Akademik Veri Yönetim Sistemi
Journal of the Faculty of Engineering and Architecture of Gazi University, cilt.40, sa.3, ss.2087-2102, 2025 (SCI-Expanded)
In this study, a defence system that can effectively detect DDoS attacks is proposed for the security of Software Defined Networks (SDNs) that are adversely affected by Distributed Denial of Service (DDoS) attacks. In order to overcome the deficiencies of current security approaches for Internet of Things (IoT) networks at the SDN layer, it is aimed to create a real-time intrusion detection and prevention system. Considering the targeted requirements, a system called “MiddleModule” is proposed, where an SDN collects statistics of each edge switch and applies statistical-based detection algorithms to incoming packets. Lightweight detection algorithms optimized to detect different types of DDoS such as IP spoofing, protocol exploitation and flood attacks are designed within this system. In the simulations performed on OMNET++ and Mininet platforms, the sensitivity, false positive rate and accuracy of the proposed MiddleModule system are measured within the scope of the defence power performance. The sensitivity results of the proposed system are 99.6% for all DDoS attack types, the accuracy results are above 99.8%, the extra load on packet receive time is 0,2% and the false positive rate is 0%. These results indicate that all targeted Network/Transmission layer DDoS attack types are correctly detected by the MiddleModule system. Furthermore, the proposed MiddleModule system is compared with existing data layer based DDoS defence systems in the literature.