2021 International
2021 Conference
International onon
Conference Computing, Communication,
Computing,
Communication,
To Detect the Distributed Denial-of-Service Attacks
in SDN using Machine Learning Algorithms
2021 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS) | 978-1-7281-8529-3/20/$31.00 ©2021 IEEE | DOI: 10.1109/ICCCIS51004.2021.9397068
Shruti Banerjee
M. Tech. CSE, Dept. of CSE,
SRM Institute of Science and Technology, NCR Campus,
Ghaziabad, India
[email protected]
[email protected]
Abstract The reason for Software Defined Network (SDN)
to gain importance in both the academics and industry as a new
emerging way of network management, is its architecture which
decouples the data plane (forwarding devices) and the control
plane (controller) making it possible to upgrade and update into
d of-Service attack [3]. In this case, the attacker compromises
scenarios in terms of network virtualization, flexibility, enhanced
growth control, dynamic network policy, reduced operational
cost. Despite, these advantages; it is also one of main reasons for
cyber threats. Amongst them the most vulnerable is the DDoS
attacks. DDoS attack in SDN is quite a threat to the security in
SDN network. It attacks at the network layer or application layer
of the infrastructure. It can cause problems as simple as inability
to refresh a particular page to as severe as failure of an entire
server. In this paper, DDoS is taken into consideration with SDN
and proposed a IDS which studied for detection of the attackers
in the real time incoming traffic. Machine Learning algorithms
such as Naïve Bayes, KNN, K-Means clustering, and Linear
Regression are used to form the module 1 of the IDS (the
Signature IDS) and Module 2 form for uses three way handshake
to identify the exact host which is an intruder. On finding the
intruder it is being placed in the Access Control List (ACL). Also,
analysis of efficiency of different machine learning algorithm is
performed to understand the effectiveness.
Keywords SDN; DDoS Attacks; Machine Learning
I. INTRODUCTION
Software Defined Network (SDN) is the new trend in
network evolution [1]. The decoupling of the forwarding
hardware from the control unit, simplifies the network
management that enabling innovation and evolution to new
trends. The network intelligence is centralized in a separate
component (the controller) that takes decisions for the entire
network. So, the benefits of SDN ranges from centralized
control, eliminating middle boxes - intruder in the incoming packets so as to prevent the attack
device does the
work of simple packet forwarding which is programmed using
an open interface (called data plane). On arrival of the new
packet to the SDN, the packet is sent to switch. If the
incoming packet matches with the entries in the flow table it is
processed as per the rules for that flow entry. In case, it does
not match with any of the flow entries, the actions that switch
will take for that particular unmatched packet depends on the
[2] -case
ISBN: XX-X-XX-XX-X/19/$31.00
ISBN: ©2021
978-1-7281-8529-3/21/$31.00 IEEE
©2021 IEEE
Authorized licensed use limited to: San Francisco State Univ. Downloaded on June 19,2021 at 11:05:39 UTC from IEEE Xplore. Restrictions apply.
andand
Intelligent Systems
Intelligent (ICCCIS)
Systems (ICCCIS)
Partha Sarathi Chakraborty
Assistant Professor, Dept. of CSE,
SRM Institute of Science and Technology, NCR Campus,
Ghaziabad, India
no match is found such as drop the packet. The controller is
the centralized entity and also the operating system of the
has its drawbacks of being vulnerable to various cyber-attacks.
The most vicious amongst them is the Distributed Denial-
multiple numbers of hosts and commonly the ones which carry
heavy traffic, by sending flood traffic. It is unnecessary so as
to exhaust the network resources such as bandwidth and other
network resources that make the targeted server unresponsive
and unavailable to its legitimate users. If on successful
infiltration of the intruder in the controller of SDN, it could
compromise the entire network infrastructure making the SDN
and access patterns help determine the presence of an attack.
For a successful attack on SDN, on the initial steps the
attacker will compromise one of the hosts that are being
frequently used or pass heavy traffic. To infiltrate the node,
intruder uses spoofed IP, so as to minimize the chances of
being detected. On successful infiltration of that particular
node, the attacker then installs all the malicious software
required to plant a strong attack on the controller of SDN.
Thus, naming the compromised node as ZOMBIE/BOT. The
node which controls all the bots is called BOTNET. It works
as the Master-Slave model. The attacker can perform the
attack like TCP syn attack, UDP flood attack, ICMP flood
attack. These types of attack target mainly the network layer
and the application layer. If the intruder is successful to fulfill
the attack, it will compromise the entire SDN infrastructure
including all the data, firewalls and other network resources.
This causes a severe catastrophic failure, to prevent which
requires IDS in addition to its firewall.
In this paper, the proposed IDS detect the presence of
from taking place. The IDS consists of two modules: first is
the Signature IDS uses Machine Learning algorithms to
classify the incoming traffic according to the trained model.
Second module uses open connections and three-way
handshake to determine exactly which packet is the intruder in
the incoming traffic. The structure of our paper as follows:
section II reflects the discussion on preliminary things and
section III presents review of literature. Section IV presents
our proposed methodology. Section V shows the results and
966
1
 2021 International
2021 Conference
International onon
Conference Computing, Communication,
Computing,
Communication,
its analysis on findings. Finally, the section VI presents the
conclusion and future work.
II. PRELIMINARY
A. Software Defined Network
The fundamental concept on which SDN is built is the
decoupling of control plane from the data plane. The only
purpose of data plane is to forward packets and the control
