Professional Documents
Culture Documents
net/publication/335147827
CITATIONS READS
10 506
2 authors:
All content following this page was uploaded by Beslin Pajila on 26 April 2021.
Abstract IOT: Internet of Things is a developing technique, it is the system of vehicles, home apparatuses, physical
gadgets, and different things installed with hardware, programming, sensors, actuators, and system
availability which empower these items to associate and trade data. IOT is made out of vast number of
various end frameworks associated with web. Physical gadgets installed with RFID, sensor, etc. which
enables item to communicate with one another. Security is a serious issue because all the heterogeneous
end systems are communicated with each other through internet.
Keywords RFID - Internet of Things IoT - DDoS - Security - DDoS attack - SDN
(separated by '-')
Detection of DDoS Attack Using SDN in IoT:
Author Proof
A Survey
1 Introduction
The Internet of Things (IoT) is where physical articles can be associated with the
Internet and furthermore have the capacity to recognize themselves to different gadgets
[1]. IoT gadgets are firmly related to RFID, sensor innovations, remote advances. It
makes the items to be detected and controlled remotely crosswise over existing system
framework. Web is a medium that interface individuals over the world for messaging,
gaming, conferencing, web based exchanging, etc. [2]. The universal things are
apportioned with the capacity of solid data transmission, far reaching observation, and
smart preparing. Here intelligent is consider as a significant feature. The intelligent IoT
make it possible for distributed intelligent devices like sensors, actuators and data
centers. The intelligent gadgets will go about as a smart information procurement,
propelled data extraction, self-versatile control, dependable transmission, and clever
choice help and administrations. The savvy IoT depend on the framework models,
systems and correspondences, information preparing and omnipresent processing
advances. Numerous applications administrations are expected to help smart admin-
istration and different business-related exercises, including blurring processing, enor-
mous information, semantic web, learning coordination, and social registering [49]. IoT
contains, for example, switching off the lights and automatic air conditioner in a room,
which recognizes the availability of the person by sensing the temperature of the
human. Internet of things moves the data over the web without individual conversation.
Traditional IP is not capable to connect various number of devices linked to the web,
Author Proof
IPv6 is the right choice but it does not provide heterogeneity objects connectivity. SDN
use IPv6 that allow various items from various systems to communicate [18]. Dos
attack is one of the most intrusion that affect the end devices.
IOT gadgets are brilliant, the data are send to the brought together framework,
which will screen and make a move as indicated by the undertaking given to it. IOT can
be utilized in numerous areas like transportation, human services, savvy home, control
matrices, shrewd structures etc. [13, 14]. Huge measure of gadgets connected to the
web and huge information related with it, security is particularly concerned [3]. Most of
the gadgets are effectively focused by interruption since they rely upon outside assets
and are left unaddressed much of the time. Online apparatuses are effectively assault by
the interruption. Two hundred million gadgets will be associated with the web con-
stantly 2020, so there is a likelihood for programmers to utilize these gadgets through
DOS attack, pernicious email and Trojan. An ongoing report expresses that 70% of
Internet of the things gadgets is helpless against assaults. The secrecy, honesty and
security of the information will be diminished and the clients will dishearten to utilize
this innovation [4]. The security and protection issues in the cutting edge 5G versatile
advances on IoT were unaddressed for quite a long time [5]. An IoT arrange is con-
strained by legitimately brought together controller and partitioned into zones. It is vital
to consider the execution of disseminated SDN empowered IoT systems. to keep up
administration quality. The normal design of joining of SDN and IoT is shown in
Fig. 1 [64]. AQ3
SDN Controller
Fig. 1. Classical architecture that combine SDN and IoT, a high level view.
used for the converse between the IoT devices. In this paper, we made a survey about
Author Proof
the DDoS attacks and how to identify and reduce the attacks using Software Defined
Networks.
