FMDADM: A Multi-Layer DDoS Attack Detection and Mitigation Framework Using Machine Learning for Stateful SDN-Based IoT Networks

Faculty Computer Science Year: 2023
Type of Publication: ZU Hosted Pages: 28934-28954
Authors:
Amir El Sayed Godaa Hassan
Journal: IEEE Access IEEE Volume: Volume: 11
Keywords : FMDADM: , Multi-Layer DDoS Attack Detection , Mitigation    
Abstract:
The absence of standards and the diverse nature of the Internet of Things (IoT) have made security and privacy concerns more acute. Attacks such as distributed denial of service (DDoS) are becoming increasingly widespread in IoT, and the need for ways to stop them is growing. The use of newly formed Software-Defined Networking (SDN) significantly lowers the computational burden on IoT network nodes and makes it possible to perform more security measurements. This paper proposes an SDN-based, four-module DDoS attack detection and mitigation framework for IoT networks called FMDADM. The proposed FMDADM framework comprises four main modules and five-tier architecture. The first module implements an early detection process based on the average drop rate (ADR) principle using a 32-packet window size. The second module uses a novel double-check mapping function (DCMF), that aids in earlier attack detection at the data plane level. The third module is an ML-based detection application comprising four phases: data preprocessing, feature extraction, training and testing, and classification. This module detects DDoS attacks using only seven features: two selected and five newly computed features. The last module introduces an attack mitigation process. We applied the proposed framework to three test cases: one single-node attack test case and two multi-node attack test cases, all with real IoT traffic generated and deployed in Mininet-IoT. The proposed FMDADM framework efficiently detects DDoS attacks at high and low rates, can discriminate between attack traffic and flash crowds, and protects both local and remote IoT nodes by preventing infection from propagating to the ISP level. The FMDADM outperformed most existing cutting-edge approaches across ten different evaluation criteria. According to the experimental results, FMDADM achieved the following accuracy, precision, F-measure, recall, specificity, negative predictive value, false positive rate, false detection rate, false negative rate, and average detection time benchmarks:- 99.79%, 99.43%, 99.77%, 99.79%, 99.95%, 00.21%, 00.91%, 00.23%
    
     
 
       

Author Related Publications

  • Amir El Sayed Godaa Hassan, "FOUR-PHASE PROTOCOL FOR DETECTION, DELETION, PROTECTION AND RECOVERY FROM AUTORUN VIRUS", Journal of Theoretical and Applied Information Technology, 2018 More
  • Amir El Sayed Godaa Hassan, "FOUR-PHASE PROTOCOL FOR DETECTION, DELETION, PROTECTION AND RECOVERY FROM AUTORUN VIRUS", Journal of Theoretical and Applied Information Technology, 2018 More
  • Amir El Sayed Godaa Hassan, "P4-HLDMC: A Novel Framework for DDoS and ARP Attack Detection and Mitigation in SD-IoT Networks Using Machine Learning, Stateful P4, and Distributed Multi-Controller Architecture", MDPI, 2023 More

Department Related Publications

  • Walid Ibrahim Ibrahim Khedr, "Ad-hoc on Demand Authentication Chain Protocol - An Authentication Protocol for Ad-Hoc Networks", Institute for Systems and Technologies of Information, Control and Communication, 2015 More
  • Khalied Mohamed Hosny, "Robust Color Image Hashing Using Quaternion Polar Complex Exponential Transform for Image Authentication", Springer, 2018 More
  • Ehab Roshdy Mohamed, "Efficient compression of volumetric medical images using Legendre moments and differential evolution", Springer, 2020 More
  • Khalied Mohamed Hosny, "Efficient compression of volumetric medical images using Legendre moments and differential evolution", Springer, 2020 More
  • Asmaa Mohamed Khalid Mohamed Abbas, "Efficient compression of volumetric medical images using Legendre moments and differential evolution", Springer, 2020 More
Tweet