Tree-SDN-DDoS Defense Dataset
Description
The "TreeSDN-DDoS Defense Dataset" is meticulously formulated to address the distinctive challenges associated with detecting Distributed Denial of Service (DDoS) attacks within Software-Defined Networking (SDN) frameworks, with a specific focus on Tree topology configurations. This dataset encompasses a broad spectrum of network traffic patterns, incorporating both legitimate operational flows and those indicative of DDoS activities, thereby establishing itself as a vital resource for the inception, evaluation, and refinement of innovative DDoS detection methodologies. Designed to complement the Mininet emulator's capabilities for SDN scenarios, the dataset includes an array of detailed network interaction descriptors such as packet rates, dimensions, and classifications; volume of network flows; and protocol types. Each entry within the dataset is precisely categorized, employing labels to differentiate "normal" (Label = 0) network traffic from that characteristic of "DDoS" assaults (Label = 1), thus facilitating the application of supervised learning techniques and promoting exhaustive analytical investigations. Furthermore, the dataset is noted for its emphasis on 35 critical network vulnerabilities crucial for the identification of DDoS breaches, serving as a comprehensive repository for cybersecurity practitioners and scholars aiming to bolster SDN defenses against these incursions. The Tree topology, typically utilized in Wide Area Networks (WANs) and expansive organizational networks for interconnecting various departments or sites, is recognized for its hierarchical organization that significantly enhances network manageability, scalability, and fault isolation capabilities. Consequently, the "TreeSDN-DDoS Defense Dataset" is particularly pertinent for deployment in settings where the inherent benefits of the Tree topology—such as a well-defined hierarchy, streamlined data oversight, and the capacity for network segment isolation for troubleshooting and security enhancement—are paramount.
Files
Steps to reproduce
HPING3 ping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It is useful to script network tests. Here's how you can install it in a Mininet environment. Since Mininet typically runs on a Ubuntu-based system, you'd use the apt package manager. 1. First, you'll want to update the package lists for upgrades and new package installations: sudo apt-get update 2. Then, you can install hping3: sudo apt-get install hping3 This should install hping3 for you to use within your Mininet environment. Once installed, you can use hping3 within your network. For example, you can use hping3 to perform a simple ping of one host to another. Assuming you have two hosts, h1 and h2, with h2 having an IP address of 10.0.0.2, you could use the following command in Mininet: Attack code: Udp flood h1x2 hping3 h3x1 -2 -V -d 120 -w 64 --faster -c 500 • h1x2 hping3 h3x1: This command is running hping3 from the host h1x2 to the host h3x1. • -2: This specifies that the packets to be sent should be UDP packets. hping3 supports several types of packets, and -2 is the flag for UDP. • -V: This enables verbose mode, which will display additional details about the packets being sent and received. • -d 120: This sets the data size to 120 bytes. Each packet will contain 120 bytes of actual data. • -w 64: This sets the TCP window size to 64. While this option usually applies to TCP traffic for flow control, in this command, it might not have any effect because the -2 option indicates that the packets should be UDP, which doesn't use window size for flow control. • --faster: This sends the packets as fast as possible, without any delay between them. hping3, by default, sends packets every 10 milliseconds, but with this option, it will send them as quickly as the system allows. • -c 500: This sends 500 packets. After 500 packets have been sent, hping3 will stop sending packets.