2 Background
Target Description
Russian Defense Ministry’s DDoS attack targeted Russian Defense Ministry’s
website, March 2018 [25] website while they are poling for new weapons names
Boston Globe, November 2017 DDoS interrupt the news paper’s telephone, disrupted
[24] editing system
UK National Lottery, September DDoS attack hitting vigorously lottery website and app,
2017 [24] and prevent the customers laying lottery
Melbourne IT, April 2017 [24] DDoS attack force the victim organization that their
cloud hosting and mailing platforms service is
unavailable for the customers
Client of US-based security vendor Botnet produced to bargain CCTV-based botnet utilized
Sucuri. June 2016 [19] for DDoS assaults. The botnet created 50,000 HTTP ask
for every seconds to the server and the memory was
involved by ill-conceived traffic
Bank of Greece Website [20]. DDoS assault constrained the servers of Bank of Greece
May 2016 site to stay inert for 6 h
HSBC internet banking [21]. DDoS assault constrained HSBC individual keeping
January 2016 money site in the UK to closedown for a long time
Irish government website [22], Irish sites like Central Statistics office, the Courts
January 2016 Service, the Health Service Executive and Houses of the
Oireachtas were briefly constrained disconnected by
DDoS Attack
Thai government websites [23], Thai government websites harmed by a DDoS attack,
October 2015 making them impossible to access
unnecessarily due to the request of Data Plane and send to Data Plane (data lane
Author Proof
resource consumption). There won’t be any space to store all flow rules generated by
Control Plane [13]. In [14] firewall prototype was developed for security purpose that
maximizes the use of SDN. It is mainly used for two reasons: (i) New devices can be
developed with the product quality, (ii) it allows end user flexibility when creating new
devices. SDN is the latest technology that basically focused on quality of service and
routing. The Concept behind the filtering is, it makes all the data to pass through the
firewall due to the source and Destination IP addresses, set of rules, IP protocols (TCP
or UDP) it allow or deny the data’s. Basic algorithm is followed that sees all the
incoming traffic, read the packet header information, check the rule list for matches and
finally due to the set of rules allow or deny the packets. Network management, network
function Virtualization; Accessing information from anywhere, Resource utilization,
Energy management and Security and privacy are the essential key of IoT applications,
which can fulfill by SDN technologies. Huge data that was originated from the gadgets
must be handled in timely manner. Network Function Virtualization (NFC) that makes
gadgets to perform various operations, depending on application specific requirement
[34]. SDN is an emerging Technology, that is relevant to change the traffic arrange-
ment, it has huge bandwidth, changing nature of today’s application. Security is the
essential feature of SDN, and it is mainly used to detect the attacks. The principal
segments of SDN are controllers and switches. Controller will manage the entire
network and the switches will forward the system traffic depend upon the data installed
in the SDN controller. SDN understand clearly the flexible control of network traffic.
SD comprises of Software defined ratio, Software defined networking, Software
defined data centers, Software defined infrastructure and Software define World.
Among all those technologies, SDN is the recognized technology to the greatest extent
[46]. SDN is used to improve the new 5G wireless networks technology in its man-
ageability and adaptability [47]. SDN have ability to program the system through a
consistently programming characterized controller and it isolates the control path from
the information plane. Stretching out SDN to remote systems is profitable [48]. The
typical architecture of SDN is shown in the Fig. 2. By designing hybrid network
architecture; SDN brings new opportunities in IoT. Utilizing bound together control
convention SDN can possibly control circuit and parcel exchanging [64].
Applications …..
Applications Applications Application layer Service
Level Agreement
installed at each site. It monitors the actual time traffic and filters the malicious traffic. The
DDoS attack detection module analyzes the system traffic, identify the malignant traffic
and generate signature for the malignant traffic. It follows four phases for the detection of
DDoS attack i.e., Data collection, preprocessing, Classification and Response. RBP
Boost is a classification algorithm used to classify, train and test the malicious traffic.
RBP Boost division algorithm outcome with a high reveal accuracy of 99.4%.
DDoS attacks are detected using by Self–organizing map a neural network model.
In this work six tuple (traffic flow features) are used to make decision, whether the
traffic is ordinary or an intrusion. The appearances are Average of Packets per flow
(APf), Average of Bytes per flow (ABf), Average of Duration per flow (ADf), Per-
centage of Pair-flows (PPf), Growth of Single-flows (GSf), Growth of Different Ports
(GDP). Flow Collector module in a NOX based network is responsible for collecting
the features and for the detection of illegitimate flows the collected features are moved
to the classifier module. SOM will classify the network traffic and are useful for stream
analysis. This task used for DDoS attack identification with huge rate, based on traffic
flow features and less rate of fake alarms. This work does not mention about mitigation
strategy and proposes about DDoS attack detection method [31].
Dotcenko et al. [32] proposed mamdani algorithm, fuzzy inference was carried out.
