2014 National Software Engineering Conference

Handling Intrusion and DDoS Attacks in Software

Defined Networks Using Machine Learning
Techniques
Javed Ashraf

Seemab Latif
CSE Dept, MCS
National University of Sciences and Technologies,
Islamabad, Pakistan.
seemab@mcs.edu.pk

CSE Dept, MCS

National University of Sciences and Technologies,
Islamabad, Pakistan.
javed.ashraf@mcs.edu.pk

Abstract-

Software-Defined Networking (SDN) is an emerging

concept that intends to replace traditional networks by breaking

vertical integration. It does so by separating the control logic of
network from the underlying switches and routers, suggesting
logical centralization of network control, and allowing to program
the network. Although SDN promises more flexible network
management, there are numerous security threats accompanied
with

its

deployment.

This

paper

aims

at

studying

SDN

accompanied with OpenFlow protocol from the perspective of

intrusion and Distributed Denial of Service (DDoS) attacks and
suggest machine learning based techniques for mitigation of such
attacks.

There are already some research efforts on identifying

the critical security threats of SDNs and in augmenting its
security [4],[5],[6]. The suggested approaches try to apply
simple techniques, such as classifying applications and using
rule prioritization, to ensure that rules generated by security
applications will not be overwritten by lower priority
applications [4]. Other proposals try to go a step further by
providing a framework for developing security-related
applications in SDNs [5]. However, there is still a lot of work
is to be done towards development of secure SDN
infrastructures [6]. A detailed overview of SDN security issues
and challenges can be found in [7].

Keywords: Machine Learning, Software Defined Networking

(SDN), Intrusion Detection, Distributed Denial of Service Attack.

I.

INTRODUCTION
Software-Defined Networking (SDN) [1], [2] is an emerging
networking model that is intended to change the limitations of
current network infrastructures. First, it breaks the vertical
integration by separating the network's control logic (the
control plane) from the underlying routers and switches that
forward the traffic (the data plane). Second, with the separation
of the control and data planes, network switches tum into
simple forwarding devices and the control logic is implemented
in a logically centralized controller (or network operating
system), simplifying policy enforcement and network
(re)configuration and evolution [3]. A simplified view of this
architecture is shown in Fig 1 and layered view of networking
functionality is shown in Fig 2. The most notable
implementation of such architecture and functionality is
Opentlow [32] [33].

Controller Platform
----.------, ----------

Network Infrastructure

Fig 1: Simplified V iew of SDN Architecture [7]

IEEE. Personal use of this material is

IEEE must be obtained for aU other uses, in any

978-1-4799-6162-7114/$31.00 2014
permitted. Permission from

current or future media, including reprinting/republishing this material for

advertising or promotional purposes, creating new collective works, for resale
or redistribution to servers or lists, or reuse of any copyrighted component of
this work in other works.

55

Fig 2: Layered view of networking functionality [7]

The research and experimentation on software
defmed networks is also being conducted by some commercial
players (e.g., Google, Yahoo!, Rackspace, Microsoft).
However commercial adoption is still in its early stage. Industry
experts believe that security issues need to be addressed and
further investigated in SDN[6],[8],[9]. Different threat vectors
have already been identified in SDN architectures [6], as well
as several security issues and weaknesses in OpenFlow-based
networks [lO], [11], [12], [4], [13]. It is worth mentioning that
most threats vectors are independent of the technology or the
protocol (e.g., OpenFlow, POF, ForCES), because they embody
threats on conceptual and architectural layers of SDN itself. As
discussed in [7] there are at least seven identified threats vector
in SDN architectures. Two of the most significant threats to
SDN are intrusion and DDoS attacks. DDoS attacks likely to
occur in the shape of forged or faked traffic flows in the data
plane, which can be used to attack forwarding devices and
controllers. DDoS attacks occur when a large number of
packets are forwarded to a PC or server or a group of PC or
server in a network. In case the source addresses of these
packets are spoofed, the switch will not find a match of this
spoofed packet it will forward the packet to the controller. The
legitimate and the DDoS spoofed packets together can force the
resources of the controller to continuously process these
packets resultantly exhausting them. Now when new valid
packets arrive the controller will become unreachable resulting
in loss of the SDN architecture. Now, even if we deploy a
backup controller, it will have to encounter the similar
challenge. This paper focuses on intrusion and DDoS attacks to
SDN and suggest machine learning based techniques to
mitigate them.
II.

