Embedded Files
Contact: Abdullah Bahashwan (a.a.o.bahashwan@gmail.com)
Article Source: HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN
Bahashwan AA, Anbar M, Manickam S, Issa G, Aladaileh MA, et al. (2024) HLD-DDoSDN: High and low-rates dataset-based DDoS attacks against SDN. PLOS ONE 19(2): e0297548. https://doi.org/10.1371/journal.pone.0297548To Download the article citation in the following formats:
RIS (compatible with EndNote, Reference Manager, ProCite, RefWorks)
BibTex (compatible with BibDesk, LaTeX)
To download the HLD-DDoSDN dataset, use the following links.
1. High-Rate ICMP DDoS Flooding Attack. 2. Low-Rate ICMP DDoS Flooding Attack. 3. High-Rate UDP DDoS Flooding Attack. 4. Low-Rate UDP DDoS Flooding Attack. 5. High-Rate TCP DDoS Flooding Attack. 6. Low-Rate TCP DDoS Flooding Attack. 7. All High-Rate DDoS Flooding Attack. 8. All Low-Rate DDoS Flooding Attack.
Experiment Setup for Dataset Collection and Dataset Description.
Experiment Setup for Dataset Collection and Dataset Description.
Network topology architecture.
This figure illustrates the virtual testbed network topology used to create the proposed dataset. The architecture includes one POX controller as the root node, controlling the entire SDN network. This open-source, OpenFlow-compatible controller is known for its speed and lightweight nature. An OpenFlow vSwitch acts as the SDN network gateway, connecting the controller and nodes in the data link layer. The testbed consists of 64 nodes, each with a default IP address from 10.0.0.1 to 10.0.0.64, and a default link bandwidth of 10 GB between hosts. Nodes 10.0.0.1, 10.0.0.2, and 10.0.0.3 are attackers generating DDoS attacks, while Node 10.0.0.10 is the victim, and Node 10.0.0.64 is the web server. The remaining nodes generate normal traffic. Scapy is used to create realistic normal and malicious network traffic with spoofed IP addresses.
This HLD-DDoSDN dataset, generated using a virtual testbed network topology with the Mininet emulator, is used for SDN intrusion detection systems by leveraging machine learning and deep learning algorithms. The network simulations include realistic normal traffic (ICMP, UDP, and TCP) and malicious network traffic (TCP, UDP, and ICMP DDoS flooding attacks) with spoofed IP addresses
The dataset contains 71 statistical features, with the last column indicating the class label. It can be used for both binary and multi-class classifications. In the binary experiment, normal traffic is assigned a value of 1, and malicious traffic a value of 0. In the multi-class experiment, each class is given a unique value: 0 for SDN normal traffic, 1 for ICMP DDoS, 2 for TCP DDoS, and 3 for UDP DDoS flooding attacks.
The dataset scope is specifically tailored to TCP, UDP, and ICMP DDoS flooding attacks against the SDN controller, accommodating fluctuations in traffic rates. From a practical perspective, the proposed dataset serves as a controlled testing environment for the new SDN detection approach. This approach allows for the identification of strengths and weaknesses before implementation in real-world networks. By accurately representing diverse DDoS attacks and scenarios, the dataset contributes to building more resilient SDN systems capable of effectively handling the complexities of deployment. Insights gained from the dataset can directly inform strategies for improving the reliability and efficiency of detection approaches. Therefore, the proposed dataset stands as a valuable resource for researchers and practitioners in the field of SDN DDoS attacks.
Page updated
Google Sites
Report abuse