This is a pragmatic approach based on fuzzy logic, fuzzy modeling problems are
solved. Excessive computation was avoided. Decision making based on fuzzy rules
was the results that were showed and it was better than using the security algorithms
separately. Only the detection method has been proposed and no mitigation strategy.
Xin Xu et al. [33] Hidden Markov Models (HMMs) was proposed by the authors to
detect the DDoS attacks. HMM method detect the DDoS attacks by origin IP invigi-
lator in a single identification system. To take care of the issues of information
preparing bottleneck and single point disappointment various identification operators
are utilized in real applications. Hence the dispersed location system is consolidated
with the HMM-based discovery technique utilizing source IP observing. Reinforcement
learning (RL) is a machine learning strategy that takes care of consecutive choice issues
by associating with nature. Reinforcing learning is more productive and appropriate
than supervised learning in light of the fact that amid preparing RL agents don’t have
instructors’ signs for watched states, they for the most part gets postponed, prizes or
inputs from environment.
Dillon [35] Proposed DDOS mitigation method, detection and blocking of attacks
was handled under the assist of OpenFlow. The complete mitigation process is done
three stages. In the first stage, the abnormality is detected with the byte and packet
counter. The second phase, two method were used, the first method is Packet sym-
metry, it is used to characterize legitimate and malignant traffic. The second stage is
temporary blocking, it blocks the outgoing traffic. In the third stage, all the flows are
dropped that are coming from malicious.
Machine learning procedures are utilized to recognize the vindictive action
dependent on the strange behaviour that occurs in the system. The accomplishment of
this strategy relies on the dataset, which has been utilized for training.
8 P. J. Beslin Pajila and E. Golden Julie
[36] TAMD, a system that find host that was infected by stealthy malware that was
available inside a network. By two ways malware writers avoid the detected techniques
of TAMD, (i) they encrypt their malware traffic (ii) avoid by botnet architecture. The
majority of the botnet today utilize unified IRC direction and-control server instead of
P2P botnets and HTTP based botnets. An OpenFlow security application development
framework, FRESCO was designed [37]. Another identification structure Botminar,
distinguish the hosts that share comparable interchanges and malicious action designs
by performing cross group correlations. This novel inconsistency based botnet
recognition framework is free of the protocol and structure utilized by botnets. The
framework achieve definition and properties of botnets i.e., bots inside the equivalent
botnet have a similar communication malicious activity [38]. Malware in the mobile
devices is detected using SDN architecture [39]. It detects the malware in the mobile
devices through real-time traffic analysis. To extract the aggregation of malware
communications features like, common destination, common connection time and
common platforms are used.
testing are joined together so worms are immediately related to a drawing in low false
Author Proof
caution rate. By using the various controllers like NOX Controller [41], Beacon
Controller [32], and Flood Light Controller [39] experiments are conducted and the
attack detection are successful which were shown in the results (Table 3).
Lots of data and information are produced due to the rapid growth of IoT. This
information are gathered by the enormous objects that are connected to it. In the event
that we need to interface everything to the web it will be a basic issue in light of the fact
that putting away, overseeing, controlling and verifying such bigdata is outlandish.
Software Defined Systems (SDSys) will overcome all the challenges so it is considered
as a vital solution. A structure is made for Software Defined Internet of Things (SDIoT)
that misuses a few SDSys, for example, Software Defined Network (SDN), Software
Defined Storage (SDStore) and Software Defined Security (SDNSec). Controller exists
between the system applications and the sending components, its primary job is to
control the system tasks. Controller act as a middleware to manage and transfer the
communications. SDStore is mainly used to manage huge data in storage system, it
separates data control layer and the data storage layer. SDSec provide secure virtual
environment infrastructures from threats DoS attack, insider threats etc. [18].
Earlier Detection techniques are centralized detection so communication bottleneck
has occurred because download and process will happen at the separate place. On the
off chance that there is any blemish in the unified identification system, it won’t work
until it is recovered. Decentralized detection system is more popular now a day because
the agents are placed in different location and it also overcomes the drawbacks of
centralized detection mechanism. The multi-agent detection framework was mentioned
for detecting DDoS attack. At edge routers multiple detection agents are placed of
different transit networks among these detection agent there is a communication
mechanism. Each and every agent observes only local information, to improve the
detection efficiency; the information and decision among agents are combined together.
