A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)


  • M. H. H. Khairi University Technology Malaysia, Johor, Malaysia http://orcid.org/0000-0002-5904-7642
  • S. H. S. Ariffin University Technology Malaysia, Johor, Malaysia
  • N. M. Abdul Latiff University Technology Malaysia, Johor, Malaysia
  • A. S. Abdullah University Technology Malaysia, Johor, Malaysia
  • M. K. Hassan University Technology Malaysia, Johor, Malaysia
Volume: 8 | Issue: 2 | Pages: 2724-2730 | April 2018 | https://doi.org/10.48084/etasr.1840


Software defined network (SDN) is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS). SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS) attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.


software defined networking, distributed denial of service, anomaly detection


Download data is not yet available.


M. Sood, “Software defined network—Architectures”, International Conference on Parallel, Distributed and Grid Computing, Solan, India, December 11-13, 2014

D. Kreutz, F. M. V. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky, S. Uhlig, “Software-defined networking: A comprehensive survey”, Proceedings of the IEEE, Vol. 103, No. 1, pp. 14-76, 2014 DOI: https://doi.org/10.1109/JPROC.2014.2371999

V. Chandola, A. Banerjee, V. Kumar, Anomaly Detection: A Survey, University of Minnesota, 2009 DOI: https://doi.org/10.1145/1541880.1541882

V. Hodge, J. Austin, “A survey of outlier detection methodologies”, Artificial Intelligence Review, Vol. 22, No. 2, pp. 85-126, 2044 DOI: https://doi.org/10.1023/B:AIRE.0000045502.10941.a9

S. Ramachandran, V. Shanmugam, “Impact of DoS Attack in Software Defined Network for Virtual Network”, Wireless Personal Communications, Vol. 94, No. 4, pp. 2189-2202, 2017 DOI: https://doi.org/10.1007/s11277-016-3370-1

S. Scott-Hayward, G. O'Callaghan, S. Sezer, “SDN security: A survey”, IEEE SDN For Future Networks and Services, Trento, Italy, pp. 1-7, November 11-13, 2013 DOI: https://doi.org/10.1109/SDN4FNS.2013.6702553

N. Feamster, J. Rexford, E. Zegura, “The road to SDN”, ACM Queue, Vol. 11, No. 12, pp. 1-21, 2013 DOI: https://doi.org/10.1145/2559899.2560327

M. Coughlin, A survey of SDN security research, University of Colorado Boulder, 2014

M. Sood, “A survey on issues of concern in Software Defined Networks”, Third International Conference on Image Information Processing, Waknaghat, India, December 21-24, 2015

N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, D. Walker “Frenetic: A network programming language”, ACM Sigplan Notices, Vol. 46, No. 9, pp. 279-291 DOI: https://doi.org/10.1145/2034574.2034812

D. Kreutz, F. Ramos, P. Verissimo, “Towards secure and dependable software-defined networks”, Second ACM SIGCOMM workshop on Hot topics in software defined networking, Hong Kong, China, pp. 55-60, August 16, 2013 DOI: https://doi.org/10.1145/2491185.2491199

K. Benton, L. J. Camp, C. Small, “Openflow vulnerability assessment”, Second ACM SIGCOMM workshop on Hot topics in software defined networking, Hong Kong, China, pp. 151-152, August 16, 2013 DOI: https://doi.org/10.1145/2491185.2491222

P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava, P. N. Tan, “Data mining for network intrusion detection”, NSF Workshop on Next Generation Data Mining, November 1-3, 2002

M. R. Smith, T. Martinez, “Improving classification accuracy by identifying and removing instances that should be misclassified”, International Joint Conference on Neural Networks, San Jose, USA, July 31–August 05, 2011 DOI: https://doi.org/10.1109/IJCNN.2011.6033571

D. E. Denning, “An intrusion-detection model”, IEEE Transactions on software engineering, Vol. SE-13, No. 2, pp. 222-232, 1987 DOI: https://doi.org/10.1109/TSE.1987.232894

H. S. Teng, K. Chen, S. C. Lu, “Adaptive real-time anomaly detection using inductively generated sequential patterns”, IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, May 7-9, 1990 DOI: https://doi.org/10.1109/RISP.1990.63857

A. A. Mohamed, D. M. Ali, “Designing of intrusion detection system based on image block matching”, International Journal of Computer and Communication Engineering, Vol. 2, No. 5, pp. 605-607, 2013 DOI: https://doi.org/10.7763/IJCCE.2013.V2.258

L. Garber, “Denial-of-service attacks rip the Internet”, Computer, Vol. 33, No. 4, pp. 12-17, 2000 DOI: https://doi.org/10.1109/MC.2000.839316

U. Tariq, M. Hong, K.-S. Lhee, “A comprehensive categorization of DDoS attack and DDoS defense techniques”, International Conference on Advanced Data Mining and Applications, pp. 1025-1036, Springer, Berlin, Heidelberg 2006 DOI: https://doi.org/10.1007/11811305_112

W. M. Eddy, “Defenses against TCP SYN flooding attacks”, The Internet Protocol Journal, Vol. 9, No. 4, pp. 2-16, 2006

Q. Yan, F. R. Yu, Q. Gong, J. Li, “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges”, IEEE Communications Surveys & Tutorials, Vol. 18, No. 1, pp. 602-622, 2016 DOI: https://doi.org/10.1109/COMST.2015.2487361

S. Sezer, S. S. Hayward, P. K. Chouhan, B. Fraser, D. Lake, J. Finnegan, N. Viljoen, M. Miller, N. Rao, “Are we ready for SDN? Implementation challenges for software-defined networks”, IEEE Communications Magazine, Vol. 51, No. 7, pp. 36-43, 2013 DOI: https://doi.org/10.1109/MCOM.2013.6553676