plane is to possess centralized control over the entire entity.
The forwarding of packets is performed according to the
control instructions given by the control units. The SDN
network architecture if formed on four pillars [4]
Control planes and data planes are decoupled.
Control logic is separate entity also called NOS.
Network is programmable through API, running on top
of the NOS.
SDN is defined by three fundamental abstractions:
Forwarding: Allows forwarding functionalities by
network applications, hiding the underlying details.
Distribution: Covers SDN applications from the
various distributed state, making the distributed control
problem a logically centralized.
Specification: Allows a network application to express
the desired network behaviour without actually
implementing it.
The two popular SDN architectures are: ForCES [5] and
OpenFlow [2]. Though both are based on same SDN principle
but are still different based on design, architecture, models and
protocol interface.
B. Distributed Denial-of-Service Attack
To define a DoS attack, it is a type of cyber-attack in
which the intruder on successful infiltration to the desired
network, server or data center, etc that makes it completely
unavailable to its legitimate users. DDoS is a type of DoS
attack in which the victim is attacked from multiple sources.
This makes it even more difficult to detect as well as stop as
t help in
preventing the attack from taking place.
The working of DDoS is explained as DDoS attack in
SDN is conducted by sending useless traffic to the vulnerable
nodes of the network, so as to completely exhaust the
bandwidth and other network resources which results in
unavailability of the network and its resources for its
legitimate users. Once it is successfully able to gain complete
control over these vulnerable nodes of the network (also called
bots) the attacker then installs all the malicious software
required to attack the controller of the SDN. These bots are
controlled by the botmaster and form a network called the
botnet. They use spoofed IP to attack from the incoming
traffic. If the intruder is successful in infiltrating the network
without being detected by its security mechanism and
firewalls; it could easily gain control over the entire network,
Authorized licensed use limited to: San Francisco State Univ. Downloaded on June 19,2021 at 11:05:39 UTC from IEEE Xplore. Restrictions apply.
andand
Intelligent Systems
Intelligent (ICCCIS)
Systems (ICCCIS)
its data firewall security mechanisms, datacenters and other
resources through the controller of SDN as it has centralized
control over the entire network infrastructure.
C. Machine Learning Algorithms
ML gives the ability to study and learn analysing the data
provided so as to infer conclusions like: prediction, diagnosis,
remote control, recognition etc. ML algorithms that are used to
implement the Signature IDS (module 1) as follows:
Naïve Bayesian algorithm assumes that the presence of
a particular feature in a dataset is not dependent on the
presence of any other feature in that same dataset.
The k-NN also known as Instance Based Learning is a
non-parametric ML algorithm that classifies all known
as well as new cases based on a similarity measure.
K-means clustering algorithm divides the given
datasets into clusters, the upper limit and lower limit of
these clusters are customized.
III. LITERATURE SURVEY
The disadvantage of SDN is due to its specific feature in
its architecture which makes the network infrastructure
vulnerable to cyber-attacks like DDoS attack. This has quite
adverse effects on the network, its data and resources due to
which research is focused on this particular threat over SDN.
One of the way to mitigate this threat could be achieved by
analysing the behaviour and studying its features to
monitoring them as a way to identify DDoS threats. In [6]
Dayal et. al. studies on this particular idea of analysing the
behavioural features of DDoS attack to identify its presence
and monitor the network. To serve this purpose a simulation of
the attack is modelled. The tools used for the simulation are:
(1) Mininet (simulator), (2) Floodlight (controller), (3) sFlow-
rt (monitor network statistics), and (4) Hyenae 0.36
(performance attack). It then is analysed to get two concrete
conclusions. Three parameters are always constant for DDoS
attack measurement of randomness. They are entropy of
source IP address, destination IP address and type of protocol.
In case of volumetric attacks, affects on data plane is adverse,
but when control plane is attacked the overall affect is more
compared to volumetric attacks.
In [7] Haq et. al. conducted a survey to study the
implementation of Machine Learning techniques in IDS within
the time period of 2009 to 2014 using single, hybrid and
ensemble classifiers. This paper is broadly divided into three
parts of studies that is Techniques used for developing the
IDS, Overview of the articles over the given time line and the
datasets, used for study. Finally, issues referencing the study
for future research purposes. The machine learning techniques
used are supervised learning (in which instances are labeled),
unsupervised learning (in which instances are unlabeled), and
reinforced learning (in which interaction with the computer is
studied). The analysis observed states that use of different
classifiers to develop the IDS is an efficient and effective way
that serves the desired purpose to good measure.
To mitigate the threat of DDoS attack in SDN controller,
[8][9] studies the use of centralized controller in detecting this
2
967
 2021 International
2021 Conference
International onon
Conference Computing, Communication,
Computing,
Communication,
threat based on entropy variation in destination IP address,
applicable for first 500 packets of incoming traffic. Main aim
is to detect the threat at early stages i.e. the ability to tolerance
of device and traffic properties should not get exhausted. Thus
requires a fast and effective method which also should be
lightweighted. The measure of entropy fits this requirement.
Entropy is the measure of randomness in the incoming packet,