OV ERV IEW OF DDoS ATTACKS AND

INTRUSION DETECTION

The DDoS attack is an attempt with malicious intent to drain

the resources of a computer or a network of computers by
sending continuous and heavy traffic to them [14]. Here, the
attacker intends to: i) deplete the Bandwidth and ii) exhaust the

resource. DDoS attack is initiated by the attacker by putting a

code in the affected servers/PCs which are called Botnet. Once
attack occurs, these codes are executed and a heavy stream of
traffic is sent to the victim. Use of botnets makes the attack
more rigorous and keeps the attacker concealed behind the
scene.
On the other hand, DDoS is also one of the most common
techniques of consuming and disturbing the service in a
network. Each day, hackers launch thousands of such attacks.
Record shows that in the first quarter of 2013 alone the attack
bandwidth average exceeded 48.25 Gbps which is about 700%
more than the bandwidth consumed in last quarter of 2012 [16].
Although all types of such attacks cannot be detected or
documented, even the available figures of number of DDoS
attacks indicate that it remains one of the major threats for
conventional network as well as SDN .

i. Intrusion Detection Techniques

There are two types of intrusion detection techniques.

Signature detection technique deals with searching of

network traffic for a series of bytes or packet sequences
known to be malicious. Whereas, in the anomaly detection
technique the baseline for network behavior is worked out.
This baseline is a depiction of accepted network behavior,
which is learned or specified by the network administrators,
or both. Events in an anomaly detection engine are triggered
by any activities that fall outside the predefined or accepted
model of behavior.
ii. Types ofAnomaly Detection Techniques
As highlighted above, Anomaly detection is the identification
of events, items or observations which do not conform to an
anticipated pattern or other items available in a dataset. Such
type of anomalous activity will transform to an issue like bank
fraud, medical problems, or locating errors in text. Outliers,
peculiarities, noise, deviations, surprise and exceptions are also
termed as anomalies. A variety of techniques are used for
anomaly detection. Following are two main techniques used for
anomaly detection[18]:I.
Statistical analyses
ii. Machine learning
III. MACHINE LEARNING TECHNIQUES TO
MITIGATE INTRUSION AND DDOS ATTACKS
Security of centralized software-based SDN controller is
one of the major security concerns. The machine learning
techniques are applied to mitigate intrusion and DDoS attack
on SDN controller or switch by automatically building the
model based on the training data set. The data set contains a
collection of data examples or instances. Each instance can be
illustrated using a set of attributes and the associated labels.
Different types of attributes can be used like categorical or

56

continuous. The applicability of related technique for anomaly

detection is determined based on the type of attributes. The
binary values are used for labels associated with data instances
i.e. normal/valid and anomalous. Some researchers have used
different labels for different types of attacks such as DDoS,
R2L, U2R, and Probe instead of the anomalous label. Thus the
learning techniques are able to present more specific
information about the types of anomalies detected. However,
results of experiments conducted on the subject show that
current learning techniques are not accurate enough to identify
the type of anomalies in conventional networks; same holds
good for SDN. As manual human efforts are required for
labeling, fmding an accurate labeled data set which represents
all types of behaviors is quite costly. Thus, three operating
modes are defined for anomaly detection techniques based on
the availability of the labels: as Supervised Learning,
Unsupervised Learning, Semi supervised Learning [19],
explanation of which is out of scope of this paper.
In Signatures based IDSs, humans are responsible to
create, test, and deploy the signatures. Thus, generation of a
new signature for an attack on SDN may take hours or days,
which is considered too long in case we are dealing rapid
attacks. Nevertheless, to offer a human-independent solution to
the above mentioned problem, anomaly based IDSs based on
machine learning techniques provide an added advantage.
Anomaly based IDSs using machine learning techniques in
SDN are capable to implement a system that can learn from data
(examples/ experience) and offer the decision for test or unseen
data. Fig 3 shows most commonly used techniques based on
machine learning for classification of intrusive and normal/non
intrusive behavior [20] in conventional networks. Same
techniques hold good for SDN.

