The Journal of Korea Institute of Information, Electronics, and Communication Technology (한국정보전자통신기술학회논문지)

Korea Information Electronic Communication Technology (한국정보전자통신기술학회)
권호 표지
DOI QR코드

DOI QR Code

A DDoS Attack Detection Technique through CNN Model in Software Define Network

소프트웨어-정의 네트워크에서 CNN 모델을 이용한 DDoS 공격 탐지 기술

  • Ko, Kwang-Man (Department of Computer Engineering, Sang-Ji University)
  • Received : 2020.12.02
  • Accepted : 2020.12.26
  • Published : 2020.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Software Defined Networking (SDN) is setting the standard for the management of networks due to its scalability, flexibility and functionality to program the network. The Distributed Denial of Service (DDoS) attack is most widely used to attack the SDN controller to bring down the network. Different methodologies have been utilized to detect DDoS attack previously. In this paper, first the dataset is obtained by Kaggle with 84 features, and then according to the rank, the 20 highest rank features are selected using Permutation Importance Algorithm. Then, the datasets are trained and tested with Convolution Neural Network (CNN) classifier model by utilizing deep learning techniques. Our proposed solution has achieved the best results, which will allow the critical systems which need more security to adopt and take full advantage of the SDN paradigm without compromising their security.

소프트웨어 정의 네트워크가 확장성, 유연성, 네트워크상 프로그래밍이 가능한 특징으로 네트워크 관리에서 표준으로 자리잡아 가고 있지만 많은 장점에도 불구하고 하나의 컨트롤러에 대한 사이버 공격이 전체 네트워크를 영향을 주는 문제점을 가지고 있다. 특히, 컨트롤러에 대한 DDoS 공격이 대표적인 사례로서 다양한 공격 탐지 기술에 대한 연구가 진행되고 있다. 본 논문에서는 최초로 84개 DDoS 공격 Feature 데이터셋을 Kaggle에서 획득한 후 Permutation Feature Importance 알고리즘을 이용하여 상위 20의 중요도를 갖는 Feature를 선택하여 딥 러닝 기반의 CNN 모델에서 학습과 검증을 수행하였다. 이를 통해, 최적의 공격 탐지율을 갖는 상위 13개의 DDoS Feature 선택이 DDoS 공격 탐지율 96%을 유지하면서 적정한 공격 탐지 시간, 정확성 등에서 매우 우수한 결과를 제시하였다.

Keywords

References

  1. "Toward an Optimal Solution Against Denial of Service Attacks in Software Defined Networks-ScienceDirect." [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167739X18302930 #bb40. [Accessed: 30-Mar-2019].
  2. O. Rahman, M. A. G. Quraishi, C.-H. Lung, "Ddos attacks detection and mitigation insdn using machine learning," IEEE World Congress on Services, Vol. 2642, pp.184-189, 2019.
  3. Nugraha, M., Paramita, I., Musa, A., Choi, D. and Cho, B., "Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack," Journal of Korea Multimedia Society, 17(8), pp.988-994, 2014. https://doi.org/10.9717/kmms.2014.17.8.988
  4. sFlow Version 5. [Online]. http://sflow.org/sflow version 5.txt, 2017.
  5. Dharma N.G., Muthohar M.F., Prayuda J.A. Priagung, K., Choi, D., "Time-based DDoS detection and mitigation for SDN controller. Network Operations and Management Symposium, pp.550-553, 2015.
  6. Huseyin Polat, Onur Polat, Aydin Cetin, "Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models," MDPI Sustainability, 2020.
  7. Ye, J., Cheng, X. Zhu, J., Feng, L., Song, L., "A DDoS attack detection method based on SVM in software-defined network," Secure Communication Network. pp.1-8, 2018.
  8. Braga R., Mota E., Passito A., "Lightweight DDoS flooding attack detection using NOX/OpenFlow. Local Computer Networks (LCN2010), pp.408-415, 2010.
  9. Wang R., Jia Z., Ju, L., "An Entropy-Based DDoS Detection Mechanism in SDN", Trustcom/BigDataSE/ISPA 2015, Vol. 1, pp. 310-317, 2015.
  10. Mousavi S.M., St-Hilaire M., "Early detection of DDoS attacks against SDN controllers", In Computing Networking and Communications, pp.77-81, 2015.
  11. Soon-Gohn Kim, "A Study on the Detection Technique of DDoS Attacks on the Software-Defined Networks," The Journal of KIIECT, Vol. 13, No.1, pp.81-87, 2020.