R. Kandoi, M. Antikainen, “Denial-of-service attacks in OpenFlow SDN networks”, IFIP/IEEE International Symposium on Integrated Network Management, Ottawa, Canada, May 11-15, 2015 DOI: https://doi.org/10.1109/INM.2015.7140489

A. Ramanathan, J. Mitchell, A. Scedrov, V. Teague, “Probabilistic bisimulation and equivalence for security analysis of network protocols”, International Conference on Foundations of Software Science and Computation Structures, FoSSaCS 2004. Lecture Notes in Computer Science, Vol, 2987, Springer, Berlin, Heidelberg, pp. 468-483, 2004 DOI: https://doi.org/10.1007/978-3-540-24727-2_33

J. Ashraf, S. Latif, “Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques”, National Software Engineering Conference, Rawalpindi, Pakistan, November 11-12, 2014 DOI: https://doi.org/10.1109/NSEC.2014.6998241

C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, W.-Y. Lin, “Intrusion detection by machine learning: A review”, Expert Systems with Applications, Vol. 36, No. 10, pp. 11994-12000, 2009 DOI: https://doi.org/10.1016/j.eswa.2009.05.029

R. Sommer, V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection”, IEEE Symposium on Security and Privacy, Berkeley/Oakland, USA, May 16-19, 2010 DOI: https://doi.org/10.1109/SP.2010.25

H. Wang, L. Xu, G. Gu, “Floodguard: A dos attack prevention extension in software-defined networks”, 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, June 22-25, 2015 DOI: https://doi.org/10.1109/DSN.2015.27

R. Sahay, G. Blanc, Z. Zhang, H. Debar, “Towards autonomic DDoS mitigation using software defined networking”, Workshop on Security of Emerging Networking Technologies, Internet Society, 2015 DOI: https://doi.org/10.14722/sent.2015.23004

S. Luo, J. Wu, J. Li, B. Pei, “A defense mechanism for distributed denial of service attack in software-defined networks”, Ninth International Conference on Frontier of Computer Science and Technology, Dalian, China, August 26-28, 2015 DOI: https://doi.org/10.1109/FCST.2015.11

S. A. Mehdi, J. Khalid, S. A. Khayam, “Revisiting traffic anomaly detection using software defined networking”, International Workshop on Recent Advances in Intrusion Detection, RAID 2011. Lecture Notes in Computer Science, Vol. 6961, pp. 161-180, Springer, Berlin, Heidelberg, 2011 DOI: https://doi.org/10.1007/978-3-642-23644-0_9

S. Dotcenko, A. Vladyko, I. Letenko, “A fuzzy logic-based information security management for software-defined networks”, 16th International Conference on Advanced Communication Technology, Pyeongchang, South Korea, February 16-19, 2014 DOI: https://doi.org/10.1109/ICACT.2014.6778942

K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, V. Maglaris, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments”, Computer Networks, Vol. 62, pp. 122-136, 2014 DOI: https://doi.org/10.1016/j.bjp.2013.10.014

S. Lim, J. Ha, H. Kim, Y. Kim, S. Yang, “A SDN-oriented DDoS blocking scheme for botnet-based attacks”, Sixth International Conference on Ubiquitous and Future Networks, Shanghai, China, July 8-11, 2014 DOI: https://doi.org/10.1109/ICUFN.2014.6876752

S. M. Mousavi, M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers”, International Conference on Computing, Networking and Communications, Garden Grove, USA, February 16-19, 2015 DOI: https://doi.org/10.1109/ICCNC.2015.7069319

R. Wang, Z. Jia, L. Ju, “An entropy-based distributed DDoS detection mechanism in software-defined networking”, in IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, August 20-22, 2015 DOI: https://doi.org/10.1109/Trustcom.2015.389

Q. Niyaz, W. Sun, A. Y. Javaid, “A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN)”, arXiv preprint arXiv:1611.07400, 2016 DOI: https://doi.org/10.4108/eai.28-12-2017.153515

Q. Yan, F. R. Yu, “Distributed denial of service attacks in software-defined networking with cloud computing”, IEEE Communications Magazine, Vol. 53, No. 4, pp. 52-59, 2015 DOI: https://doi.org/10.1109/MCOM.2015.7081075

R. Braga, E. Mota, A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow”, IEEE 35th Conference on Local Computer Networks, Denver, USA, October 10-14, 2010 DOI: https://doi.org/10.1109/LCN.2010.5735752

R. Kokila, S. T. Selvi, K. Govindarajan, “DDoS detection and analysis in SDN-based environment using support vector machine classifier”, Sixth International Conference on Advanced Computing, Chennai, India, December 17-19, 2014 DOI: https://doi.org/10.1109/ICoAC.2014.7229711

N. Z. Bawany, J. A. Shamsi, K. Salah, “DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions”, Arabian Journal for Science and Engineering, Vol. 42, No. 2, pp. 425-441, 2017 DOI: https://doi.org/10.1007/s13369-017-2414-5

L. Barki, A. Shidling; N. Meti; D. G. Narayan; M. Moin Mulla “Detection of distributed denial of service attacks in software defined networks”, International Conference on Advances in Computing, Communications and Informatics, Jaipur, India, September 21-24, 2016 DOI: https://doi.org/10.1109/ICACCI.2016.7732445


How to Cite

M. H. H. Khairi, S. H. S. Ariffin, N. M. Abdul Latiff, A. S. Abdullah, and M. K. Hassan, “A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)”, Eng. Technol. Appl. Sci. Res., vol. 8, no. 2, pp. 2724–2730, Apr. 2018.


Abstract Views: 1768
PDF Downloads: 608

Metrics Information
Bookmark and Share

Most read articles by the same author(s)