Computers, Materials & Continua DOI:10.32604/cmc.2022.018505 | |
Article |
Unprecedented Smart Algorithm for Uninterrupted SDN Services During DDoS Attack
1Faculty of Computing & Informatics, Multimedia University, Persiaran Multimedia, Cyberjaya, 63100, Selangor, Malaysia
2Faculty of Engineering, Multimedia University, Persiaran Multimedia, Cyberjaya, 63100, Selangor, Malaysia
3Faculty of Computing and Informatics, University Malaysia Sabah, Jalan UMS, Kota Kinabalu Sabah, 88400, Malaysia
4Telekom Malaysia Research & Development, TM Innovation Centre, 63000, Cyberjaya, Selangor, Malaysia
5Federal University of Piauí (UFPI), Teresina, PI, Brazil
6Instituto de Telecomunicações, 6201-001, Covilhã, Portugal
7National Center of Robotics and Automation-Condition Monitoring Systems Lab, MUET, Jamshoro, Pakistan
8Department of Electrical and Electronic Engineering, BUET, Dhaka, 1205, Bangladesh
9Department of Electrical Engineering and Computer Science, Data Science and Cybersecurity Center, Howard University, Washington, DC, USA
10Cloud Computing and Distributed Systems (CLOUDS) Laboratory, School of Computing and Information Systems, The University of Melbourne, Melbourne, VIC 3053, Australia
*Corresponding Author: Zulfadzli Yusoff. Email: zulfadzli.yusoff@mmu.edu.my
Received: 10 March 2021; Accepted: 02 May 2021
Abstract: In the design and planning of next-generation Internet of Things (IoT), telecommunication, and satellite communication systems, controller placement is crucial in software-defined networking (SDN). The programmability of the SDN controller is sophisticated for the centralized control system of the entire network. Nevertheless, it creates a significant loophole for the manifestation of a distributed denial of service (DDoS) attack straightforwardly. Furthermore, recently a Distributed Reflected Denial of Service (DRDoS) attack, an unusual DDoS attack, has been detected. However, minimal deliberation has given to this forthcoming single point of SDN infrastructure failure problem. Moreover, recently the high frequencies of DDoS attacks have increased dramatically. In this paper, a smart algorithm for planning SDN smart backup controllers under DDoS attack scenarios has proposed. Our proposed smart algorithm can recommend single or multiple smart backup controllers in the event of DDoS occurrence. The obtained simulated results demonstrate that the validation of the proposed algorithm and the performance analysis achieved 99.99% accuracy in placing the smart backup controller under DDoS attacks within 0.125 to 46508.7 s in SDN.
Keywords: SDN; smart algorithm; RTZLK-DAASCP; DDoS attack; DRDoS
Software-defined networking (SDN) has attained evident quality worldwide since it is agile, programmable [1], cost-effective, besides the centralized networking system framework in contrast with the customary traditional computer, telecommunications, and satellite communication frameworks that are more confounded and harder to oversee. The focal point of SDN engineering is the controller that mediates among clients and assets to deliver services [2–4]. SDN enables industry operators to reduce operational expenditure (OPEX) and capital expenditure (CAPEX) and create innovative, differentiated services [5]. SDN’s principal function is to expedite and progress the network management system with high flexibility and reliability by separating the control plane from the data plane. Moreover, the capability to unlock more innovative opportunities is owed to the network programmability of SDN. Numerous researchers from both industrial and academic have been attracted to address SDN issues [6]. Open Networking Foundation (ONF) states that SDN is a developing design that is dynamic, reasonable, financially savvy, and versatile, making it ideal for the high-bandwidth, dynamic nature of emerging applications [7]. Before SDN was engineered, the goal to make a programmable networking system had for long been thought of by researcher; for instance, the scientists in [8–14] upheld fast programmable data handling.
The brain of SDN is the controller, which comprises many uses giving united control usefulness through an open application program interface (API) to process the network data packet through an open interface. The SDN controller is a coherent control structure that runs the Network Operation System (NOS) [15]. The equipment deliberations to the control plane, which can monitor the global view of the network architecture. The kernel brainchild of SDN is to separate the control plane and the data plane [16,17] by creating a particular software that allows the operating system of the network (software controller) of SDN to operate on separate hardware (physical controller) [18]. Fig. 1 shows a typical architecture of SDN.
