{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T04:25:46Z","timestamp":1777695946973,"version":"3.51.4"},"reference-count":35,"publisher":"SAGE Publications","issue":"1","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IDA"],"published-print":{"date-parts":[[2021,1,26]]},"abstract":"<jats:p>Software-defined networks (SDN) are an emerging architecture that provides promising amends to put an end to current infrastructure constraints by optimized bandwidth utilization, flexibility in network management and configuration, and pulling down operating costs in traditional network structures. Despite the advantages of this architecture, SDNs may become the victim of a distributed denial of service (DDOS) attacks as the result of potential vulnerabilities in various layers. Therefore, the rapid detection of attack traffic in the early stages is very important. In this paper, we have proposed statistical solution to detect and to mitigate distributed denial of service attack in software-defined networks utilizing the unique capabilities of the SDN architecture. Here, the exponential weighted moving average protection mechanism (EWMA) in statistical distances is exploited. The simulation results of our extensive experiments showed that our mechanism is able to quick detection of attack traffics and take amendatory actions. Moreover, the evaluations show the superiority of the proposed algorithm with respect to other statistical methods.<\/jats:p>","DOI":"10.3233\/ida-194796","type":"journal-article","created":{"date-parts":[[2021,2,2]],"date-time":"2021-02-02T14:32:57Z","timestamp":1612276377000},"page":"155-176","source":"Crossref","is-referenced-by-count":4,"title":["Using optimized statistical distances to confront distributed denial of service attacks in software defined networks"],"prefix":"10.1177","volume":"25","author":[{"given":"Mozhgan","family":"Ghasabi","sequence":"first","affiliation":[{"name":"Young Researchers and Elites Club, Science and Research Branch, Islamic Azad University, Tehran, Iran"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mahmood","family":"Deypir","sequence":"additional","affiliation":[{"name":"Department of Computer Engineering, South Tehran Branch, Islamic Azad University, Tehran, Iran"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","reference":[{"issue":"2","key":"10.3233\/IDA-194796_ref1","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1145\/1355734.1355746","article-title":"OpenFlow: enabling innovation in campus networks","volume":"38","author":"McKeown","year":"2008","journal-title":"ACM SIGCOMM Computer Communication Review"},{"issue":"1","key":"10.3233\/IDA-194796_ref3","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","article-title":"Software-defined networking: a comprehensive survey","volume":"103","author":"Kreutz","year":"2015","journal-title":"Proceedings of the IEEE"},{"key":"10.3233\/IDA-194796_ref4","doi-asserted-by":"crossref","unstructured":"M. Pham and D.B. Hoang, SDN applications-The intent-based Northbound Interface realization for extended applications, in: NetSoft Conference and Workshops (NetSoft), IEEE, 2016, June, pp. 372\u2013377.","DOI":"10.1109\/NETSOFT.2016.7502469"},{"key":"10.3233\/IDA-194796_ref5","unstructured":"N.N. Dao, J. Park, M. Park and S. Cho, A feasible method to combat against DDoS attack in SDN network, in: 2015 International Conference on Information Networking (ICOIN), IEEE, 2015, January, pp. 309\u2013311."},{"key":"10.3233\/IDA-194796_ref6","doi-asserted-by":"crossref","unstructured":"S.M. Mousavi and M. St-Hilaire, Early detection of DDoS attacks against SDN controllers, in: Computing, Networking and Communications (ICNC), 2015 International Conference on, IEEE, 2015, February, pp. 77\u201381.","DOI":"10.1109\/ICCNC.2015.7069319"},{"key":"10.3233\/IDA-194796_ref7","unstructured":"H.T.N. Tri and K. Kim, Assessing the impact of resource attack on Software Defined Network, in: 2015 International Conference on Information Networking (ICOIN), IEEE, 2015, January, pp. 420\u2013425."