Distribution detection system needed a cooperation mechanism to detect the abnormal
changes in the traffic [33].
10 P. J. Beslin Pajila and E. Golden Julie
[46]. SD-IOT framework has controller pool which has SD-IOT controller and SD-IOT
switches that were incorporated with the IOT gateway and IOT gadgets. A calculation
with SD-IOT structure was proposed to recognize and alleviate the DDoS assault. The
algorithm will detect the real DDoS attack by using some threshold value. By using the
threshold value in the algorithm, it blocks the DDoS attack at the source itself. A novel
framework is proposed in [48] that integrate caching, networking and computing
technology that support energy proficient data recovery and registering administrations
in green remote system. The system enhances the execution of coming generation
green wireless systems. Software Defined Approach is utilized to deal with the assets of
systems administration, computing and caching. But traditional SDN focus on net-
working resources alone. The resource like networking, computing and caching is
managed efficiently to improve the resource utilization and user experience. The
framework in [48] results in single point of failure, if anyone attacked it. Moreover if
any attacker gets permission to access the controller, it will damage the entire wireless
network. So an attack-tolerant system should be maintained to get rid of the framework
from the attacker.
[43] Giotis and all proposed SDN architecture it has three components they are collector,
anomaly detection and anomaly mitigation. Collector will gather the information; it
gathers stream data and transports them to anomaly identification module. The anomaly
detector will detect the anomaly for every time-window. The detection algorithm’s like
analytical abnormality identification, machine learning based abnormality identification
and data mining based abnormality identification are used for the identification of the
anomaly in the system traffic. Anomaly will be identified by the anomaly detection
component and it is exposed to the anomaly alleviation module. The abnormality
alleviation will kill recognized assaults; the stream sections will be embedded in the
stream table to hinder the malignant traffic. To recognize and relieve the assaults, the
ordinarily utilized activities are the forward, drop and change field activities. SDN-based
DDoS defense mechanisms are integrated with the mitigation strategies. The commonly
used mitigation strategies that are deployed in SDN are blocking ports, dropping packets
and redirecting traffic [35, 40, 43, 44, 50, 51]. There are a lot more mitigation strategies
that are implemented in SDN-based DDoS alleviation techniques, for example, pro-
found bundle assessment, changing MAC and IP addresses and disengaging traffic
[50, 51]. The straightforward and quick relief strategies that totally hinder the potential
assault sources are dropping parcels and blocking ports. The above mentioned mitiga-
tion techniques will drop the legitimate traffic.
[44] Chin, T.; Mountrouidou mention about two important features i.e., monitor
and correlator. Monitor has dual functionality like messenger that sends alert and
additional information and operates as a sensing node. Relate gets alert from the screen
to the data kept up by the OVS switch for profound parcel examination. Some miti-
gation technique will clean the blacklisted IP address. It filters ill-conceived clients
assaulting the server. These shield the server from DDoS. When we fail to pass judge
Detection of DDoS Attack Using SDN in IoT 11
on the http request, regardless of whether the demand are sent by client or botnet, use
Author Proof
CAPTCHA method to separate a human from the botnet. This technique used to find
the differentiation between the human request and botnet request [45]. In some tech-
niques mitigation of the attacks will be taking place due to blocking. Blocking by
means of block flow that prevents DoS sources further communicating with host on the
local. First of all it detect DDoS attacks, then it identify malicious attackers and at last it
used to block the attack [35]. DDoS attacks mostly target specific service. SDN is used
to overcome from the difficulty that occurs due to DDoS attacks. Usually the DDos
attacks are mounted by huge number of bots. The targeted services will be disabled by
the DDoS attack but it won’t affect the other network components. Servers that a
present in the network need to be protected, SDN will provide sufficient protection for
the servers [40].
Secret key from the substitution–box should be protected from correlation power
analysis attack, light weight masked AES engine is used to protect data from this
attack. Customary conceal AES execution is unreliable against high request control
investigation assault. Equal or more number of masks should be used to protect against
high order power analysis attack [6].
There are three types in existing Middleware architecture i.e., service based IOT
middleware, cloud based IOT middleware and Actor based IOT middleware [9].
