{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T02:47:27Z","timestamp":1775270847242,"version":"3.50.1"},"reference-count":31,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2019,3,8]],"date-time":"2019-03-08T00:00:00Z","timestamp":1552003200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the \u201cnormal operation\u201d of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.<\/jats:p>","DOI":"10.3390\/info10030106","type":"journal-article","created":{"date-parts":[[2019,3,8]],"date-time":"2019-03-08T04:58:35Z","timestamp":1552021115000},"page":"106","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":118,"title":["SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks"],"prefix":"10.3390","volume":"10","author":[{"given":"Pedro","family":"Manso","sequence":"first","affiliation":[{"name":"Department of Information Science and Technology, School of Technology and Architecture, ISCTE\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisbon, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3516-8781","authenticated-orcid":false,"given":"Jos\u00e9","family":"Moura","sequence":"additional","affiliation":[{"name":"Instituto de Telecomunica\u00e7\u00f5es (IT), ISCTE\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisbon, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4847-2432","authenticated-orcid":false,"given":"Carlos","family":"Serr\u00e3o","sequence":"additional","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR-IUL), ISCTE\u2014Instituto Universit\u00e1rio de Lisboa, 1649-026 Lisbon, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2019,3,8]]},"reference":[{"key":"ref_1","unstructured":"(2019, March 06). Internet World Stats World Internet Users Statistics and 2018 World Population Stats. Available online: https:\/\/www.internetworldstats.com\/stats.htm."},{"key":"ref_2","unstructured":"Nordrum, A. (2019, March 06). Popular Internet of Things Forecast of 50 Billion Devices by 2020 Is Outdated. Available online: https:\/\/spectrum.ieee.org\/tech-talk\/telecom\/internet\/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated."},{"key":"ref_3","unstructured":"(2019, March 06). Cisco Cisco Visual Networking Index: Forecast and Trends, 2017\u20132022. Available online: https:\/\/www.cisco.com\/c\/en\/us\/solutions\/collateral\/service-provider\/visual-networking-index-vni\/white-paper-c11-741490.html."},{"key":"ref_4","unstructured":"Newman, L.H. (2019, March 06). What We Know About Friday\u2019s Massive East Coast Internet Outage. Available online: https:\/\/www.wired.com\/2016\/10\/internet-outage-ddos-dns-dyn\/."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","article-title":"Software-Defined Networking: A Comprehensive Survey","volume":"103","author":"Kreutz","year":"2015","journal-title":"Proc. IEEE"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2013, January 4\u20138). AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security - CCS \u201913, Berlin, Germany.","DOI":"10.1145\/2508859.2516684"},{"key":"ref_7","first-page":"759","article-title":"FlowFence: A Denial of Service Defense System for Software Defined Networking","volume":"167","author":"Piedrahita","year":"2016","journal-title":"J. Infect. Dis."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Ombase, P.M., Scholar, P.G., Bagade, S.T., Kulkarni, N.P., and Mhaisgawali, A. (2017, January 23\u201324). V DoS Attack Mitigation Using Rule Based and Anomaly Based Techniques in Software Defined Networking. Proceedings of the 2017 International Conference on Inventive Computing and Informatics (ICICI), Coimbatore, India.","DOI":"10.1109\/ICICI.2017.8365396"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"You, X., Feng, Y., and Sakurai, K. (2017, January 19\u201322). Packet_In message based DDoS attack detection in SDN network using OpenFlow. Proceedings of the 2017 5th International Symposium on Computing and Networking, Aomori, Japan.","DOI":"10.1109\/CANDAR.2017.93"},{"key":"ref_10","unstructured":"Kia, M. (2015). Early Detection and Mitigation of DDoS Attacks In Software Defined Networks. [Master\u2019s Thesis, Ryerson University]."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Mousavi, S.M., and St-Hilaire, M. (2015, January 16\u201319). Early Detection of DDoS Attacks against SDN Controllers. Proceedings of the 2015 International Conference on Computing, Networking and Communications (ICNC 2015), Garden Grove, CA, USA.","DOI":"10.1109\/ICCNC.2015.7069319"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Xing, T., Huang, D., Xu, L., Chung, C., and Khatkar, P. (2013, January 20\u201322). Snort-flow: A OpenFlow-based Intrusion Prevention System in Cloud Environment. Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop, Salt Lake City, UT, USA.","DOI":"10.1109\/GREE.2013.25"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Sahay, R., Blanc, G., and Zhang, Z. (2015, January 8). Towards Autonomic DDoS Mitigation using Software Defined Networking. Proceedings of the SENT 2015: NDSS Workshop on Security of Emerging Networking Technologies, San Diego, CA, USA.","DOI":"10.14722\/sent.2015.23004"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Chowdhary, A., Pisharody, S., Alshamrani, A., and Huang, D. (2017, January 24). Dynamic Game based Security framework in SDN-enabled Cloud Networking Environments. Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization - SDN-NFVSec \u201917, Scottsdale, AZ, USA.","DOI":"10.1145\/3040992.3040998"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Jevtic, S., Lotfalizadeh, H., and Kim, D.S. (2018, January 5\u20137). Toward Network-based DDoS Detection in Software-defined Networks. Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication - IMCOM \u201918, Langkawi, Malaysia.","DOI":"10.1145\/3164541.3164562"},{"key":"ref_16","unstructured":"Suh, J., Choi, H., Yoon, W., You, T., Kwon, T.T., and Choi, Y. (2010, January 9\u201310). Implementation of Content-Oriented Networking Architecture (CONA): A Focus on DDoS Countermeasure. Proceedings of the 1st European NetFPGA Developers Workshop, Cambridge, UK."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Braga, R., Mota, E., and Passito, A. (2010, January 10\u201314). Lightweight DDoS Flooding Attack Detection Using NOX\/OpenFlow. Proceedings of the IEEE Local Computer Network Conference, Denver, CO, USA.","DOI":"10.1109\/LCN.2010.5735752"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Huong, T.T., and Thanh, N.H. (2017, January 5\u20137). Software Defined Networking-based One-Packet DDoS Mitigation Architecture. Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication - IMCOM \u201917, Beppu, Japan.","DOI":"10.1145\/3022227.3022336"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Liu, J., Lai, Y., and Zhang, S. (2017, January 17\u201319). FL-GUARD: A Detection and Defense System for DDoS Attack in SDN. Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, Wuhan, China.","DOI":"10.1145\/3058060.3058074"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Lu, Y., and Wang, M. (2016, January 15\u201317). An Easy Defense Mechanism Against Botnet-based DDoS Flooding Attack Originated in SDN Environment Using sFlow. Proceedings of the 11th International Conference on Future Internet Technologies, Nanjing, China.","DOI":"10.1145\/2935663.2935674"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","article-title":"A survey of network anomaly detection techniques","volume":"60","author":"Ahmed","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1541880.1541882","article-title":"Anomaly detection: A survey","volume":"41","author":"Chandola","year":"2009","journal-title":"ACM Comput. Surv."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1080\/21642583.2017.1331768","article-title":"A review of detection approaches for distributed denial of service attacks","volume":"5","author":"Kaur","year":"2017","journal-title":"Syst. Sci. Control Eng."},{"key":"ref_24","unstructured":"Fernandez-Buglioni, E. (2013). Security Patterns in Practice: Designing Secure Architectures Using Software Patterns, Wiley Publishing. [1st ed.]."},{"key":"ref_25","unstructured":"(2019, March 06). Ryu Project Team Ryu SDN Framework. Available online: https:\/\/osrg.github.io\/ryu\/."},{"key":"ref_26","unstructured":"(2019, March 06). Cisco Snort\u2014Network Intrusion Detection & Prevention System. Available online: https:\/\/www.snort.org\/."},{"key":"ref_27","unstructured":"(2019, March 06). Mininet Team Mininet: An Instant Virtual Network on your Laptop (or other PC). Available online: http:\/\/mininet.org\/."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"2222","DOI":"10.1002\/sec.1472","article-title":"Characterizing flash events and distributed denial-of-service attacks: An empirical investigation","volume":"9","author":"Bhandari","year":"2016","journal-title":"Secur. Commun. Netw."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"11994","DOI":"10.1016\/j.eswa.2009.05.029","article-title":"Intrusion detection by machine learning: A review","volume":"36","author":"Tsai","year":"2009","journal-title":"Expert Syst. Appl."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Mishra, P., Varadharajan, V., Tupakula, U., and Pilli, E.S. (2018). A Detailed Investigation and Analysis of using Machine Learning Techniques for Intrusion Detection. IEEE Commun. Surv. Tutor., 1\u201346.","DOI":"10.1109\/COMST.2018.2847722"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1016\/j.jnca.2018.03.024","article-title":"D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events","volume":"111","author":"Behal","year":"2018","journal-title":"J. Netw. Comput. Appl."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/10\/3\/106\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T12:37:17Z","timestamp":1760186237000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/10\/3\/106"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3,8]]},"references-count":31,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["info10030106"],"URL":"https:\/\/doi.org\/10.3390\/info10030106","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3,8]]}}}