I Machine Leaming Techniques I

I
1----11 Suppott Vector Machinel
Nemal Networks

I----I Genetic Algorithms

1----11

Fuzzy Logic

1----11

Bayesian Networks

1-0---11 Decision Tree

Based on lines of biological nervous system processes

information, ANNs consist of a collection of processing
elements interconnected with each other aimed to transform a
set of inputs to a set of desired outputs. In this, the Multilayer
Perceptions MLP has been widely adopted neural network for
intrusion detection in conventional networks and same can be
used in SDN also. MLP based ANN is used to build
classification decision boundary in feature space to perform as
non-linear discriminate function. In NN based packets
classification system, each element of the feature vector has one
input node. Also, usually one output node is used for each class
to which a feature may be assigned (shown in Fig. 4). The
hidden nodes are connected to input nodes and some initial
weight assigned to these connections. These weights are
adjusted during the training process. Back-propagation rule is
one of the learning algorithms used for MLP based ANN. propagation rule works on a gradient descent method. This
method calculated an error function which is the difference
between the output calculated by the network and the output
desired. The Mean Squared Error (MSE) is used to define this
error function. The MSE is added over the complete training set.
To learn successfully, the true output of network should be
brought close to the desired output. This is done by reducing
the value of this error, continuously. The error for a particular
input is calculated using back-propagation rule and then this
error is back- propagated from one layer to the previous one
[20].
The weights of the connection between the nodes are
adjusted according to the back-propagated error. In this manner
error is reduced and the network learns. The input, output, and
hidden layers neurons are variable. Input/output neurons are
changed according to the input/output vector. Hidden layer
neurons are adjusted as per performance requirements. More
the hidden layers neurons more complex will be the MLP. The
intrusion detection system based on neural network works in
three phases:
i. The raw TCP/IP dump data is parsed into form readable by
the machine readable form using automated parsers.
ll. Training: Training of NN is done on different types of
attacks as well as on normal/valid data. The input consists
of a number of attributes (features). The output can assume
any one of the two values: normal data or intrusion.
iii. Testing: is done on the test dataset.
As mentioned earlier, the purpose of Intrusion detection
systems based on NN is to classify the normal/valid and attack
patterns along with the type of the attack. Thus classification of
a single record can be done easily after suitable training. So, the
IDS based on NN can function as an online classifier for the
type of attack it was trained for. The NN will be off-line only
for small duration when it is gathering information which is
required to calculate the features [21][22].

Fig. 3 Classification of machine learning techniques

i.

Artificial Neural Networks (ANN)

11.

57

Support V ector Machines

Support V ector Machines (SV M) is one of the most common

and popular methods used for classification for machine
learning tasks. Using this method, a set of training examples is
used with each example marked with one of the two categories.
Then, SV M algorithm is used to construct a model which can
predict if the new example falls into one category or other. Now
classification is done using SV M by extracting attributes from
the selected training examples/samples. Generally, a network
connection is selected as a sample. The benchmark datasets like
KDD99 are also used which consists of collection of network
connections attributes captured from various networks. An
input space X is defmed for each network connection, selecting
n attribute characteristics. The vector x (one-dimensional) can
be used to describe a network connection as under:-

