Department of Computer Science and Information Systems

Permanent URI for this collectionhttp://localhost:4000/handle/123456789/1928

Browse

Filters

2023 - 20254

Settings

Author: search.filters.author.Haribabu, K.Subject: search.filters.subject.Software-defined networking (SDN)

Search Results

Now showing 1 - 4 of 4
  • No Thumbnail Available
    Item
    Rational identification of suitable classification models for detecting ddos attacks in software-defined networks
    (Springer, 2023-03) Haribabu, K.
    Software-Defined Network (SDN) is an approach where the network architecture is divided into 3 planes, namely the control plane, the data plane, and the application plane. It represents a major step forward from traditional, hardware-based networking to software-based networking where a programmable central controller, at the control plane, facilitates controlling the routing of data and allows for easier network management and scalability. On the other hand, the architecture makes the controller a target for many malicious attacks, most common of them being Distributed Denial of Service (DDoS) attacks. Thus, to address cybersecurity issues in SDN architecture, we investigated recent studies and trends that used Machine Learning algorithms to detect DDoS attacks in the control plane. We compared popular ML algorithms - k-Nearest Neighbors (k-NN), Support Vector Machine (SVM), Decision Trees (DT), Artificial Neural Network (ANN) - with different feature selection methods: Neighbourhood Component Analysis (NCA), and minimum Redundancy - Maximum Relevance (mRMR). Considering real-time DDoS attack detection, we have proposed an ensemble learning model that outperforms previously proposed models for detecting DDoS attacks. The proposed model utilizes feature selection and is generalized with a 10-Fold Cross Validation Recall of a 100%, F1-Score of 99.9988%, and Accuracy of 99.9990%.
  • No Thumbnail Available
    Item
    Early detection of DDOS attacks in networks leveraging data plane programming
    (IEEE, 2023-09) Haribabu, K.
    Distributed Denial of Service (DDoS) attacks are one of the most commonly used techniques to disrupt network services today. These attacks have grown in size and frequency over the past decade and commonly target DNS infrastructure and Software as a Service (SaaS) solutions hosted on the cloud. Traditional methods for DDoS attack mitigation mostly utilize external network infrastructure to monitor traffic and detect suspicious activity. These methods however are of ten subject to issues of high latency and large memory footprint. With the rise in popularity of Software Defined Networking (SDN) and data plane programmability, these issues can be tackled as network traffic can be examined at line-rate within the forwarding devices itself. This report aims to explore the P4 data plane programming language and utilize its primitives to design an in-line traffic inspection mechanism to detect an ongoing DDoS attack. The current scheme of this implementation would be to perform an Entropy calculation of the traffic at the data plane, followed by implementing a gossip protocol to disseminate entropy information to other switches. Finally, a decision making algorithm will be used to detect the DDoS attack.
  • No Thumbnail Available
    Item
    An energy efficient data transmission approach in smart IOT systems
    (IEEE, 2024-07) Haribabu, K.
    Improving energy efficiency and maximizing network longevity are two pressing issues in the Internet of Things (IoT) and wireless sensor networks (WSN). Clustering aids in enhancing energy efficiency and extending network life. A cluster head is selected in each cluster to collect and aggregate data from its cluster members. While electing appropriate nodes as cluster heads is important, associating nodes with the elected cluster heads is another component that can aid improve the network’s longevity. In this study, the authors proposed a new algorithm belonging to the family of local search problems for performing connection migration of nodes between different cluster heads. Furthermore, the simulation environment and the toolkit developed to evaluate several Cluster Head algorithms in this simulation environment have both been presented in detail.
  • No Thumbnail Available
    Item
    DDoS attack detection in data plane
    (Springer, 2025-04) Haribabu, K.
    Distributed Denial of Service (DDoS) attacks pose significant challenges to the availability of online services, with attackers seeking to overwhelm a target’s resources by generating an overwhelming volume of traffic from multiple sources. Traditional detection methods, such as signature-based or traffic pattern analysis, often lack the adaptability required to combat evolving attack strategies effectively. This paper explores the utilization of Software-Defined Networking (SDN) and data plane programmability as a reactive and adaptive mechanism for DDoS attack detection and mitigation. By leveraging the packet-level processing capabilities of P4 (Programming Protocol-Independent Packet Processors), we propose a novel implementation that employs entropy-based detection combined with gossip algorithms for decentralized information sharing. Our approach demonstrates improved responsiveness and scalability in detecting DDoS traffic and provides a comparative analysis between epidemic-based and probability-based gossip protocols. The results highlight the strengths, limitations, and real-world feasibility of our approach.