Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Qiumei Cheng,Chunming Wu,Haifeng Zhou,Yuhang Zhang,Rui Wang,Wei Ruan

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00149

2018-01-01

Abstract:Guarding the perimeter of cloud-based enterprise networks is a challenge due to massive traffic with dynamic nature. Current firewalls of enterprise networks in cloud are largely based on static security rule configuration or simple rule matching, which makes them inflexible, error-prone and poorly effective, bringing about severe security risks. In this paper, we propose an artificial intelligence-based software-defined networks firewall (AI-SDNF) for solving the above problems. Compared with existing SDN firewalls, AI-SDNF is able to extract and analyze the payload of data packets based on machine learning technologies rather than simply match with flow tables according to several header fields (e.g., source and destination IP/MAC addresses). Considering deciding whether a packet is benign or malicious is able to be formulated as a typical binary classification problem, we employ logistic regression for training an intelligent SDN firewall under supervised machine learning. We implement a prototype of AI-SDNF on the OpenDaylight controller and the OpenStack platform. Based on the prototype, we evaluate its performance and overheads with real dataset. The experimental results indicate that AI-SDNF achieves a relatively high detection accuracy of 96.79% with an average of 0.2ms latency.

Fatty M Salem,Hoda Youssef,Ihab Ali,Ayman Haggag

DOI: https://doi.org/10.1371/journal.pone.0273681

IF: 3.7

2022-08-29

PLoS ONE

Abstract:Software-defined networks offer a new approach that attracts the attention of most academic and industrial circles due to the features it contains. However, some loopholes make such modern networks vulnerable to many types of attacks. Among the most important types of these attacks is the Distributed Denial of Service (DDoS) attack, which in turn affects the network's performance and delays many real user requests. As one of the main features of SDN is the centralization of all the control plane in the SDN controller, it becomes a central point of attack that may compromise the whole network. Hence, in our proposed approach, we aim to mitigate the DDoS attack that maybe launched to compromise the SDN controller, flood the control plane and cripple the entire network. Many DDoS mitigation scheme have been proposed, however, determining the threshold between legitimate requests and malicious requests is still a challenging task. Our proposed approach relies on a two-phases algorithm that assigns a variable trust value for every user. This trust value is compared with schemes relying on a threshold value that changes dynamically and assists in detecting the DDoS attack. The first phase of our two-phases algorithm is Header fields extraction, and the second phase is calculating the trust value based on header fields information. Our proposed approach shows better performance than related detection schemes in terms of accuracy, detection rate, and false-positive rate. Where the accuracy of the system reaches up to 98.83% which is high compared to other traditional methods.

Jie Ma,Wei Su,Yikun Li,Yihua Peng

DOI: https://doi.org/10.1016/j.future.2023.12.033

IF: 7.307

2024-01-05

Future Generation Computer Systems

Abstract:The availability of SD-IoT is now under complex and serious cyber threats, especially distributed denial-of-service attacks. However, traditional defense schemes suffer from coarse-grained centralized sampling approaches, low accuracy of detection models, and inefficient mitigation methods. In this paper, a novel DDoS defense scheme is proposed, which consists of a high-accuracy detection mechanism based on a Graph Convolutional Neural Network learning model and a mitigation mechanism based on fast traffic migration. In the detection stage, a fine-grained INT sampling approach is utilized to obtain multidimensional network topology and status information. The Graph Convolutional Neural Network learning model detects switches containing DDoS attack traffic with high accuracy because the detection model not only extracts and utilizes multiple temporal and spatial features of the collected information, but also has a better learning and representation capability. In the mitigation stage, the enhanced whitelist with dynamic threshold-based values is automatically adapted to the real-time state of the network environment for enhanced mitigation flexibility. The fast programmable segment rerouting strategy can block attack traffic in time and ensure the continuity of network services. The results of several comparison experiments show that the proposed scheme can detect DDoS attacks more accurately and mitigate them more effectively than traditional schemes.