This separation not only provides a significant feature for future networks and telecommunication but also threatens SDN security. SDN is a structure designed to simplify and improve network management with high flexibility by splitting the control plane and data plane [20].
Distributed denial of services (DDoS) attack attempts to make an online service or network unavailable by creating excessive requests from the OpenFlow switch to the controller. The various attack sources include all personal computers (PC), servers, smartphones, alarm systems, cameras, the Internet of things (IoT) devices, and sensors. DDoS attacks can paralyze SDN services by overwhelming servers, network links, and network devices (routers, switches, and controllers.) with illegitimate traffic. They can either cause service degradation or complete denial of service, causing huge losses [21]. In Fig. 2, we give an illustration of how the DDoS attack operated in general.
Initially, attackers will infiltrate the controller via either a PC, smartphone, and IoT sensor. Through switches by using a botnet or a zombie. As a result, all the devices connected to the victim controller will eventually malfunction. Moreover, an infrastructure layer (switch) will typically request the controller to obtain new rules when it cannot handle data packets or forward data packets due to a mismatch in the flow table [22]. Also, a large volume of DDoS attack traffic would occupy the entire bandwidth [23], causing congestion that would result in the controller becoming slow. Eventually, malfunction will occur after encountering DDoS attacks continuously. If the controller becomes the victim of a DDoS attack, all the switches connected to that controller will have malfunctioned and unable to serve the legitimate users. Hence, it is necessary to install an alternative controller to serve legitimate users.
The controller is the most critical component in the SDN network. Hence, controller placement in SDN planning is one of the critical criteria for providing uninterrupted services. Lately, it accounted for intimidation based on Distributed Denial of Service (DDoS) or Ransom Denial of Service (RDoS), an attacker professing to attack ‘Lazarus’. The attacker was threatening to dispatch a DDoS attack against the customer’s entire organization if the owner does not pay the installment within six days. DDoS attacks do not generally accompany a payment interest, yet, given that even one hour of downtime can cost organizations up to $100K sometimes, this sort of RDoS attacks merits viewing appropriately and relieving against services. The highest attacking data packet was 700 GigaByte Per Second (Gbps) or 6,012,951,135,769 bits per second, depicted in Fig. 3 [24].
In the first few weeks of January 2021, DRDoS and RDoS attacks on German organizations and government offices have gotten increasingly continuous. Cybercriminals are utilizing the force of volumetric reflection attacks to coerce enormous ransoms. A Distributed Reflected Denial of Service (DRDoS) attack is an exceptional type of DDoS. For this situation, malevolent solicitations do not start from the actual attacker or a botnet setup. However, from specific Internet services [25], So DRDoS attack is an upcoming strong threat for SDN controllers with DDoS attack. Assurance for SDN networks is winding up being logically more essential in the field of security. This condition is being experienced despite that SDN can give a rich network. In any case, SDN faces different security challenges [26], simultaneously, for example, DDoS attack, network hindering, switch information spillage, management classification, and different principle attacks in traditional networks [27]. From this time forward, it is imperative to pass on various reinforcement controllers to give non-stop SDN services under different DDoS attacks. Here, we proposed a smart algorithm to estimate the numbers of backup controllers required to be deployed at any specific location or node where DDoS occurred.
We organized this paper as follows. In the next section, we presented related work and the development of our proposed backup controller placement smart algorithm, Reazul Tan Zul Lee Kashif (called RTZLK) DDoS Attack Aware SDN Smart Controller Placement Algorithm (called DAASCPA). The flowchart of the proposed algorithm is disclosed in Section 3. Evaluation of the proposed smart algorithm under various scenarios will be conducted, and the result of the layout plan diagrams is shown in Section 4. A vision and future directions are discussed in Section 5. Finally, a conclusion is drawn in Section 6.
First, the authors in [28] proposed the SDN controller placement by utilizing the k-median, comparing the advancement issue heuristic algorithm and the k-center, and the related improvement issue heuristic algorithm. Their work centered around the controller’s latency, the controller’s reaction time and did not address the controller placement under DDoS attack. In [29], the authors raised a standard system to change the connection between the controller and the switches dependent on the conduct of the controller position issue. The authors in [30] considered the need to augment the unwavering quality of the SDN controllers utilizing heuristic algorithms and brute force. In [31], the authors considered the controller placement issue was decreasing the most noticeably awful dormancy of the control ways under satisfying the heap limitation of SDN controllers. In [32], without referencing the DDoS attack, the author presented another upgraded model for the SDN controller placement just as switches and connections in the SDN. The authors in [33] focused on the need to delineate the weakness of SDN to DDoS attacks in cloud computing. They researched the new inclination and highlight of DDoS attacks in the cloud computing environment and gave a comprehensive measure of walled-in area systems against DDoS attacks utilizing SDN. In [34], the authors presented a DDoS attack safeguard by DDoS hindering framework by utilizing OpenFlow interface. In light of expeditiousness, flexibility, and exactness, the authors proposed a DDoS attack discovery technique in [35].