},{"issue":"1","key":"10.3233\/IDA-194796_ref8","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1145\/1216370.1216373","article-title":"Survey of network-based defense mechanisms countering the DoS and DDoS problems","volume":"39","author":"Peng","year":"2007","journal-title":"ACM Computing Surveys (CSUR)"},{"issue":"4","key":"10.3233\/IDA-194796_ref9","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","article-title":"A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks","volume":"15","author":"Zargar","year":"2013","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"10.3233\/IDA-194796_ref12","doi-asserted-by":"crossref","unstructured":"H. D\u2019Cruze, P. Wang, R.O. Sbeit and A. Ray, A software-defined networking (SDN) approach to mitigating DDoS attacks, in: Information Technology-New Generations, Springer, Cham, 2018, pp. 141\u2013145.","DOI":"10.1007\/978-3-319-54978-1_19"},{"key":"10.3233\/IDA-194796_ref14","doi-asserted-by":"crossref","unstructured":"P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson and G. Gu, A security enforcement kernel for OpenFlow networks, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, ACM, 2012, August, pp. 121\u2013126.","DOI":"10.1145\/2342441.2342466"},{"key":"10.3233\/IDA-194796_ref15","unstructured":"Y.L. Hu, W.B. Su, L.Y. Wu, Y. Huang and S.Y. Kuo, Design of event-based intrusion detection system on OpenFlow network, in: 2013 43rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), IEEE, 2013, June, pp. 1\u20132."},{"key":"10.3233\/IDA-194796_ref16","doi-asserted-by":"crossref","first-page":"308","DOI":"10.1016\/j.comnet.2015.02.026","article-title":"DDoS attack protection in the era of cloud computing and software-defined networking","volume":"81","author":"Wang","year":"2015","journal-title":"Computer Networks"},{"key":"10.3233\/IDA-194796_ref17","doi-asserted-by":"crossref","unstructured":"S. Shin, V. Yegneswaran, P. Porras and G. Gu, AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks, in: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, ACM, 2013, November, pp. 413\u2013424.","DOI":"10.1145\/2508859.2516684"},{"key":"10.3233\/IDA-194796_ref18","doi-asserted-by":"crossref","unstructured":"R. Kandoi and M. Antikainen, Denial-of-service attacks in OpenFlow SDN networks, in: 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM), IEEE, 2015, May, pp. 1322\u20131326.","DOI":"10.1109\/INM.2015.7140489"},{"key":"10.3233\/IDA-194796_ref19","doi-asserted-by":"crossref","unstructured":"M. Suh, S.H. Park, B. Lee and S. Yang, Building firewall over the software-defined network controller, in: 16th International Conference on Advanced Communication Technology, IEEE, 2014, February, pp. 744\u2013748.","DOI":"10.1109\/ICACT.2014.6779061"},{"issue":"6","key":"10.3233\/IDA-194796_ref20","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1109\/MNET.2016.1600106NM","article-title":"Suspicious flow forwarding for multiple intrusion detection systems on software-defined networks","volume":"30","author":"Taejin","year":"2016","journal-title":"In IEEE Network"},{"key":"10.3233\/IDA-194796_ref21","doi-asserted-by":"crossref","unstructured":"M. Duohe, X. Zhen and L. Dongdai, Defending blind DDoS attack on SDN based on moving target defense, in: International Conference on Security and Privacy in Communication Systems, Springer International Publishing, Beijing, China, Sep, 2014, pp. 463\u2013480 .","DOI":"10.1007\/978-3-319-23829-6_32"},{"issue":"6","key":"10.3233\/IDA-194796_ref22","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1109\/MNET.2016.1600109NM","article-title":"On denial of service attacks in software defined networks","volume":"30","author":"Zhang","year":"2016","journal-title":"IEEE Network"},{"key":"10.3233\/IDA-194796_ref23","doi-asserted-by":"crossref","unstructured":"R. Braga, E. Mota and A. Passito, Lightweight DDoS flooding attack detection using NOX\/OpenFlow, in: Local Computer Networks (LCN), 2010 IEEE 35th Conference on, IEEE, 2010, October, pp. 408\u2013415.","DOI":"10.1109\/LCN.2010.5735752"},{"key":"10.3233\/IDA-194796_ref24","doi-asserted-by":"crossref","unstructured":"M. Ramadas, S. Ostermann and B. Tjaden, Detecting anomalous network traffic with self-organizing maps, in: International Workshop on Recent Advances in Intrusion Detection, 2003, September, pp. 36\u201354. Springer Berlin Heidelberg.","DOI":"10.1007\/978-3-540-45248-5_3"},{"key":"10.3233\/IDA-194796_ref25","doi-asserted-by":"crossref","unstructured":"T.M. Nam, P.H. Phong, T.D. Khoa, T.T. Huong, P.N. Nam, N.H. Thanh, V.D. Loi et al., Self-organizing map-based approaches in DDoS flooding detection using SDN, in: 2018 International Conference on Information Networking (ICOIN), IEEE, 2018, January, pp. 249\u2013254.","DOI":"10.1109\/ICOIN.2018.8343119"},{"issue":"5","key":"10.3233\/IDA-194796_ref26","doi-asserted-by":"crossref","first-page":"e3497","DOI":"10.1002\/dac.3497","article-title":"Detection and defense of DDoS attack-based on deep learning in OpenFlowbased SDN","volume":"31","author":"Li","year":"2018","journal-title":"International Journal of Communication Systems"},{"issue":"2","key":"10.3233\/IDA-194796_ref27","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1109\/TPDS.2013.146","article-title":"A system for denial-of-service attack detection based on multivariate correlation analysis","volume":"25","author":"Tan","year":"2014","journal-title":"In IEEE Transactions on Parallel and Distributed Systems"},{"key":"10.3233\/IDA-194796_ref28","doi-asserted-by":"crossref","unstructured":"Y. Xu and Y. Liu, DDoS attack detection under SDN context, in: IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications, IEEE, 2016.","DOI":"10.1109\/INFOCOM.2016.7524500"},{"key":"10.3233\/IDA-194796_ref29","doi-asserted-by":"crossref","unstructured":"P. Dong, X. Du, H. Zhang and T. Xu, A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows, in: 2016 IEEE International Conference on Communications (ICC), 2016, May, pp. 1\u20136.","DOI":"10.1109\/ICC.2016.7510992"},{"issue":"5","key":"10.3233\/IDA-194796_ref30","doi-asserted-by":"crossref","first-page":"1052","DOI":"10.1109\/LCOMM.2013.031913.130066","article-title":"DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory","volume":"17","author":"Chen","year":"2013","journal-title":"IEEE Communications Letters"},{"issue":"1","key":"10.3233\/IDA-194796_ref31","doi-asserted-by":"crossref","first-page":"114","DOI":"10.1109\/LCOMM.2013.112613.132275","article-title":"DDoS detection method based on chaos analysis of network traffic entropy","volume":"18","author":"Xinlei","year":"2014","journal-title":"IEEE Communications Letters"},{"key":"10.3233\/IDA-194796_ref33","doi-asserted-by":"crossref","first-page":"685","DOI":"10.1016\/j.future.2018.07.017","article-title":"An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics","volume":"89","author":"Sahoo","year":"2018","journal-title":"Future Generation Computer Systems"},{"issue":"6","key":"10.3233\/IDA-194796_ref34","doi-asserted-by":"crossref","first-page":"794","DOI":"10.1109\/TPDS.2007.70786","article-title":"Detecting VoIP floods using the Hellinger distance","volume":"19","author":"Sengar","year":"2008","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"issue":"5","key":"10.3233\/IDA-194796_ref35","first-page":"347","article-title":"Voip flood detection using Jacobson fast and hellinger distance algorithms","volume":"8","author":"Kumar","year":"2011","journal-title":"Journal of Communication and Computer"},{"key":"10.3233\/IDA-194796_ref36","doi-asserted-by":"crossref","unstructured":"A. Akbar, S.M. Basha and S.A. Sattar, Leveraging the SIP load balancer to detect and mitigate DDos attacks, in: 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), IEEE, 2015, pp. 1204\u20131208.","DOI":"10.1109\/ICGCIoT.2015.7380646"},{"issue":"2","key":"10.3233\/IDA-194796_ref39","first-page":"29","article-title":"Study the impacts of INVITE flooding attack in VOIP and offering a new approach to detect attack (in Persian)","volume":"6","author":"Khajoeinezhad","year":"2015","journal-title":"Electronics Industries Quarterly"},{"key":"10.3233\/IDA-194796_ref40","doi-asserted-by":"crossref","unstructured":"J. Tang, Y. Cheng and C. Zhou, Sketch-based SIP flooding detection using Hellinger distance, in: Global Telecommunications Conference, 2009. GLOBECOM 2009, IEEE, 2009, November, pp. 1\u20136.","DOI":"10.1109\/GLOCOM.2009.5426267"},{"key":"10.3233\/IDA-194796_ref42","doi-asserted-by":"crossref","unstructured":"B. Lantz, B. Heller and N. McKeown, A network in a laptop: rapid prototyping for software-defined networks, in: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, ACM, 2010, October, p. 19.","DOI":"10.1145\/1868447.1868466"},{"key":"10.3233\/IDA-194796_ref43","doi-asserted-by":"crossref","unstructured":"S. Oshima, T. Nakashima and T. Sueyoshi, Early DoS\/DDoS detection method using short-term statistics, in: Complex, Intelligent and Software Intensive Systems (CISIS), 2010 International Conference on, IEEE, 2010, February, pp. 168\u2013173.","DOI":"10.1109\/CISIS.2010.53"}],"container-title":["Intelligent Data Analysis"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/IDA-194796","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:18:52Z","timestamp":1777454332000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/IDA-194796"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,26]]},"references-count":35,"journal-issue":{"issue":"1"},"URL":"https:\/\/doi.org\/10.3233\/ida-194796","relation":{},"ISSN":["1088-467X","1571-4128"],"issn-type":[{"value":"1088-467X","type":"print"},{"value":"1571-4128","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,26]]}}}