computer science, theory & methods

Hsiu-Min Chuang,Fanpyn Liu,Chung-Hsien Tsai

DOI: https://doi.org/10.3390/sym14061178

2022-06-08

Symmetry

Abstract:Recent developments have made software-defined networking (SDN) a popular technology for solving the inherent problems of conventional distributed networks. The key benefit of SDN is the decoupling between the control plane and the data plane, which makes the network more flexible and easier to manage. SDN is a new generation network architecture; however, its configuration settings are centralized, making it vulnerable to hackers. Our study investigated the feasibility of applying artificial intelligence technology to detect abnormal attacks in an SDN environment based on the current unit network architecture; therefore, the concept of symmetry includes the sustainability of SDN applications and robust performance of machine learning (ML) models in the case of various malicious attacks. In this study, we focus on the early detection of abnormal attacks in an SDN environment. On detection of malicious traffic in SDN topology, the AI module in the topology is applied to detect and act against the attack source through machine learning algorithms, making the network architecture more flexible. Under multiple abnormal attacks, we propose a hierarchical multi-class (HMC) architecture to effectively address the imbalanced dataset problem and improve the performance of minority classes. The experimental results show that the decision tree, random forest, bagging, AdaBoost, and deep learning models exhibit the best performance for distributed denial-of-service (DDoS) attacks. In addition, for the imbalanced dataset problem of multiclass classification, our proposed HMC architecture performs better than previous single classifiers. We also simulated the SDN topology and scenario verification. In summary, we concatenated the AI module to enhance the security and effectiveness of SDN networks in a practical manner.

Zhang Long,Wang Jinsong

DOI: https://doi.org/10.1016/j.cose.2022.102604

2022-04-01

Abstract:Software-defined networking (SDN) is a new network architecture that offers considerable management convenience and efficiency relative to conventional networks. However, the centralized control employed in SDN incurs a high risk of single point failure that is susceptible to distributed denial of service (DDoS) attacks. The present work addresses this issue by proposing a hybrid approach for detecting DDoS attacks using an initial detection module based on information entropy to quickly identify anomalous traffic and a second detection module based on machine learning with a stacked sparse autoencoder (SSAE)–support vector machine (SVM) architecture to confirm the suspected anomalous traffic. If DDoS traffic is detected, a defense module is implemented to restore normal network communication in a timely manner via an issued flow table. The effectiveness and efficiency of the proposed approach for DDoS detection is experimentally evaluated using both real-time and benchmark datasets in comparison with state-of-the-art methods. The results demonstrate that the proposed approach provides superior detection performance and identifies greater than 98% of existing DDoS traffic with greatly reduced training time and computational burden.

computer science, information systems

Trung V. Phan,Minho Park

DOI: https://doi.org/10.1109/access.2019.2896783

IF: 3.9

2019-01-01

IEEE Access

Abstract:Software-defined networking (SDN) is the key outcome of extensive research efforts over the past few decades toward transforming the Internet infrastructure to be more programmable, configurable, and manageable. However, critical cyber-threats in the SDN-based cloud environment are rising rapidly, in which distributed denial-of-service (DDoS) attack is one of the most damaging cyber attacks. In this paper, we propose an efficient solution to tackle DDoS attacks in the SDN-based cloud environment. We first introduce a new hybrid machine learning model based on support vector machine and self-organizing map algorithms to improve the traffic classification. Then, we propose an enhanced history-based IP filtering scheme ( $eHIPF$ ) to improve the attack detection rate and speed. Finally, we introduce a novel mechanism that combines both the hybrid machine learning model and the $eHIPF$ scheme to make a DDoS attack defender for the SDN-based cloud environment. The testbed is implemented in an SDN-based cloud with service function chaining. Through practical experiments, the proposed DDoS attack defender is proven to outperform existing mechanisms for DDoS attack classification and detection. The comprehensive experiments conducted with various DDoS attack levels prove that the proposed mechanism is an effective, innovative approach to defend DDoS attacks in the SDN-based cloud.

computer science, information systems,telecommunications,engineering, electrical & electronic

Tewelde Gebremedhin Gebremeskel,Ketema Adere Gemeda,T. Gopi Krishna,Perumalla Janaki Ramulu

DOI: https://doi.org/10.1155/2023/9965945

2023-06-24

Wireless Communications and Mobile Computing

Abstract:A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

computer science, information systems,telecommunications,engineering, electrical & electronic

Muhammad Aslam,Dengpan Ye,Aqil Tariq,Muhammad Asad,Muhammad Hanif,David Ndzi,Samia Allaoua Chelloug,Mohamed Abd Elaziz,Mohammed A A Al-Qaness,Syeda Fizzah Jilani

DOI: https://doi.org/10.3390/s22072697

2022-03-31

Abstract:The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.

