A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)

  • M. H. H. Khairi University Technology Malaysia, Johor, Malaysia http://orcid.org/0000-0002-5904-7642
  • S. H. S. Ariffin University Technology Malaysia, Johor, Malaysia
  • N. M. Abdul Latiff University Technology Malaysia, Johor, Malaysia
  • A. S. Abdullah University Technology Malaysia, Johor, Malaysia
  • M. K. Hassan University Technology Malaysia, Johor, Malaysia
Keywords: software defined networking, distributed denial of service, anomaly detection


Software defined network (SDN) is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS). SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS) attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.


Download data is not yet available.


M. Sood, “Software defined network—Architectures”, International Conference on Parallel, Distributed and Grid Computing, Solan, India, December 11-13, 2014

D. Kreutz, F. M. V. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky, S. Uhlig, “Software-defined networking: A comprehensive survey”, Proceedings of the IEEE, Vol. 103, No. 1, pp. 14-76, 2014

V. Chandola, A. Banerjee, V. Kumar, Anomaly Detection: A Survey, University of Minnesota, 2009

V. Hodge, J. Austin, “A survey of outlier detection methodologies”, Artificial Intelligence Review, Vol. 22, No. 2, pp. 85-126, 2044

S. Ramachandran, V. Shanmugam, “Impact of DoS Attack in Software Defined Network for Virtual Network”, Wireless Personal Communications, Vol. 94, No. 4, pp. 2189-2202, 2017

S. Scott-Hayward, G. O'Callaghan, S. Sezer, “SDN security: A survey”, IEEE SDN For Future Networks and Services, Trento, Italy, pp. 1-7, November 11-13, 2013

N. Feamster, J. Rexford, E. Zegura, “The road to SDN”, ACM Queue, Vol. 11, No. 12, pp. 1-21, 2013

M. Coughlin, A survey of SDN security research, University of Colorado Boulder, 2014

M. Sood, “A survey on issues of concern in Software Defined Networks”, Third International Conference on Image Information Processing, Waknaghat, India, December 21-24, 2015

N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, D. Walker “Frenetic: A network programming language”, ACM Sigplan Notices, Vol. 46, No. 9, pp. 279-291

D. Kreutz, F. Ramos, P. Verissimo, “Towards secure and dependable software-defined networks”, Second ACM SIGCOMM workshop on Hot topics in software defined networking, Hong Kong, China, pp. 55-60, August 16, 2013

K. Benton, L. J. Camp, C. Small, “Openflow vulnerability assessment”, Second ACM SIGCOMM workshop on Hot topics in software defined networking, Hong Kong, China, pp. 151-152, August 16, 2013

P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava, P. N. Tan, “Data mining for network intrusion detection”, NSF Workshop on Next Generation Data Mining, November 1-3, 2002

M. R. Smith, T. Martinez, “Improving classification accuracy by identifying and removing instances that should be misclassified”, International Joint Conference on Neural Networks, San Jose, USA, July 31–August 05, 2011

D. E. Denning, “An intrusion-detection model”, IEEE Transactions on software engineering, Vol. SE-13, No. 2, pp. 222-232, 1987

H. S. Teng, K. Chen, S. C. Lu, “Adaptive real-time anomaly detection using inductively generated sequential patterns”, IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, May 7-9, 1990

A. A. Mohamed, D. M. Ali, “Designing of intrusion detection system based on image block matching”, International Journal of Computer and Communication Engineering, Vol. 2, No. 5, pp. 605-607, 2013

L. Garber, “Denial-of-service attacks rip the Internet”, Computer, Vol. 33, No. 4, pp. 12-17, 2000

U. Tariq, M. Hong, K.-S. Lhee, “A comprehensive categorization of DDoS attack and DDoS defense techniques”, International Conference on Advanced Data Mining and Applications, pp. 1025-1036, Springer, Berlin, Heidelberg 2006

W. M. Eddy, “Defenses against TCP SYN flooding attacks”, The Internet Protocol Journal, Vol. 9, No. 4, pp. 2-16, 2006

Q. Yan, F. R. Yu, Q. Gong, J. Li, “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges”, IEEE Communications Surveys & Tutorials, Vol. 18, No. 1, pp. 602-622, 2016