Internet security is provided by Public key cryptography. Light weight public key
cryptography has been developed to overcome from new attack vectors. Security and
Privacy is lack in IOT middleware. Middleware platforms like Hydra, Virtus and
webinos addresses the security issues to some extent. The above middleware platforms
use the following protocols for security purpose
Hydra utilizes SOAP/Web administrations for security, Virtus uses XMPP models
and Webinos utilizes policy-based access control (XACML) and Federated Identity
token (OpenID). These are excessively expensive in overseeing memory and time on
the grounds that these conventions are not intended for the asset – compelled condition.
12 P. J. Beslin Pajila and E. Golden Julie
they are Event based, Service arranged, Virtual Machine-based, Agent-based, Tuple-
spaces, Database situated, Application explicit.
Event based Middleware: All the participants like components, applications are
interacted with each other through events. An event system consists of large number of
application components. Event based Middleware has a type called Message-oriented
middleware (MOM). Event based middleware follows publisher-subscriber architecture
model. Here we can survey some of the examples of Event based middleware. For
Large-scale circulated applications, an event based middleware Hermes is utilized. It
utilizes an adaptable routing algorithm and adaptation to internal failure components
that defeat various types of disappointments in the middleware.
The gaps identified in the existing middleware platforms are: (i) Context-based secu-
rity, (ii) lack of privacy-by-design, (iii) client driven model of access control and
(iv) support for electronic character at the gadget level [10]. Denial of services attack
occurs through resource exhaustion. There is no solution for this DoS Attack, but in [7]
SSM is suggested to identify and reduce the DoS assault. Security and privacy in
middleware is mandatory it should be enhanced with any new technologies [12]. EU
FP7 project RERUM designed IoT architecture based on the concept of security and
design. It is an open IoT middleware. Implementation of the middleware is at the
central part of RERUM, it provides a high security and privacy.
9 Conclusion
Presently multi day in all fields everybody relies upon digital physical frameworks and
upgrades in systems administration. Cloud innovations have appeared unique consid-
eration for the insurance of system and figuring framework against DDoS assaults. The
discovery and moderation of DDoS assaults is a incomplete job. By understanding this
problem, we have made several clear collections.
In this paper, the aversion against DDoS assaults was talked about. Compelling
DDoS assault identification strategy will react to the expanding malware traffic. What’s
more, adjusting and simplicity of the board the use of guidelines in identification,
moderation and anticipation against DDoS assaults is likewise required. The SDN-
based arrangements are ordered by the particular identification and moderation methods
in this paper. The discussion about how the DDoS attacks is detected and mitigated
using SDN-based techniques were made. SDN based framework also provide a pro-
tection against DDoS attacks.
Detection of DDoS Attack Using SDN in IoT 13
References
Author Proof
1. Chuah, J.W.: The Internet of Things: an overview and new perspectives in systems design.
In: International Symposium on Integrated Circuits (2014). 978-1-4799-4833-8/14
2. Agrawal, S., Das, M.L.: Internet of Things – A Paradigm Shift of Future Internet
Applications, Institute of Technology, Nirma University, Ahmedabad 382 481, 08-10 (2011)
3. Xu, X.: Study on security problems and key technologies of the Internet of Things. In:
International Conference on Computation and Information Sciences (2013)
4. Kanuparthi, A., Karri, R., Addepalli, S.: Hardware and embedded security in the context of
Internet of Things. In: CyCAR 2013: Proceedings of the 2013 ACM Workshop on Security,
Privacy & Dependability for Cyber Vehicles, pp. 61–64 (2013) AQ5
5. Zhou, J., Cao, Z., Dong, X., Vasilakos, A.V.: Security and privacy for cloud-based IoT:
challenges, countermeasures, and future directions, impact of next-generation mobile
technologies on IoT: cloud convergence AQ6
6. Yu, W., Köse, S.: A lightweight masked AES implementation for securing IoT against CPA AQ7
attacks. IEEE Trans. Circ. Syst. I Regul. Pap. 64(11), 2934–2944 (2017)
7. Xu, T., Gao, D., Dong, P., Zhang, H., Foh, C.H., Chao, H.-C.: Defending against new-flow
attack in SDN-based Internet of Things, special section on security and privacy in
