0eb937a187af63</cites><orcidid>0000-0002-1473-3729 ; 0000-0003-3676-9180 ; 0000-0003-0669-4747 ; 0000-0002-8822-8354 ; 0000-0002-0691-1767</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8962081$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>315,781,785,865,2103,2115,4025,27637,27927,27928,27929,54937</link.rule.ids></links><search><creatorcontrib>Zhijun, Wu</creatorcontrib><creatorcontrib>Qing, Xu</creatorcontrib><creatorcontrib>Jingjie, Wang</creatorcontrib><creatorcontrib>Meng, Yue</creatorcontrib><creatorcontrib>Liang, Liu</creatorcontrib><title>Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network</title><title>IEEE access</title><addtitle>Access</addtitle><addtitle>IEEE ACCESS</addtitle><description>As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.</description><subject>Accuracy</subject><subject>Algorithms</subject><subject>Computer crime</subject><subject>Computer Science</subject><subject>Computer Science, Information Systems</subject><subject>Cybersecurity</subject><subject>Denial of service attacks</subject><subject>Denial-of-service attack</subject><subject>detection</subject><subject>Engineering</subject><subject>Engineering, Electrical & Electronic</subject><subject>Factorization</subject><subject>factorization machine</subject><subject>Feature extraction</subject><subject>Frequency modulation</subject><subject>Low-rate denial of service</subject><subject>Machine learning</subject><subject>Machine learning algorithms</subject><subject>multi-feature</subject><subject>Science & Technology</subject><subject>Software</subject><subject>software defined network</subject><subject>Software-defined networking</subject><subject>Support vector machines</subject><subject>Switches</subject><subject>Technology</subject><subject>Telecommunications</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>AOWDO</sourceid><sourceid>DOA</sourceid><recordid>eNqNkUtvEzEUhUcIJKrSX9DNSCxRwvVj_FiGSVsqBZAILFhZtucanJZx8TiK4NfjZqqIJd746uic48fXNJcEloSAfrvq-6vtdkmBwpJqIblUz5ozSoResI6J5__ML5uLadpBXapKnTxrvm3SYfHZFmzX67RtV6VYf9eusaAvMY3tOzvh0Nbh2vqScvxjj_IH63_EEds4ttsUysHmWoChSkP7Ecsh5btXzYtg7ye8eNrPm6_XV1_694vNp5vbfrVZeA6qLESnAumCBvSBcE2EBA5MEUk86DBwp50HcDx0HlwQjg8W0GkmLVHSBsHOm9u5d0h2Zx5y_Gnzb5NsNEch5e_G5hL9PRpnpXfOcmRKcxiY4gMIP4TAERGorV2v566HnH7tcSpml_Z5rNc3lHdcig6oqi42u3xO05QxnE4lYB6RmBmJeURinpDUlJpTB3QpTD7i6PGUrEg6ymXHaJ0k72M5fnSf9mOp0Tf_H63uy9kd66tOLqUFrdTZX1Hrp68</recordid><startdate>2020</startdate><enddate>2020</enddate><creator>Zhijun, Wu</creator><creator>Qing, Xu</creator><creator>Jingjie, Wang</creator><creator>Meng, Yue</creator><creator>Liang, Liu</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AOWDO</scope><scope>BLEPL</scope><scope>DTL</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-1473-3729</orcidid><orcidid>https://orcid.org/0000-0003-3676-9180</orcidid><orcidid>https://orcid.org/0000-0003-0669-4747</orcidid><orcidid>https://orcid.org/0000-0002-8822-8354</orcidid><orcidid>https://orcid.org/0000-0002-0691-1767</orcidid></search><sort><creationdate>2020</creationdate><title>Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network</title><author>Zhijun, Wu ; Qing, Xu ; Jingjie, Wang ; Meng, Yue ; Liang, Liu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-658f15f90ecf14916704038171c09fd4b9bc00b4f5c0bf6b4da0eb937a187af63</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Accuracy</topic><topic>Algorithms</topic><topic>Computer crime</topic><topic>Computer Science</topic><topic>Computer Science, Information Systems</topic><topic>Cybersecurity</topic><topic>Denial of service attacks</topic><topic>Denial-of-service attack</topic><topic>detection</topic><topic>Engineering</topic><topic>Engineering, Electrical & Electronic</topic><topic>Factorization</topic><topic>factorization machine</topic><topic>Feature extraction</topic><topic>Frequency modulation</topic><topic>Low-rate denial of service</topic><topic>Machine learning</topic><topic>Machine learning algorithms</topic><topic>multi-feature</topic><topic>Science & Technology</topic><topic>Software</topic><topic>software defined network</topic><topic>Software-defined networking</topic><topic>Support vector machines</topic><topic>Switches</topic><topic>Technology</topic><topic>Telecommunications</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Zhijun, Wu</creatorcontrib><creatorcontrib>Qing, Xu</creatorcontrib><creatorcontrib>Jingjie, Wang</creatorcontrib><creatorcontrib>Meng, Yue</creatorcontrib><creatorcontrib>Liang, Liu</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>Web of Science - Science Citation Index Expanded - 2020</collection><collection>Web of Science Core Collection</collection><collection>Science Citation Index Expanded</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Zhijun, Wu</au><au>Qing, Xu</au><au>Jingjie, Wang</au><au>Meng, Yue</au><au>Liang, Liu</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><stitle>IEEE ACCESS</stitle><date>2020</date><risdate>2020</risdate><volume>8</volume><spage>17404</spage><epage>17418</epage><pages>17404-17418</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.</abstract><cop>PISCATAWAY</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2020.2967478</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0002-1473-3729</orcidid><orcidid>https://orcid.org/0000-0003-3676-9180</orcidid><orcidid>https://orcid.org/0000-0003-0669-4747</orcidid><orcidid>https://orcid.org/0000-0002-8822-8354</orcidid><orcidid>https://orcid.org/0000-0002-0691-1767</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2020, Vol.8, p.17404-17418
issn	2169-3536 2169-3536
language	eng
recordid	cdi_webofscience_primary_000524753200074
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects	Accuracy Algorithms Computer crime Computer Science Computer Science, Information Systems Cybersecurity Denial of service attacks Denial-of-service attack detection Engineering Engineering, Electrical & Electronic Factorization factorization machine Feature extraction Frequency modulation Low-rate denial of service Machine learning Machine learning algorithms multi-feature Science & Technology Software software defined network Software-defined networking Support vector machines Switches Technology Telecommunications
title	Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-17T00%3A42%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_webof&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Low-Rate%20DDoS%20Attack%20Detection%20Based%20on%20Factorization%20Machine%20in%20Software%20Defined%20Network&rft.jtitle=IEEE%20access&rft.au=Zhijun,%20Wu&rft.date=2020&rft.volume=8&rft.spage=17404&rft.epage=17418&rft.pages=17404-17418&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2020.2967478&rft_dat=%3Cproquest_webof%3E2454765028%3C/proquest_webof%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2454765028&rft_id=info:pmid/&rft_ieee_id=8962081&rft_doaj_id=oai_doaj_org_article_ba7cbba4e38940d384d06cdff4eee02a&rfr_iscdi=true