{xl, x2, ... ... ... , xn }

where xi , i 1,2, ... ... . . n, denote the i characteristic value

of the sample x. As we have to only find if it is a normal or
abnormal connection for each network connection, therefore
only two states are sufficient to express this problem. So we
defme Y (+1,-1) . If we get Y as +1 then it is termed as a
normal connection and if we get Y -1 it would be classified
as abnormal connection. A basic SV M classification diagram
shown in Fig. 5.[20].
=

data, the DT algorithm is widely used, as a practical method for

learning disjunctive expressions.
DT algorithm sorts the instances down the tree from the root
node to some leaf node. Each node in the tree denotes a test of
some attribute of the instance. Each branch descending from
that node corresponds to one of the possible values for this
attribute [34]. As already discussed, intrusion detection in SDN
is a classification problem where each connection or user is
identified either as valid or normal connection or one of the
attack types. DT can solve this classification problem of
intrusion detection in SDN.
DTs perform well with large data sets. This factor is
advantageous as large amounts of data will flow across SDNs.
The high performance of DTs makes them helpful in real time
intrusion detection in SDN. DTs construct easily interpretable
models, which helps a security officer to inspect and edit.
Generalization accuracy of decision trees is another useful
property for intrusion detection model for SDN. Some new
attacks on the system are always likely which may be slightly
different from the known attacks captured during the
construction of the intrusion detection models. Because of the
generalization accuracy of decision trees mentioned above, it is
possible to detect these new intrusions [35].

Genetic Algorithm (GA)

GA is a search method that finds an approximate solution to an
optimization task. GA uses hill climbing method from an
arbitrary selected number of genes. GA has been used in
different ways in IDS. Some researchers have used GAs in IDS
to detect malicious intrusion in the network. GA based IDS is
also used to detect intrusion using past behavior. In this a profile
is created for the normal behavior. Based on this profile GA
learns and takes the decision for the unseen patterns. Genetic
algorithm is also used to develop rules for network intrusion
detection. A chromosome in an individual contains genes
corresponding to attributes such as the service, flags, logged in
or not, and super-user attempts.

IV.

Nonna] Cia

1 AbuOJlllal CL,"

luputLaycr

Hidden L9)'er

Oulput Layer

Fig. 4 Simple Architecture of MLP

Classification method based on SV M provides comparatively
good ability of learning for small samples. Apart from Network
Intrusion Detection, SV M has also been used for web page
identification and face identification. SV M is also used in
solving practical classification problems, like problems with
small samples and problems which are non-linear. It is therefore
expected that SV M will be one of the popular choices in
handling classification problems in SDN.
iii.
Decision Tree
Decision Tree (DT) algorithm is one of the predictive modeling
techniques used in statistics, data mining and machine learning
for classification problem which is one of the challenges in
SDN. DT algorithm uses inductive inference to estimate the
target function, which produces discrete values. Robust to noisy

''t

/
/

/
/

/
/
.<.

-r:::f.
..

/
"/

/
/

(2)

/
0
0 0

0
x,

Fig.5 Simple Architecture of SV M classification

58

In GA, the attacks that are common can be detected more

accurately compared to uncommon attributes. The GA is
applied to the networks as under: The IDS collects the
information about the traffic passing through a network.

The IDS applies GA.

Incoming traffic is then classified by the IDS as anomalous

or normal based on their pattern.

GA was successfully used in different types of IDS as an

evolutionary algorithm. Using results obtained through GA,
the best fitness value was found closely to the ideal fitness
value[23-27].