DOI: https://doi.org/10.51316/jst.166.ssad.2023.33.2.1

2023-05-15

Abstract:Software Defined Network (SDN) is a new architecture designed to make the network infrastructure more flexible and easier to manage. It allows network administrators to configure network parameters as well as integrating new functions using programming languages easily. Thanks to the centralized control paradigm, it is easier to collect information of the entire network, which facilitates the implementation of machine learning algorithms to detect anomaly traffic as well as network attacks. Recently, with the development of machine learning and artificial intelligence, several methods have been applied to detect and mitigate Distributed Denial of Service (DDoS) attacks. However, all of activities from monitoring data, detecting and mitigating the attack consume time and resources. To reduce unnecessary redundancy, in this paper, we divide attack detection into two phases, which are anomaly detection phase with lightweight machine learning algorithm and attack detection phase when anomaly behaviors have been detected. This reduces the in-depth analysis of normal traffic and helps to improve the use of computing resources and data transmission efficiency of the network. By setting up a testbed, we have successfully run this model as well as evaluated the accuracy of the model. The results show that our model can detect attacks quickly and accurately.

Yinglun Ma,Xu Chen,Wei Feng,Ning Ge

DOI: https://doi.org/10.23919/jcc.2022.05.002

2022-01-01

China Communications

Abstract:With the rapid development of the sixth generation (6G) network and Internet of Things (IoT), it has become extremely challenging to efficiently detect and prevent the distributed denial of service (DDoS) attacks originating from IoT devices. In this paper we propose an innovative trust model for IoT devices to prevent potential DDoS attacks by evaluating their trustworthiness, which can be deployed in the access network of 6G IoT. Based on historical communication behaviors, this model combines spatial trust and temporal trust values to comprehensively characterize the normal behavior patterns of IoT devices, thereby effectively distinguishing attack traffic. Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic. Compared with the benchmark methods, our method has advantages in terms of both accuracy and efficiency in identifying attack flows.

Jin Wang,Liping Wang

DOI: https://doi.org/10.3390/s22218287

IF: 3.9

2022-10-29

Sensors

Abstract:With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of service (DDoS) attacks, which will cause the memory of controllers and switches to be occupied, network bandwidth and server resources to be exhausted, affecting the use of normal users. To solve this problem, this paper designs and implements an online attack detection and mitigation SDN defense system. The SDN defense system consists of two modules: anomaly detection module and mitigation module. The anomaly detection model uses a lightweight hybrid deep learning method—Convolutional Neural Network and Extreme Learning Machine (CNN-ELM) for anomaly detection of traffic. The mitigation model uses IP traceback to locate the attacker and effectively filters out abnormal traffic by sending flow rule commands from the controller. Finally, we evaluate the SDN defense system. The experimental results show that the SDN defense system can accurately identify and effectively mitigate DDoS attack flows in real-time.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xian Guo,Hongbo Xian,Tao Feng,Yongbo Jiang,Di Zhang,Junli Fang

DOI: https://doi.org/10.7717/peerj-cs.1674

2023-11-17

Abstract:Software-defined networking (SDN) faces many of the same security threats as traditional networks. The separation of the SDN control plane and data plane makes the controller more vulnerable to cyber attacks. The conventional "perimeter defense" network security model cannot prevent lateral movement attacks caused by malicious insider users or hardware and software vulnerabilities. The "zero trust architecture" has become a new security network model to protect enterprise network security. In this article, we propose an intelligent zero-trust security framework IZTSDN for the software-defined networking by integrating deep learning and zero-trust architecture, which adopts zero-trust architecture to protect every resource and network connection in the network. IZTSDN uses a traffic anomaly detection mode CALSeq2Seql based on a deep learning algorithm to analyze users' network behavior in real-time and achieve continuous tracking and analysis of users, restrict malicious users from accessing network resources, and realize the dynamic authorization process. Finally, the Mininet simulation platform is extended to build the simulation platform MiniIZTA supporting zero-trust architecture and the proposed security framework IZTSDN is experimentally analyzed. The experimental results show that the IZTSDN security framework can provide about 80.5% of throughput when the network is attacked. The accuracy of abnormal traffic detection reaches 99.56% on the SDN dataset, which verifies that the reliability and availability of the IZTSDN security framework are verified.

DOI: https://doi.org/10.1007/s13042-024-02147-x

2024-05-14

International Journal of Machine Learning and Cybernetics

Abstract:The Internet of Things (IoT) connects billions of devices. However, because of its heterogeneous system and broad connectivity, it is vulnerable to various intrusion challenges, resulting in data and financial loss. The IoT environment must be secured from such threats. This research proposes an SDN-enabled Deep-Learning-Driven System for IoT intrusion detection. Intrusion detection can detect unknown threats from network traffic and is a good network security measure. Most current network anomaly detection approaches use standard machine learning models like KNN and SVM. These approaches have some significant advantages, but they are not very accurate and rely on manual traffic design, which is outmoded in the age of big data. Our proposed Hybrid Deep Learning-based Intrusion Detection System (HDLIDS) addresses low accuracy and feature engineering issues. HDLIDS uses a novel Modified Hybrid Deep Belief Network with Weights (MHDBN-W) algorithm to detect existing and new cyberattacks. The MHDBN-W method consists of an MCL, a layer combining the MGBRBM and DNN-W algorithms, and an aggregator layer. The MHDBN-W technique has two phases: UL and SL of traffic features into normal and abnormal classes. The HDLIDS model is evaluated on the CICIDS2018 dataset compared to other conventional learning methods. It outperforms all other models in all performance criteria.