helps in detecting attacks in early stages. Two essential
components are used- window size and threshold. With
mininet as the network emulator, packet generation done by
Scapy (tool) threshold chosen is based on the proposed
detection mechanisms. With one of the advantages of SDN i.e.
flexibility, makes it easier to change the parameter according
to the need of the controller. Thus, providing the detection
mechanism system within the controller that is compatible
within its centralized nature and also require limited
processing power.
In [10] Huang et. al. studies on the solutions to the
problem of DDoS attack in SDN controller by the method of
predicting the amount of the new requests using Taylor series,
i.e. requests are directed to security gateway when prediction
value crosses a given threshold decreasing the entropy, will be
filtered out. Rules in the security gateway are installed
according to the algorithms which will send request to the
control unit. From the incoming traffic packets which match
the rules are treated accordingly. In case of new, unmatched
packets controller, sends new forwarding rules to the data
plane for each of these packets. On receiving unmatched
packets, security gateway applies filter algorithm to minimize
the number of unmatched packets thus reducing the entropy.
On implementing the defense mechanism, the observed
analysis stands as: change in entropy for source IP address is
due to different IP address used for DDoS attack (i.e. it
changes the source each time making new source for the
attack). But with this defense scheme the attack is defended
effectively.
In [11] Alharbi et. al. studies about the content of ARP
spoofing in SDN. The proposed mechanism is SDN based
ARP spoofing mitigation and can be adapted to NDP for both
NS and NA. The basic drawback of ARP is a stateless
protocol and it does not have any mechanism to authenticate
the sender of ARP request or reply or the ability to check the
integrity and validity of the provided information. Thus,
making it a relatively easy target. Due to the stateless nature
and lack of authentication SRP and NDP are vulnerable to
spoofing attacks enabling DoS and MITM attacks. The Two
basic approaches to handle the ARP in SDN are Regular ARP
and handle ARP using proxy ARP, which is well suited in the
SDN.
The main idea of the prevention mechanism is to prevent
the potentially spoofed information in the SHA/SPA fields
thus preventing the poisoning of ARP cache. This works for
the case of Regular ARP. The main goal is to implement a
controller component which secures the existing ARP
mechanism. It is based on the concept of Network Address
Translation (NAT). The study and experiments of the above
discussed problem states SARP NAT is a novel way of
mitigating against ARP spoofing attacks that occur in SDN.
Authorized licensed use limited to: San Francisco State Univ. Downloaded on June 19,2021 at 11:05:39 UTC from IEEE Xplore. Restrictions apply.
andand
Intelligent Systems
Intelligent (ICCCIS)
Systems (ICCCIS)
In paper [12][13], a comprehensive study of DoS attacks in
SDN along with an effective DDoS mitigation method
namely, Multi-layer Fair queuing (MLFQ). There are two
modes in which rules can be installed in the switches -
proactive and reactive. DoS threats in SDN is carried out by
breaking down the reactive rule installed in multiple stages
showing how the bottleneck problem can be utilized for
placing DoS attack. The solution to this problem is
implementing MLFQ queue management system which solves
the limitations of SLFQ.
In [14] Ambrosin et. al. studies a very thorough analysis of
CPSA is performed and studied closely that shows on intimate
knowledge about long forwarding paths (i.e. a path with
maximum number of hops) even with limited resources a
powerful CPSA attack can be mounted. The study of
eness of CPSA through extensive testing using
OpenFlow, the most widely adopted control data plane
communication protocol for SDN. Results show that on
increasing the forwarding paths by 5 times, decrease 55% in
attack rate is required to incapacitate the network. The impact
is evaluated by measuring
Amount of PktIn when under attack.
Ratio of Rt between number of PktIn received by the
controller and number of corresponding FlowAdd send
by the controller in response.
CPU usage.
As the control plane is the OS of the SDN, as a result of
which security is mostly assigned and dedicated to the control
plane but data plane [15] can also be vulnerable for SDN to
DoS attacks. The two metrics used to analyze are detection
rate and adaptability. By localizing the fixed header fields of
the attacking flow, the presence of attack can be detected. The
impact this procedure on the network is negligible.
SDN provides better network management but also is
prone to number of threats i.e. security attacks such as Secure
Shell (SSH) Brute Force attack. Even on identification of the
potential attack and the attacker, need for specific security
rules to be implemented in controller of SDN is imminent. The
algorithms used are C4.5, Bayes Net, Naive Bayes, Decision
tree for predicting the attack host and comparing the
performance in terms of accuracy. Historical data [16][17]
trains model, which then is used for predicting the potential
attacks from the real time traffic data. This process works on
two basic underlying principles. Use of historical data to train
the Machine Learning algorithms so as to obtain the accurate
classifiers from incoming traffic based on how it was trained
by the historical data thus, identifying potential attackers from
real time traffic. Once the model is trained, it identifies
potential hosts that can be intruders. If the attacker actually
attacked and it was predicted correctly by the trained model
which means the algorithm works accurate. The dataset being
[18] an open source project by Marist
college. The best average prediction accuracy of 91.68 was
achieved with Bayesian Network.
3
968
 2021 International
2021 Conference
International onon
Conference Computing, Communication,
Computing, andand
Communication, Intelligent Systems
Intelligent (ICCCIS)
Systems (ICCCIS)