v.
Fuzzy Logic
Fuzzy logic based on fuzzy set theory which works on
reasoning which is termed as an approximation rather than
precise or fixed. Techniques based on fuzziness have been used
for anomaly detection because the features which are to be
considered to solve the problem can be termed as fuzzy
variables. The concept of fuzzy logic lets an object to fit in to
different classes simultaneously. This flexibility is very useful
in case it is difficult to distinguish between different classes. It
is also helpful in intrusion detection task in SDN, where the
differences between the normal and anomalous classes or traffic
are not well defined.
While fuzzy logic has been effective, particularly against
probes and port scans, its main disadvantages to be considered
in case of SDN are the high resource consumption and large
time consumed during the training. [28] [29] [25].
Bayesian Network
A Bayesian network model is used to encode probabilistic
relationships among the variables of interest. This method is
used to solve problem of intrusion detection in combination
with statistical techniques. The naIve Bayesian (NB) algorithm
is used for learning task, where a training set with target class
is provided. Aim is to classify an unseen pattern, whose
attribute values are known but class is unknown. To classify the
unseen example, the Bayesian approach is to assign the most
probable target class. Given the values of attribute (a,
a2, ... ... ... , an ) which describe the example.

Where CNB, denotes the target class predicate by the naIve

Bayesian classifier. In naIve Bayesian algorithm, the
probability values of equation 2 are estimated from the given
training data. These estimated values are then used to classify
unknown examples[29][24].
IV .

COMPARISON OF THE REV IEWED SCHEME

Though all above mentioned intrusion detection schemes based

on machine learning have tried to achieve high detection rate
but each one have their own pros and cons. Following table
describes the pros and cons of techniques discussed above
[30][31].
SI

Machine

Learning

Cons

Technique
1.

generalize

to

Neural

Capable

Networks

from limited. noisy and

not suitable for real-time

incomplete data.

detection.

Slow training process so

need

expert

Over-fitting may happen

knowledge and

it can

during

Does

not

find unknown or novel

neural

network

training.

intrusions.
2.

Bayesian

Encodes

Network

relationships among the

probabilistic

Harder

to

handle

continuous features. May

variables of interest.

not

Capable to incorporate

classifiers

both

knowledge is wrong.

prior

data

and

contain

any

good

if

prior

knowledge.
3.

Support

Is good with learning

Training

Vector

ability

time.

Machine

samples.

Mostly

used

binary

High decision rate and

classifier

which

cannot

training

give

for

small

rate,
to

insensitiveness

VI.

Cmap

Pros

dimension of input data.

4.

Genetic

Ability

Algorithm

classification rules and

to

derive

best

takes

long

additional

information

about

detected type of attack.

cannot assure constant
optimization response

optimal

times.

Biologically

inspired

Over-fitting.

and

employs

selecting

parameters.

evolutionary algorithm.
5.

Fuzzy Logic

Reasoning needs to be an

High consumption of

approximation instead of

resources. Reduced,

being precise.
Effective,

argmax C} E CP C} aI, a2 ... ... ... a)

relevant rule subset

especially

identification and

against probes and port

dynamic rule updation at

scans.

runtime is a difficult
task.

the expression can be rewritten using Bayesian theorem as

Cmap argmax C} E C(aI, a2 ... an I C})P(C} ) . . . .. (1)
=

It is easy to estimate each of the P (C) simply by counting the

frequency with which each target class C} occurs in the training
set. The naiVe Bayesian algorithm is based on the simplifying
assumption that given the target class of the example, the
probability of observing the conjunction aI, a2 ... an is just the
product of the probabilities for the individual attributes: P(aI,
i P(aiIC} ).
a2 ... ... ... an IC} )
Substituting this into equation 1, we get
=

CNB

argmax C} E CP(C} i P(ai)IC}). . . . . . . . . . . . . . . . . . (2)

V.

CONCLUSION

Machine learning based techniques for handling DDOS attacks

and intrusion has received much attention in the computational
intelligence community handling conventional networks and as
well as SDN, now. In this paper we have analyzed various
machine learning techniques which can be used to handle the
issues of intrusion and DDoS attacks to Software Defined
Networks. Being new research area the suggested techniques
offer a great research prospects for both industry as well as
academia.

59

[21] Hua TANG, Zhuolin CAO "Machine Learning-based Intrusion Detection

REFERENCES
[I]

Algorithms" Binary Information Press, December, 2009

[22] D.

