Article Preview
TopIntroduction
In this last decade, the internet industry has shown a lot of creativity and progress. With the fast growing of the mobiles devices and data size, networking technologies and infrastructures need to bring new concepts as early as needed. Software Defined Networking (SDN) has seen the day as a new networking paradigm that enables network programmability. The idea becomes in order to answer the complexity questions related to classical network architecture. Indeed, the existing network design is based on packet accessibility (Gong, Huang, Wang, & Lei, 2015). Different network protocols are developed independently in order to achieve reliability, scalability, QoS and security which lead to a complexity increase of the network devices (switches, routers, etc.) that supports these protocols. In addition to that, current network architecture struggles to adapt new virtualization technologies especially with the emergence of Cloud Computing (Xiao & Xiao, 2013). Since the tight coupling of the data plane and control plane is the main reason of classical network complexity (Zuo, Chen, Zhao, et al., 2013), SDN brings a strong idea to decouple these two aspects, the network state is logically centralized, and the underlying network infrastructure is abstracted from the applications. This new architecture offers the ability to inject behaviours into the network from the controller in a high level of abstraction without having to worry about the complexity related to the below infrastructure layer (Gong, Huang, Wang, & Lei, 2015). Any new network concept becomes with his own issues, on the top of them, serious security questions are about to be asked. Undeniably since the SDN architecture is centralized, this single failure node feature of the SDN increases the threat of malicious intrusions (Alsmadi & Xu, 2015) and Distributed Denial of Services (DDoS) attacks (Qiao Yan, Yu, Gong, & Li, 2016) that concerns the high availability of the network besides of integrity and confidentiality characteristics. Certainly, DDoS is a major concern of Cloud providers, it consists of a method that attempts to make a machine or network resources unavailable (S. S. Silva, 2013). As said earlier the centralized aspect of the SDN architecture only makes the threat more important, although SDN brings new abilities to detect and mitigate DDoS attacks (e.g., Live traffic analyses, dynamic forwarding rules) SDN itself can become a target of new DDoS attacks in particular against the control layer (Sezer, 2013). In the other hand, SDN has opened new research fields based on software-based traffic analysis. Indeed, Intrusion Detection System and Intrusion Prevention System (IDS/IPS) has become one of the principle research fields in SDNs (Abubakar & Pranggono, 2017) in particular with the evolution of the machine learning technics, machine learning based IDS attracts more and more researchers especially with the emergence of the Deep Learning concept. In the Artificial Intelligence field (AI) Deep Learning presents itself as the leader in the machine learning domain (Schmidhuber, 2014). Of course, when Google DeepMind foundation brought to the world alphaGo (Silver et al., 2016)the Deep Learning based program that’s managed to beat the world champion in the most complicated game ever created (GO), and recently alphaZero (David Silver, 2017) a Deep Learning based chess program that beat the world strongest chess engine (Stockfish) with considerably less resources. These remarkable achievements oriented the research world to the Deep Learning concept which is based on the Artificial Neural Network (ANN) algorithm. In the IDS/SDN area, many interesting Deep Learning based researches has been proposed exploiting the fact of easy programmability on both control layer and data layer in SDN architecture and the notable performances of Deep learning algorithms. On this track, the authors propose in this article, a neural network-based system for live detection of potential DDoS attacks in SDN environment, this system is based on a proposed live traffic analyses that the authors will discuss and details in the next sections. This research provides also a live mitigation process.