S. Sezer, S. S. Hayward, P. K. Chouhan, B. Fraser, D. Lake, J. Finnegan, N. Viljoen, M. Miller, N. Rao, “Are we ready for SDN? Implementation challenges for software-defined networks”, IEEE Communications Magazine, Vol. 51, No. 7, pp. 36-43, 2013

R. Kandoi, M. Antikainen, “Denial-of-service attacks in OpenFlow SDN networks”, IFIP/IEEE International Symposium on Integrated Network Management, Ottawa, Canada, May 11-15, 2015

A. Ramanathan, J. Mitchell, A. Scedrov, V. Teague, “Probabilistic bisimulation and equivalence for security analysis of network protocols”, International Conference on Foundations of Software Science and Computation Structures, FoSSaCS 2004. Lecture Notes in Computer Science, Vol, 2987, Springer, Berlin, Heidelberg, pp. 468-483, 2004

J. Ashraf, S. Latif, “Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques”, National Software Engineering Conference, Rawalpindi, Pakistan, November 11-12, 2014

C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, W.-Y. Lin, “Intrusion detection by machine learning: A review”, Expert Systems with Applications, Vol. 36, No. 10, pp. 11994-12000, 2009

R. Sommer, V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection”, IEEE Symposium on Security and Privacy, Berkeley/Oakland, USA, May 16-19, 2010

H. Wang, L. Xu, G. Gu, “Floodguard: A dos attack prevention extension in software-defined networks”, 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, June 22-25, 2015

R. Sahay, G. Blanc, Z. Zhang, H. Debar, “Towards autonomic DDoS mitigation using software defined networking”, Workshop on Security of Emerging Networking Technologies, Internet Society, 2015

S. Luo, J. Wu, J. Li, B. Pei, “A defense mechanism for distributed denial of service attack in software-defined networks”, Ninth International Conference on Frontier of Computer Science and Technology, Dalian, China, August 26-28, 2015

S. A. Mehdi, J. Khalid, S. A. Khayam, “Revisiting traffic anomaly detection using software defined networking”, International Workshop on Recent Advances in Intrusion Detection, RAID 2011. Lecture Notes in Computer Science, Vol. 6961, pp. 161-180, Springer, Berlin, Heidelberg, 2011

S. Dotcenko, A. Vladyko, I. Letenko, “A fuzzy logic-based information security management for software-defined networks”, 16th International Conference on Advanced Communication Technology, Pyeongchang, South Korea, February 16-19, 2014

K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, V. Maglaris, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments”, Computer Networks, Vol. 62, pp. 122-136, 2014

S. Lim, J. Ha, H. Kim, Y. Kim, S. Yang, “A SDN-oriented DDoS blocking scheme for botnet-based attacks”, Sixth International Conference on Ubiquitous and Future Networks, Shanghai, China, July 8-11, 2014

S. M. Mousavi, M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers”, International Conference on Computing, Networking and Communications, Garden Grove, USA, February 16-19, 2015

R. Wang, Z. Jia, L. Ju, “An entropy-based distributed DDoS detection mechanism in software-defined networking”, in IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, August 20-22, 2015

Q. Niyaz, W. Sun, A. Y. Javaid, “A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)”, arXiv preprint arXiv:1611.07400, 2016

Q. Yan, F. R. Yu, “Distributed denial of service attacks in software-defined networking with cloud computing”, IEEE Communications Magazine, Vol. 53, No. 4, pp. 52-59, 2015

R. Braga, E. Mota, A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow”, IEEE 35th Conference on Local Computer Networks, Denver, USA, October 10-14, 2010

R. Kokila, S. T. Selvi, K. Govindarajan, “DDoS detection and analysis in SDN-based environment using support vector machine classifier”, Sixth International Conference on Advanced Computing, Chennai, India, December 17-19, 2014

N. Z. Bawany, J. A. Shamsi, K. Salah, “DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions”, Arabian Journal for Science and Engineering, Vol. 42, No. 2, pp. 425-441, 2017

L. Barki, A. Shidling; N. Meti; D. G. Narayan; M. Moin Mulla “Detection of distributed denial of service attacks in software defined networks”, International Conference on Advances in Computing, Communications and Informatics, Jaipur, India, September 21-24, 2016



Abstract Views: 965
PDF Downloads: 304

Metrics Information
Bookmark and Share