The authors in [36] proposed a multi-line SDN controller planning algorithm dependent on the time cut assignment procedure identified with controller placement in SDN. Based on attack traffic, attack scale, and courses of events, the work in [37] addressed the location of DDoS attacks in cloud services. Nevertheless, their proposed algorithm is a simple link to identify attacks that made the controllers break down, which brought about the interferences of services. In [38], the authors presented pSMART, a lightweight, security-mindful assistance work chain orchestration in a multi-space NFV/SDN circumstance, which cannot uphold during the colossal volume of DDoS attack traffic. In [39], the authors’ proposed algorithms for exact and heuristic assessments of the resulting and completed in the Matlab-based POCO framework for the Pareto-based Optimal Controller placement. At this point, it does not fulfill the need to offer help during DDoS. The authors in [40] proposed a multi-target ILP definition introduced to derive the related controller position. However, security dangers like DDoS attacks are not considered to offer constant types of assistance. In [41], the authors built up a Parameter Optimization Model (POM) for the heuristic figuring applied to the CPP. The heuristic algorithm can sufficiently disentangle the CPP by using the high-level limits procured in POM. The work does not consider components for securing the SDN controller and framework. In [42], the authors proposed a hypothetical idea of smart controller placement for SDN engineering. Essentially, SDN is poised to apply future applications, for example, voice over IP (VoIP) [43–45], fiber optic [46–48], worldwide interoperability for microwave access (WiMAX) [49–51], and artificial intelligence (AI) and machine learning (ML) [52], deep learning (DL) [53] unmanned aerial vehicle (UAV) and autonomous electric vehicle (AEV) through satellite [54]. The above works neither considered intelligent reinforcement controller algorithm nor DDoS attack danger. In this paper, we proposed a smart algorithm for planning the deployment of SDN controllers under DDoS attack situations, which comprises additional backup reinforcement controllers notwithstanding the current controllers to guarantee the support of real clients without interruption.
Here, we present a DDoS attack-aware smart controller placement algorithm that comprises additional savvy reinforcement controllers notwithstanding the current controllers to guarantee the services for genuine clients without interruption.
R is the number of types of switches in set S, Set of the switch
The controller and the smart backup controller placement matrix
1: Start
Initialization:
The controller placement matrix
2: foreach items in the controller’s set
3: Create a Union of set with available controllers of each type of the controller from Set C
c1
4: Update it in set
5: Create a Power Set P(C) for the set of the Controller
For set
Subsets with 0 controller
Subsets with 1 controller −
Subsets with 2 controllers–
{c1[1], c1[2]}, c1[1], c2[1], c1[1],
Subsets with k controllers −
6: Compute the sum of the processing power of the elements (controllers) in each subset
7:
8: Compute the sum of the port of the elements (controllers) in each subset
9:
10: Compute the sum of the cost of the elements (controllers) in each subset
11:
12: Compute the Sum of
13:
14:
15: for (i = 0; i
{
16:
17: else Stop: The controller is not available
18. if Subset_
19: Stop: The controller does not exist with the required processing power
20: else go to next step
21: if
22: Stop: The controller does not exist with the required port
23: else go to step 24
{
24: for (j = 0; j
25: for each items in
26: if
27: &&
28: update the subset_of_Controller [i] in
end iff
end else
end if
end else
end if
end else
end for
end foreach
end if
}
29: Update the controller subset with the minimum cost from
30: NoOfchosenController == Updated
31: Number of Required Node,
32: Select
33:
34: place the controller on the selected node
35:
36: Display
}
37 : for (y = 0; y
{
38: if
39:
40:
{
41: for (z = 0; z
42:
else Stop: The Smart backup controller is not available
43: if
44: Stop: The smart backup controller does not exist with the required processing power
45: else go to next step
46: if
47: Stop: The smart backup controller does not exist with the required port
48: else go to next step
49: foreach items in B
50: if
51: &&
52: && cost of the smart backup controller = = Co
53: Place it on
54: Display
end iff
end else
end if
end else
end if
end else
end foreach
end if
}
}
else
exit
end if
55: Stop
3.4 Flowchart of The Algorithm
We illustrated the flowchart of the RTZLK-DAASCP algorithm in Fig. 4.