IV. THE PROPOSED METHODOLOGY The method of implementation is summarized in the

The SDN architectural model (i.e. control unit and data following steps:
unit separation) resolves the limitations of traditional network Training the Machine Learning algorithms using
which forms the basis for advancement towards historical data / training data.
programmed networks SDN architecture also has its Trained Model to identify potential intrusive hosts and
limitations that make it vulnerable to major cyber threats like define the security rules for the SDN controller.
DDoS attack. The centralized control over the entire network For every packet-in request check that incoming
and its resources by the controller makes SDN vulnerable to packets with the flow table entries. If the incoming
DDoS as the attacker can compromise the path of packet matches with the flow table entries the set of
communication between these two units, or can change the instruction field decide what is to be done with that
firewall by fraud rule insertion or modification and on incoming packet.
successful infiltration when it gains control over controller of
SDN it would compromise the entire network along with all If the match is not found, the packet is send for further
its data and resources. processing in the controller, which matches the packet-
in with the entries in the access control list (ACL).
The IDS proposed has two modules: Module 1 is the
Signature IDS which uses Machine Learning algorithms like If matches then it is put in the blocked list and else it is
Naïve Bayes, KNN, K Means clustering to classify the allowed to access the server.
incoming packet into normal or anomalous thus predicting
beforehand all the possible intruders in the incoming traffic. The block diagram showing the working of the IDS in
These algorithms are analysed based on the detection rate and figure 2.
accuracy [17], and the one giving best possible outcome is
implemented in the Signature IDS. Though Naïve Bayes has
the probability of 93.3%, the existing system has the following
drawbacks:
It works best only for attributes that are independent of
each other in other cases it fails to determine.
It takes more time to get trained in case the data set is
big enough, thus increasing the training and processing
time. This results in controller taking more time to
start.
The algorithm also gives an anomaly of false positive
in case of true positive.
To resolve the above drawback we use different algorithm
that yields better results and overcomes all the limitations
mentioned above. The IDS is based on the basic principle
a) Use training dataset to train the machine learning
algorithm.
b) Use trained models to identify the potential intruders.
The block diagram is shown in figure 1 reflects the above
principle.