computer science, artificial intelligence

Ahmad Hamarshe,Huthaifa I. Ashqar,Mohammad Hamarsheh

DOI: https://doi.org/10.48550/arXiv.2303.06513

IF: 5.414

2023-03-11

Machine Learning

Abstract:The concept of Software Defined Networking (SDN) represents a modern approach to networking that separates the control plane from the data plane through network abstraction, resulting in a flexible, programmable and dynamic architecture compared to traditional networks. The separation of control and data planes has led to a high degree of network resilience, but has also given rise to new security risks, including the threat of distributed denial-of-service (DDoS) attacks, which pose a new challenge in the SDN environment. In this paper, the effectiveness of using machine learning algorithms to detect distributed denial-of-service (DDoS) attacks in software-defined networking (SDN) environments is investigated. Four algorithms, including Random Forest, Decision Tree, Support Vector Machine, and XGBoost, were tested on the CICDDoS2019 dataset, with the timestamp feature dropped among others. Performance was assessed by measures of accuracy, recall, accuracy, and F1 score, with the Random Forest algorithm having the highest accuracy, at 68.9%. The results indicate that ML-based detection is a more accurate and effective method for identifying DDoS attacks in SDN, despite the computational requirements of non-parametric algorithms.

Jin Ye,Xiangyang Cheng,Jian Zhu,Luting Feng,Ling Song

DOI: https://doi.org/10.1155/2018/9804061

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:The detection of DDoS attacks is an important topic in the field of network security. The occurrence of software defined network (SDN) (Zhang et al., 2018) brings up some novel methods to this topic in which some deep learning algorithm is adopted to model the attack behavior based on collecting from the SDN controller. However, the existing methods such as neural network algorithm are not practical enough to be applied. In this paper, the SDN environment by mininet and floodlight (Ning et al., 2014) simulation platform is constructed, 6-tuple characteristic values of the switch flow table is extracted, and then DDoS attack model is built by combining the SVM classification algorithms. The experiments show that average accuracy rate of our method is 95.24 % with a small amount of flow collecting. Our work is of good value for the detection of DDoS attack in SDN.

computer science, information systems,telecommunications

Yuhua Xu,Yunfeng Yu,Hanshu Hong,Zhixin Sun

DOI: https://doi.org/10.1155/2021/5594468

IF: 1.968

2021-04-10

Security and Communication Networks

Abstract:Software-defined networking (SDN) emerges as an innovative network paradigm, which separates the control plane from the data plane to improve the network programmability and flexibility. It is widely applied in the Internet of Things (IoT). However, SDN is vulnerable to DDoS attacks, which can cause network disasters. In order to protect SDN security, a DDoS detection method using cloud-edge collaboration based on Entropy-Measuring Self-organizing Maps and KD-tree (EMSOM-KD) is designed for SDN. Entropy measurement is utilized to select the ideal SOM map and classify SOM neurons considering the limitation of dead and suspicious neurons. EMSOM can detect most flows directly and filter out a few doubtable flows. Then these flows are fine-grained, identified by KD-tree. Due to the limited and precious resources of the controller, parameter computation is performed in the cloud. The edge controller implements DDoS detection by EMSOM-KD. The experiments are conducted to evaluate the performance of the proposed method. The results show that EMSOM-KD has better detection accuracy; moreover, it improves the KD-tree detection efficiency.

computer science, information systems,telecommunications

Zhaohui Ma,Jialiang Huang

DOI: https://doi.org/10.1007/978-981-15-2767-8_33

2020-01-01

Abstract:The seperation of control layer from data layer through SDN (software defined network) enables network administrators to plan the network programmatically without changing network devices, realizing flexible configuration of network devices and fast forwarding of data flows. However, due to its construction, SDN is vulnerable to be attacked by Distributed Denial of Service (DDoS) attack. So it is important to detect DDoS attack in SDN network. This paper presents a DDoS detection scheme based on the machine learning method of SVM (support vector machine) support vector machine in SDN environment. By extracting the flow table information features in SDN network, the data is detected and the data model of DDoS traffic can be trained, and the purpose of DDoS abnormal traffic identification is finally realized.

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications