Toward a Real-Time TCP SYN Flood DDoS Mitigation Using Adaptive Neuro-Fuzzy Classifier and SDN Assistance in Fog Computing

<table class="algorithm-group"><tr><td><table class="algorithm" id="alg1"><tr><td> </td><td>input: <b>incoming packet of traffic flow to the switch</b></td></tr><tr><td> </td><td>output: <b>response with flow classification and decision</b></td></tr><tr><td> </td><td><b>if</b> packet matched in the flow table</td></tr><tr><td> </td><td> Apply the rule in the flow table;</td></tr><tr><td> </td><td><b>else</b></td></tr><tr><td> </td><td> Forward packet to SDFN-server;</td></tr><tr><td> </td><td> Apply ANFIS classifier;</td></tr><tr><td> </td><td> <b>if</b> flow classified as malicious packet <b>then</b></td></tr><tr><td> </td><td>  Retrieve the Mac address of the attacker;</td></tr><tr><td> </td><td>  Update rule table in flow table with a malicious user;</td></tr><tr><td> </td><td>  Make a decision:</td></tr><tr><td> </td><td>  Drop the packets with this source Mac address;</td></tr><tr><td> </td><td>  Block the infected switch port;</td></tr><tr><td> </td><td> <b>else</b></td></tr><tr><td> </td><td>  Update rule table in SDN with the legitimate user;</td></tr><tr><td> </td><td>  Make decision: Forward the packet to destination;</td></tr><tr><td> </td><td> <b>end if</b></td></tr><tr><td> </td><td><b>end if</b></td></tr></table></td></tr></table>

Security and Communication Networks

alg1

Algorithm 1

Algorithm 1: Toward a Real-Time TCP SYN Flood DDoS Mitigation Using Adaptive Neuro-Fuzzy Classifier and SDN Assistance in Fog Computing 