N. Mckeown, "How SDN will Shape Networking," October 2011.

[Online]. http://www.youtube.comiwatch?v=c9-K50qYgA

[2]

S.

Schenker,

"The

Future

of

Networking,

and

the

Past

http://www.youtube.com/watch?v=YHeyuD89nl Y
[3]

H. Kim and N. Feamster, "Improving network management with software

defined networking," Communications Magazine, IEEE, vol. 51, no. 2,
pp. 114-119, 2013.

[4]

Processing:

of

the First Workshop on Hot Topics in Software Defined Networks,ser.

[5]

S. Shin, P. Porras, V. Yegneswaran, M. Fong, G. Gu, and M. Tyson,

"FRESCO: Modular composable security services for software-defined
networks," in Internet Society NDSS., Feb. 2013.

[6]

dependable software-defined networks," in Proceedings of the second

SIGCOMM

workshop

on

Hot

topics

in

software

defined

networking, ser. HotSDN '13. New York, NY, USA: ACM, 2013, pp. 5560.
[7]

Diego Kreutz, Member, Fernando M. V. Ramos, Paulo Verissimo, Fellow,

Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig,
"Software-Defined Networking: A Comprehensive Survey". [Online]:
http://arxiv.orglabsl1406. 0440

[8]

S. Sorensen, "Security implications of software-defined networks,"2012.

[Online].

Available:

http://www.fiercetelecom.com/storylsecurity-

implications-software-defined-networks/2012-05-14
[9]

S. M. Kerner, "Is SDN Secure?" Mar 2013. [Online]. Available:

http://www.enterprisenetworkingplanet.com/netsecur/is-sdn-ecure.html

[10] R. Kloti, "Openflow: A security analysis," Master's thesis, Swiss Federal

Institute of Technology Zurich (ETH), Zurich, Swiss, 2013.
[II] M.

Wasserman and S.

Hartman, "Security analysis

of

the

open

networking foundation (ont) OpenFlow switch specification," Internet

Engineering

Task

Force,

Apr

2013.

[Online].

Available:

https:!ldatatracker.ietf.orgidoc/draft-mrw-sdnsec-openflow-analysisl
[12] S. Shin and G. Gu, "Attacking software-defined networks: A first
feasibility study," in Proceedings of the second workshop on Hot topics
in software defined networks, ser. HotSDN '13. New York, NY, USA:
ACM, 2013, pp. 1-2.
[13] K.

Benton, L.

J.

Camp, and C.

Small,

"OpenFlow

vulnerability

assessment," in Proceedings of the second ACM SIGCOMM workshop

on Hot topics in software defined networking, ser. HotSDN '13. New

1. L. Zhao, J. F. Zhao, and 1. 1. Li, -Intrusion Detection Based on

Clustering Genetic Algorithmll, International Conference on Machine
Learning and Cybernetics IEEE, Guangzhou, 2005, pp. 3911-3914.
Programming", In Proceedings of the Sixth International Symposium on
Methodologies for Intelligent Systems, Charlotte, NC. 1991, pp. 409-418.

[28] M. S. A Khan, "Rule based Network Intrusion Detection using Genetic

Algorithm," International J. Computer Applications, vol. 18, no. 8, pp.
26-29, March 2011.
[29] Rajdeep Borgohain, " FuGelDS : Fuzzy Genetic paradigms in Intrusion
Detection Systems," International Journal of Advanced Networking and
Applications, vol. 3, no. 6, pp. 1409-1415, 2012
[30] P Garcia Teodora, J Diaz Verdejo, G Macia Farnandez, and E Vazquez,
"Anomaly-based network intrusion detection:Techniques,Systems and
Challenges," Journal of Computers & Security, vol. 28, no. I, pp. 18-28,
February 2009.
[31] Hua

Rexford, S. Shenker, and

using

Machine

[Online].

[Online].

Learning

37, September 2013. Published by Foundation of Computer Science, New

[20] Jayveer Singh, Manisha J.Nene, A Survey on Machine Learning
Intrusion

Detection

Systems.

foundation"

2014.