applications and services for future Internet of Things, vol. 5 (2017)
8. Sicari, S., Rizzardi, A., Miorandi, D., Coen-Porisini, A.: Dynamic policies in Internet of
Things: enforcement and synchronization. IEEE Internet of Things J. 4(6), 2228–2238
(2017)
9. Ngu, A.H.H., Gutierrez, M., Metsis, V., Nepal, S., Sheng, Q.Z.: IoT middleware: a survey on
issues and enabling technologies. IEEE Internet of Things J. 4(1), 1 (2017)
10. Fermantle, P., Scott, P.: A security survey of middleware for the Internet of Things. PeerJ
PrePrints 3, e1521 (2015)
11. Razzaque, M.A., Milojevic-Jevric, M., Palade, A., Clarke, S.: Middleware for Internet of
Things: a survey. IEEE Internet of Things J. 3(1), 1 (2016)
12. Moldovan, G., Tragosy, E.Z., Fragkiadakisy, A., Pöhlsz, H.C., Calvox, D.: An IoT
middleware for enhanced security and privacy: the RERUM approach (2016). ISSN: 2157-
4960
13. Shin, S., Gu, G.: Attacking software-defined networks: a first feasibility study. In:
Proceedings of the 2nd ACM SIGCOMM Workshop Hot Topics Software Defined
Networks, New York, NY, USA, pp. 165–166 (2013)
14. Pena, J.G.V., Yu, W.E.: Development of a distributed firewall using software defined
networking technology. In: Proceedings of the 4th IEEE International Conference on
Information Science and Technology (ICIST), Shenzhen, China, pp. 449–452 (2014)
15. Seufert, S., O’Brain, D.: Machine learning for automatic defence against Distributed Denial
of Service attacks. In: IEEE International Conference on Communications (2007)
16. Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: IEEE
International Conference on Smart Computing (SMARTCOMP) (2017). 29-31 Elec-
tronic ISBN 978-1-5090-6517-2, Print on Demand (PoD) ISBN 978-1-5090-6518-9
17. Hoyos Ll, M.S., Isaza E, G.A., Vélez, J.I., Castillo O, L.: Distributed Denial of Service
(DDoS) attacks detection using machine learning prototype
18. Jararweh, Y., Al-Ayyoub, M., Darabseh, A., Benkhelifa, E., Vouk, M., Rindos, A.: SDIoT: a
software defined based Internet of Things framework. Springer, Heidelberg (2015).
Print ISSN 1868-5137, Online ISSN 1868-5145
19. CCTV-based botnet used for DDoS attacks (2016). https://www.ddosattacks.net/a-massive-
botnet-of-cctv-cameras-involved-in-ferocious-ddos-attacks
14 P. J. Beslin Pajila and E. Golden Julie
ddos-attack-bank-greece-website-down
21. HSBC Internet Banking Services Down After DDoS Attack (2016). http://www.telegraph.
co.uk/finance/newsbysector/banksandfinance/12129411/HSBC-online-banking-service-
crashes-again.html
22. Irish Government Websites temporarily offline due to DDoS-attack (2016). http://www.bbc.
com/news/world-europe-35379817
23. Thai Government Websites hit by denial-of-service attack (2016). http://www.bbc.com/
news/world-asia-34409343
24. https://www.tripwire.com/state-of-security/featured/5-notable-ddos-attacks-2017/
25. http://ddosattacks.net/russian-defense-ministrys-website-suffers-ddos-attacks-during-poll-
for-new-weapons-names/
26. Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against Distributed
Denial of Service (DDoS). IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
27. Kaufman, C., Perlman, R., Sommerfeld, B.: DoS protection for UDP-based protocols. In:
Proceedings of the 10th ACM Conference on Computer and Communication Security—CCS
2003, p. 2 (2003)
28. Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms
countering the DoS and DDoS problems. ACM Comput. Surv. 39(1), 3es (2007)
29. Czyz, J., Kallitsis, M., Papadopoulos, C., Bailey, M.: Taming the 800 Pound Gorilla: the rise
and decline of NTP DDoS attacks. In: IMC, pp. 435–448 (2014)
30. ArunRaj Kumar, P., Selvakumar, S.: Distributed Denial of Service attack detection using an
ensemble of neural classifier. Comput. Commun. 34(11), 1328–1341 (2011)
31. Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using
NOX/OpenFlow. In: LCN 2010 Proceedings of the 2010 IEEE 35th Conference on Local
Computer Networks, Washington, pp. 408–415. IEEE (2010)
32. Dotcenko, S., Vladyko, A., Letenko, I.: A fuzzy logic-based information security
management for software-defined networks. In: 16th International Conference on Advanced
Communication Technology (ICACT), pp. 167–171. IEEE (2014)
33. Xu, X., Sun, Y., Huang, Z.: Defending DDoS attacks using hidden Markov models and
cooperative reinforcement learning. In: Proceedings of the 2007 Pacific Asia Conference on
Intelligence and Security Informatics, PAISI 2007, pp. 196–207 (2007). ISBN 978-3-540-
71548-1
34. Bera, S., Misra, S., Vasilakos, A.V.: Software-defined networking for Internet of Things: a
survey. IEEE Internet of Things J. 4(6), 1994–2008 (2017). Electronic ISSN: 2327-4662
