Egyptian Informatics Journal (Sep 2024)
BSDN-HMTD: A blockchain supported SDN framework for detecting DDoS attacks using deep learning method
Abstract
The surge in Distributed Denial of Service (DDoS) attacks within SDN environments demands more potent defense strategies. While Moving Target Defense (MTD) holds promise, current MTD approaches against DDoS suffer from security gaps due to overwhelming malicious traffic and static detection areas. In order to tackle these difficulties, we have implemented BSDN-HMTD, a combination of deep learning and blockchain technologies within SDN environments, as a framework. Our strategy starts by employing blockchain technology to authenticate users. We use the NTRU-based Nyberg Rueppel Digital Signature Algorithm for this purpose. This ensures that only authenticated user flows are allowed for validation and forwarding. Within the forwarding layer, Quantum Convolutional Neural Networks (QCNN) evaluate authentic flows by analyzing many characteristics, effectively differentiating between regular, malicious, and dubious flows. Utilizing an Enhanced Spotted Hyena Optimization (EHSO) method to activate switches in real-time modifies the vulnerable points of attack, so impeding attackers and simultaneously decreasing energy usage. The Forwarding Layer Organizer (FLO) oversees the detection of possible attacker surveillance activities and transmits the collected information to local controllers in the control layer. The controllers, functioning in a structured controller network, carry out proactive Moving Target Defense (MTD) techniques, such as host virtual IP hopping, which make attacker plans more complex and raise their operational expenses. Reactive MTD actions are implemented based on the results of flow validation. These actions utilize techniques such as secure honeypots and host virtual IP hopping to effectively prevent attacks. The blockchain securely logs all processed data related to packet validation, authentication, and honeypot activities to ensure the protection of data privacy. Our studies, conducted using Network Simulator-3.26 (NS-3.26), show that our proposed framework outperforms existing techniques in terms of several validation criteria.