Fig. 1. Block Diagram for Machine Learning algorithms to define flow tables Fig. 2. Block Diagram for Implementation of IDS to detect DDoS attack.
on SDN controller.

4
969

Authorized licensed use limited to: San Francisco State Univ. Downloaded on June 19,2021 at 11:05:39 UTC from IEEE Xplore. Restrictions apply.
 2021 International
2021 Conference
International onon
Conference Computing, Communication,
Computing, andand
Communication, Intelligent Systems
Intelligent (ICCCIS)
Systems (ICCCIS)

V. RESULTS AND ANALYSIS D. The efficiencies of ML Algorithms

To evaluate the proposed algorithm for detection of DDoS
attcks using ML algorithms, we implemented it in Java and
use of MySQL database. We conduct our experiment on
desktop PC running Win 10 with 4GB memory and Intel Core
i5 vPro processor. Machine learning algorithm Naïve Bayes,
KNN, and Linear Regression implemented in Java, and then
three-way handshake results performed to detect intrusion in
SDN.
A. Dataset
For training purpose, we used an open dataset available
from Kaggle. There are seven different datasets used. The
dataset used is of the following format as shown in figure 3.
Fig. 3. Dataset used for the Machine Learning Algorithms to obtain the
Trained Model.
B. Simplified view of working in SDN environment
Figure 4 shows a simple working model of the SDN
environment.
Table I and Figure 5 provides the efficiency of three
different ML algorithm over seven different datasets, and it
can be seen that highest average prediction efficiency is
attained with linear regression. Figure 6 showing the Average
Performance Analysis of the ML algorithms in IDS.
It is observed that the Naïve Bayes algorithm is 93.3%
effective in detecting the presence of intrusive packets
amongst the incoming traffic. KNN has the detection rate
96.65% and also resolves the drawback of Naïve Bayes i.e.
dependent instructions. The other two drawbacks are
successfully resolved by K-Means Clustering and Linear
Regression. K-Means solves the problem of studying large
dataset which consumes time and thus, delays the controller to
start quick.
Linear regression works on an entirely different theory, till
now we studied that the efficiency and accuracy is calculated
by studying the probability of intrusive data packets over the
entire dataset and the probability of legitimate data packets
Linear Regression is based compares the amount of heavy
traffic over normal traffic thus resolving the anomaly and
giving a better efficiency than Naïve Bayes. Linear Regression
has the efficiency of 1.865 (a positive value) which tells the
amount of normal traffic is 1.865 times that of intrusive
traffic. When the network functions normally, Linear
Regression always gives a positive value, but when the
network is under attack Linear Regression will give a negative
value.

TABLE I. ANALYSIS OF THE EFFICIENCY OF MACHINE LEARNING

ALGORITHMS APPLIED OVER DIFFERENT DATASETS
Efficiency of Efficiency Efficiency of
No. of
Datasets Naïve Bayes of KNN Linear Regression
Entries
Algorithm Algorithm Algorithm
1 1028 0.933000 0.965919 1.865999
2 1000 0.944844 2.142662 1.889680
3 2500 0.904586 2.972541 1.809172
4 3847 0.913676 1.874566 1.827351
5 3860 0.947913 1.912589 1.895828
6 20430 0.927057 5.104020 1.854051
7 24245 0.923677 4.732181 1.847350
Fig. 4. Simplified view for working of SDN environment.

