Search

Your search keyword '"Abdussalam Ahmed Alashhab"' showing total 6 results
Start Over Author "Abdussalam Ahmed Alashhab"
6 results on '"Abdussalam Ahmed Alashhab"'

1. Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model

Author

Abdussalam Ahmed Alashhab, Mohd Soperi Zahid, Babangida Isyaku, Asma Abbas Elnour, Wamda Nagmeldin, Abdelzahir Abdelmaboud, Talal Ali Ahmed Abdullah, and Umar Danjuma Maiwada

Subjects
DDoS attacks, LDDoS attacks, SDN, OML, ensemble, detection and mitigation, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Software Defined Networks (SDN) offer dynamic reconfigurability and scalability, revolutionizing traditional networking. However, countering Distributed Denial of Service (DDoS) attacks remains a formidable challenge for both traditional and SDN-based networks. The integration of Machine Learning (ML) into SDN holds promise for addressing these threats. While recent research demonstrates ML’s accuracy in distinguishing legitimate from malicious traffic, it faces difficulties in handling emerging, low-rate, and zero-day DDoS attacks due to limited feature scope for training. The ever-evolving DDoS landscape, driven by new protocols, necessitates continuous ML model retraining. In response to these challenges, we propose an ensemble online machine-learning model designed to enhance DDoS detection and mitigation. This approach utilizes online learning to adapt the model with expected attack patterns. The model is trained and evaluated using SDN simulation (Mininet and Ryu). Its dynamic feature selection capability overcomes conventional limitations, resulting in improved accuracy across diverse DDoS attack types. Experimental results demonstrate a remarkable 99.2% detection rate, outperforming comparable models on our custom dataset as well as various benchmark datasets, including CICDDoS2019, InSDN, and slow-read-DDoS. Moreover, the proposed model undergoes comparison with industry-standard commercial solutions. This work establishes a strong foundation for proactive DDoS threat identification and mitigation in SDN environments, reinforcing network security against evolving cyber risks.

Published
2024
Full Text
View/download PDF

2. A Survey of Low Rate DDoS Detection Techniques Based on Machine Learning in Software-Defined Networks

Author

Abdussalam Ahmed Alashhab, Mohd Soperi Mohd Zahid, Mohamed A. Azim, Muhammad Yunis Daha, Babangida Isyaku, and Shimhaz Ali

Subjects
network security, SDN, OpenFlow, DDoS attacks, low-rate DDoS attacks, machine learning, Mathematics, QA1-939
Abstract

Software-defined networking (SDN) is a new networking paradigm that provides centralized control, programmability, and a global view of topology in the controller. SDN is becoming more popular due to its high audibility, which also raises security and privacy concerns. SDN must be outfitted with the best security scheme to counter the evolving security attacks. A Distributed Denial-of-Service (DDoS) attack is a network attack that floods network links with illegitimate data using high-rate packet transmission. Illegitimate data traffic can overload network links, causing legitimate data to be dropped and network services to be unavailable. Low-rate Distributed Denial-of-Service (LDDoS) is a recent evolution of DDoS attack that has been emerged as one of the most serious vulnerabilities for the Internet, cloud computing platforms, the Internet of Things (IoT), and large data centers. Moreover, LDDoS attacks are more challenging to detect because this attack sends a large amount of illegitimate data that are disguised as legitimate traffic. Thus, traditional security mechanisms such as symmetric/asymmetric detection schemes that have been proposed to protect SDN from DDoS attacks may not be suitable or inefficient for detecting LDDoS attacks. Therefore, more research studies are needed in this domain. There are several survey papers addressing the detection mechanisms of DDoS attacks in SDN, but these studies have focused mainly on high-rate DDoS attacks. Alternatively, in this paper, we present an extensive survey of different detection mechanisms proposed to protect the SDN from LDDoS attacks using machine learning approaches. Our survey describes vulnerability issues in all layers of the SDN architecture that LDDoS attacks can exploit. Current challenges and future directions are also discussed. The survey can be used by researchers to explore and develop innovative and efficient techniques to enhance SDN’s protection against LDDoS attacks.

Published
2022
Full Text
View/download PDF

5. Experimenting and evaluating the impact of DoS attacks on different SDN controllers

Author

Mohd Soperi Mohd Zahid, Abdussalam Ahmed Alashhab, Ali Ahmed Barka, and Abobaker M Albaboh

Subjects
business.industry, Control theory, Control channel, Network packet, Computer science, Control system, Network performance, Denial-of-service attack, business, Software-defined networking, Computer network, Flooding (computer networking)
Abstract

The flexibility and centrality of Software Defined Networking (SDN) has made it vulnerable to Denial of Service (DoS) attacks. Despite of the advantages, the potential DoS attacks may compromise the functions of switches, control channel and SDN controller. This paper is devoted to simulating and analyzing the impact of DoS packet in flooding attacks on SDN controller and control channel which may even affect the whole SDN network. The network performance is tested and emulated by using different testing tools of simulation in Mininet such as Hping3 and Wireshark. Likewise, the three different SDN controllers Floodlight, Ryu and POX performed as the uplink control data. Our findings show that with quite limited resources in pure open source SDN controllers, an attacker can produce a major distraction against an SDN networks. The recovery rate of SDN controllers show variable delay weakness between controllers’ performance: that the best result for the Ryu controller after sequences packets 6, and the worst recovery rate for POX controller after sequences packets 47.

Published
2021

Catalog

Books, media, physical & digital resources
See catalog results