[Online].

Available:

Detection Systems Using Decision Trees and Support Vector Machines".

York, USA
for

networking

international Journal OJApplied Science And Computation, 2004.

Techniques. International Journal of Computer Applications 78(16):30-

Techniques

"Open

The McGraw-Hili Companies, Inc., 1997, pp. 52-78.

[19] Sharmila Kishor Wagh, Vinod K Pachghare and Satish R Kolhe. Article:
System

1. Turner, "Openjlow: enabling innovation in

[35] Sandhya Peddabachigari , Ajith Abraham , Johnson Thomas, "Intrusion

http://www.csit.carleton.cal-msthilairelThesis/Seyed%20Mousavi.pdf
Detection

Intrusion

Information

[34] T. Mitchell, "Decision Tree Learning", in T. Mitchell, Machine Learning,

me16003&view=map

Intrusion

Learning-based

Computational

https:!lwww.opennetworking.orgi

[18] Seyed Mohammad Mousavi, Early Detection of DDoS Attacks in

on

of

pp. 69-74, Mar. 2008.

[33] ONF,

http://www.digitalattackmap.coml#anim=I &color=O&country=ALL&ti

Survey

"Machine

Campus networks, " SlGCOMM Comput. Commun. Rev., vol. 38, no. 2,

ddos-attackreports.html

Controller

CAO

"Journal

Systems5:6(2009) 1825-1831.

statistics. [On Iine]. http://www.prolexic.com/knowledge-center-dos-and

Networks

Zhuolin

Algorithms

[32] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J.

[16] Prolexic. (2013, December) DoS and DDoS attack reports, trends and

Defined

TANGi",

Detection

Classification," in Singnal processing and information tecnology in 3rd

Software

D.

2079-8407 VOL. 3, NO. 8 Aug, 2012

[26]

IEEE International Symposium, Apr 2003, pp. 190-193.

Map.

Cognition,

Algorithm Rule-Based Intrusion Detection System" (GAIDS), ISSN

4/dos_attacks.html

Attack

of

Military Academy, West Point, NY June 2001

[15] A Mitrocotsa C. Douligeris, "DDoS Attack and Defence Mechanism: A

Digital

Microstructure

internal

Distributed

[25] AA Ojugo, AO. Eboka, O.E. Okonta, R.E Yoro, F.O. Aghware "Genetic

http://www.cisco.comlweb/aboutlac123/ac147larchived_issues/ipj_7-

Oct)

"Learning
Parallel

Intrusion Detection" Workshop on Information Assurance United States

[Online].

(2013,

errors,"

Detection Based on Adaptive Bayesian Algorithm" 1-4244-2136-7/2008

York, NY, USA: ACM, 2013, pp. 151-152.

Arbor.

the

Williams,

[24] Jonatan Gomez and Dipankar Dasgupta "Evolving Fuzzy Classifiers for

[14] M. Masikos, O. Zouraraki C. Patrikakis. (2004, December) CISCO.

[17] Google,

in

[27] W. Spears, and V. Anand, -A Study of Crossover Operators in Genetic

D. Kreutz, F. M. Ramos, and P. Verissimo, 'Towards secure and

ACM

Explorations

and

1986.

HotSDN '12. New York, NY, USA: ACM, 2012, pp. 121-126.[Online].
http://doi.acm.orglI0.1145/2342441.2342466

Hinton

back-propagating

[23] Dewan Md. Farid, Mohammad Zahidur Rahman "Learning Intrusion

P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu, "A

security enforcement kernel for OpenFlow networks," in Proceedings of

G.
by

Rumelhart and I. McClelland editors, vol. I, pp. 3 18-362, MIT Press,

[Online].

2011.

Protocols,"October

Rumelhart,

representations

[Online].

http://www.ijarcce.com/upload/20 13/november/3 5-o-jayveer_singh

A_Survey_on_Machine.pdf

60