e-space
Manchester Metropolitan University's Research Repository

    Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN

    Ujjan, Raja Majid Ali, Pervez, Zeeshan, Dahal, Keshav, Bashir, Ali Kashif ORCID logoORCID: https://orcid.org/0000-0001-7595-2522, Mumtaz, Rao and González, J (2020) Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Future Generation Computer Systems, 111. pp. 763-779. ISSN 0167-739X

    [img]
    Preview
    Accepted Version
    Available under License In Copyright.

    Download (2MB) | Preview

    Abstract

    Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS) and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95% of True Positive rate with less than4% of False Positive rate within sFlow based implementation compared to adaptive polling.

    Impact and Reach

    Statistics

    Activity Overview
    6 month trend
    1,028Downloads
    6 month trend
    280Hits

    Additional statistics for this dataset are available via IRStats2.

    Altmetric

    Repository staff only

    Edit record Edit record