C. Algorithms to obtain the Signature IDS (Module 1)

Module 1. Algorithm to obtain the Signature IDS
STEP 1. Loading the dataset.
STEP 2. Preprocessing and removal of the duplicates
in the loaded dataset.
STEP 3. Trained model obtained using Naïve Bayes
algorithm.
STEP 4. Trained model obtained using KNN.
STEP 5. K-Means clusters the incoming traffic.
STEP 6. Linear Regression is used to classify the
incoming traffic.
Module 2. Uses three way handshakes to identify the Fig. 5. Graphical Representation of the Efficiency of Machine Learning
potential intruders in the real time incoming traffic. Algorithms applied over different Datasets

5
970

Authorized licensed use limited to: San Francisco State Univ. Downloaded on June 19,2021 at 11:05:39 UTC from IEEE Xplore. Restrictions apply.
 2021 International
2021 Conference
International onon
Conference Computing, Communication,
Computing, andand
Communication, Intelligent Systems
Intelligent (ICCCIS)
Systems (ICCCIS)
[4] S.
-Defined Networking : A

14 76, 2015.
[5] rwarding and

Engineering Task Force (IETF) Request for Comments: 5810, pp. 1

124, 2010.
[6]
identify DDoS detection fea
Conference on Communication Systems and Networks, COMSNETS
2017, Bangalore, India, 2017, pp. 274 281.
[7] N. F. Haq, A. R. Onik, M. A. K. Hridoy, M. Rafni, F. M. Shah, and D.
pproaches in Intrusion

Fig. 6. Graph showing the Average Performance Analysis of the ML Research in Artificial Intelligence, vol. 4, no. 3, pp. 9 18, 2015.
algorithms in IDS [8]
Networks Controller Early Detection 0f DDoS Attacks in Software
VI. CONCLUSION AND FUTURE WORK Ottawa, Canada, 2014.
The main purpose for the existence of SDN is to overcome [9] S. M. Mousavi and M. St-
the limitations of traditional networks. The way it has evolved,
changed the future of programmable networks giving it the on Computing, Networking and Communications, ICNC 2015, Garden
Grove, CA, USA, 2015, pp. 77 81.
[10]
advantages, there are drawbacks too; i.e. the separation of the
two entities control plane and data plane makes the network France, 2017, pp. 1 6.
infrastructure vulnerable to cyber-attacks like DDoS. DDoS [11]
poses the biggest threat to SDN environment. It targets either - Conference on Local
network or application layer to place the attack. If the attacker Computer Networks, LCN, Dubai, United Arab Emirates, 2016, pp.
is successful, it would compromise the entire SDN network 523 526.
data and its resources. [12] of Service Attacks in
33,
To address this problem, an IDS is proposed in this paper 2016.
which uses Machine Learning algorithms (Signature IDS [13]
module 1) to detect the presence of intrusive traffic from the distributed denial of service attacks in software defined network using
machine learning algor
real time incoming network traffic. The second module Technology, vol. 7, no. 2.8, pp. 472 476, 2018, ISSN 2227-524X.
performs 3 way handshakes to identify the particular
[14]
anomalous IP which is then placed in ACL and all connections
to that particular host are terminated. Thus, securing SDN Conference on New Technologies, Mobility and Security (NTMS),
network from an attack. As the future work, we plan to use Larnaca, Cyprus, 2016, pp. 3 6.
other machine learning algorithms (including unsupervised [15]
algorithms or reinforced algorithms) that best fit, like the and mitigating denial of service attacks against the data plane in
hidden Markov model which would serve the purpose IEEE Conference on Network
Softwarization (NetSoft), Bologna, Italy, 2017, pp. 1 6.
efficiently.
[16] L. Barki, A. Shidling, N. Meti, D. G. Narayan, and M. M. Mulla,
REFERENCES 016 International Conference on Advances in
[1] Computing, Communications and Informatics (ICACCI), Jaipur, India,
Open Networking Summit 2011 - Premier Event for OpenFlow and 2016, pp. 2576 2581.
Software Defined Networking, Stanford, USA, oct 2011. [Online]. [17]
Available: https://www.youtube.com/watch?v=YHeyuD89n1Y network attack patterns in SDN using machine learning
[2] B. A. A. Nunes, M. Mendonca, X.-n. Nguyen, K. Obraczka, and 2016 IEEE Conference on Network Function Virtualization and
-Defined Networking : Past , Present, Software Defined Networks, NFV-SDN 2016, Palo Alto, CA, USA,
2017, pp. 167 172.
Surveys & Tutorials, vol. 16, no. 3, pp. 1617 1634, 2014. [18]
[3] under GPL V2, 2015.
[19] K. Benton, L. J.
International Conference on Intelligent Systems and Control, ISCO
2016, Coimbatore, India, 2016, pp. 1 6.
New York, NY, USA: ACM, 2013, pp. 151 152.

6
971

Authorized licensed use limited to: San Francisco State Univ. Downloaded on June 19,2021 at 11:05:39 UTC from IEEE Xplore. Restrictions apply.