A multi-layered defence strategy against DDoS attacks in SDN/NFV-based 5G mobile networks
View/ Open
Qureshi_et_al_Electronics (3.366Mb)
Download
Publication date
2024-04Keyword
5G mobile networksDistributed denial-of-service attacks
SDN
Network functions virtualisation
Controller burden balancing
Deep reinforcement learning
Rights
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).Peer-Reviewed
YesOpen Access status
openAccessAccepted for publication
2024-04-12
Metadata
Show full item recordAbstract
Software-defined networking (SDN) and network functions virtualisation (NFV) are crucial technologies for integration in the fifth generation of cellular networks (5G). However, they also pose new security challenges, and a timely research subject is working on intrusion detection systems (IDSs) for 5G networks. Current IDSs suffer from several limitations, resulting in a waste of resources and some security threats. This work proposes a new three-layered solution that includes forwarding and data transport, management and control, and virtualisation layers, emphasising distributed controllers in the management and control layer. The proposed solution uses entropy detection to classify arriving packets as normal or suspicious and then forwards the suspicious packets to a centralised controller for further processing using a self-organising map (SOM). A dynamic OpenFlow switch relocation method is introduced based on deep reinforcement learning to address the unbalanced burden among controllers and the static allocation of OpenFlow switches. The proposed system is analysed using the Markov decision process, and a Double Deep Q-Network (DDQN) is used to train the system. The experimental results demonstrate the effectiveness of the proposed approach in mitigating DDoS attacks, efficiently balancing controller workloads, and reducing the duration of the balancing process in 5G networks.Version
Published versionCitation
Sheibani M, Konur S, Awan I et al (2024) A multi-layered defence strategy against DDoS attacks in SDN/NFV-based 5G mobile networks. Electronics. 13(8): 1515.Link to Version of Record
https://doi.org/10.3390/electronics13081515Type
Articleae974a485f413a2113503eed53cd6c53
https://doi.org/10.3390/electronics13081515