Our proposed algorithm has been developed using A Mathematical Programming Language (AMPL) [55], which supports formulation, testing & deployment, and IBM ILOG CPLEX [56] with Intel (R) Core (TM) i7–6700 CPU@3.40 GHz, RAM 8 GB, and virtual memory 128 GB machine. The proposed smart algorithm is evaluated in several different scenarios. The obtained data from the result presented in Tabs. 1–4. The diagrams from the results show the connection between the controller and a smart backup controller, controllers to controllers, DDoS attacks, and controllers to switches under four typical practical networks given in Figs. 5–8.
The entirety of the over four DDoS attack situations demonstrated that our smart algorithm could guarantee the SDN operation is uninterrupted even under the different frequency of DDoS attack by placing the extra smart backup controller in addition to the existing SDN controller.
The vital cost concerning repeat of attacks plotted as exhibited in Fig. 9. The cost is going from USD 30,000 for no attack to around USD 50,000 for the triple attack. It will in general be contemplated that insignificant exertion for the low attack, the medium cost is typical for a medium attack and higher cost for the higher attack. Compare to the recently proposed Lightweight algorithm [57] and boosting algorithm [58], The results obtained show that our proposed RTZLK-DAASCP smart algorithm provides uninterrupted SDN services against DDoS attacks with high accuracy and minimum cost.
5 Vision and Future Directions
The impact of the design and planning of SDN infrastructure varies from different geo-locations. It is necessary to implement the proposed algorithm in real heterogeneous network topologies based on heterogeneous geo-locations.
IoT devices and sensors, computers, ISPs, telecommunication, satellite communication, and datacenter networking system need SDN to empower dynamic provisioning, advanced network usage, and the making of new wellsprings of income.
In SDN deployment, there are additional challenges that we should address. One such challenge is that many ISP, Telecommunication or satellite communication operators or equipment manufacturers will require extra preparation, training and activities instruments to exploit SDN, and at last streamline their tasks and the SDN control plane must have the option to help multi-area, multi-layer asset portion and advancement. Our proposed model is suitable for planning and deployment in a real-world networking topology for these two Geo locations: IBM (USA) and KREONET (South Korea) [59]. We are furnishing diagram and real-time dataset [60] from the Internet Topology Zoo and converted using yEd [61], a powerful diagramming program, depicted in Figs. 10 and 11.
5.2.2 Geo Location: KREONET (South Korea)
The outcomes got from our proposed RTZLK-DAASCP smart algorithm display that we have accomplished the target of limiting complete expense by advancing the necessity of numerous backup controllers dependent on hypothetical frequencies of DDoS attack. The obtained results show that one smart backup controller is installed at a specific location if a solitary attack happens in SDN. A few smart backup controllers will place if SDN experienced twofold or triple attacks. The discoveries exhibited that the proposed smart controller is lithe to confront DDoS attacks by placing a smart backup controller at fitting hubs to guarantee that authentic SDN clients stay continuous. The principle multifaceted nature of the smart algorithm is that it will require more time to plan and design any large-scale SDN. We will stretch out the proposed smart algorithm to deployment of Next Generation SDN (NG-SDN) Infrastructure in future work. We will develop RTZLK-DAA smart controller using DevOps and Mendix via IBM cloud access to the most advanced Quantum Computers and Google Quantum AI to resist DRDoS types of attack. This new research will be a milestone for future design and planning of IoT, telecommunication, and satellite communication systems using SDN.
Acknowledgement: The authors would like to thank the editors of CMC and anonymous reviewers for their time and review of this manuscript and Professor Dr. Yong-Jin Park (IEEE Life member and former Director IEEE Region 10) valuable comments and suggestions on improving the paper.
Funding Statement: TM R&D Sdn Bhd fully supports this research work under Project RDTC160902. S. C. Tan and Z. Yusoff received the fund. Sponsors’ Website: https://www.tmrnd.com.my.
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. |