35. Dillon, C., Berkelaar, M.: OpenFlow (D)DoS Mitigation, February 2014. http://www.delaat.
net/rp/2013-2014/p42/report.pdf
36. Yen, T.-F., Reiter, M.K.: Traffic aggregation for malware detection. In: International
Conference on Detection of Intrusions and Malware, and Vulnerability Assessment,
pp. 207–227. Springer, Heidelberg (2008)
37. Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M., Texas, A., Station, C.,
Park, M.: Fresco: modular composable security services for software-defined networks. In:
Network and Distributed System Security Symposium, pp. 1–16 (2013)
38. Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for
protocol- and structure-independent Botnet detection. In: USENIX Security Symposium,
vol. 5(2), pp. 139–154 (2008)
39. Jin, R., Wang, B.: Malware detection for mobile devices using software-defined networking.
In: Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop,
GREE 2013, Washington, pp. 81–88. IEEE (2013)
Detection of DDoS Attack Using SDN in IoT 15
40. Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for
Author Proof
Botnet-based attacks. In: Sixth International Conference on Ubiquitous and Future Networks
(ICUFN), pp. 63–68. IEEE (2014)
41. Mehdi, S.K., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software
defined networking. In: Proceedings of the 14th International Conference on Recent
Advances in Intrusion Detection, pp. 161–180 (2011)
42. Schechter, S.E., Jung, J., Berger, A.W.: Fast detection of scanning worm infections. In:
International Workshop on Recent Advances in Intrusion Detection. Springer, Heidelberg
(2004)
43. Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining
OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation
mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)
44. Chin, T., Mountrouidou, X., Li, X., Xiong, K.: Selective packet inspection to detect DoS
flooding using software defined networking (SDN). In: 2015 IEEE 35th International
Conference on distributed Computing Systems Workshops (ICDCSW), pp. 95–99. IEEE
(2015)
45. Singh, K.J., De, T.: DDOS attack detection and mitigation technique based on Http count
and verification using CAPTCHA. In: 2015 International Conference on Computational
Intelligence and Networks (2015)
46. Yin, D., Zhang, L., Yang, K.: A DDoS attack detection and mitigation with software-defined
Internet of Things framework. In: IEEE Access, Special Section on Security and Trusted
Computing for Industrial Internet of Things, pp. 24694–24705, 30 April 2018
47. Zhang, J., Zhang, X., Imran, M.A., Evans, B., Zhang, Y., Wang, W.: Energy efficient hybrid
satellite terrestrial 5G networks with software defined features. J. Commun. Netw. 19(2),
147–161 (2017)
48. Huo, R., et al.: Software defined networking, caching, and computing or green wireless
networks. IEEE Commun. Mag. 54(11), 185–193 (2016)
49. Guest Editorial: IEEE Systems Journals Special Issue on “Intelligent Internet of Things”.
IEEE Syst. J. 10(3) (2016)
50. Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection
and countermeasure. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)
51. Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: SnortFlow: a OpenFlow-based
intrusion prevention system in cloud environment. In: Proceedings of the 2013 2nd GENI
Research and Educational Experiment Workshop, GREE 2013, pp. 89–92 (2013)
Author Proof
Book ID : 468336_1_En
Chapter No : 44
Please ensure you fill out your response to the queries raised below
and return this form along with your corrections.
Dear Author,
During the process of typesetting your chapter, the following queries have
arisen. Please check your typeset proof carefully against the queries listed below
and mark the necessary changes either directly on the proof/online grid or in the
‘Author’s response’ area provided below
or and/or
Insert double quotation marks (As above)
or
Insert hyphen (As above)
Start new paragraph
No new paragraph
Transpose
Close up linking characters