Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Amran Mansoor,Mohammed Anbar,Abdullah Ahmed Bahashwan,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.3390/systems11060296

2023-06-09

Systems

Abstract:The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

Xu Yan,Liu Yongming,Ma JinXing

DOI: https://doi.org/10.1007/978-981-19-7242-3_16

2020-01-01

Abstract:Software-defined networking (SDN) can provide flexible traffic control and is an important part of the next-generation computer network. Distributed Denial of Service (DDoS) attack targeting the controller can seriously affect the performance of SDN. Although there are many schemes to detect and defend against this type of attack, the detection accuracy and efficiency of these schemes are severely limited due to the large scale and high dimension of traffic in SDN. According to the characteristics of SDN, this paper presents a new feature selection method to detect and defend against DDoS attacks targeting the controller. Firstly, Spearman’s rank correlation coefficient and Gini impurity were used to extract the optimal feature subset. Then the attack detection module will detect the DDoS attack. Finally, attack defense module is introduced to filter attack packets and protect controller computing resources. We used the NSL-KDD dataset for evaluation and comparison with other schemes. Experimental results show that our scheme can detect and defend against DDoS attacks accurately.

Tewelde Gebremedhin Gebremeskel,Ketema Adere Gemeda,T. Gopi Krishna,Perumalla Janaki Ramulu

DOI: https://doi.org/10.1155/2023/9965945

2023-06-24

Wireless Communications and Mobile Computing

Abstract:A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhenpeng Liu,Yihang Wang,Fan Feng,Yifan Liu,Zelin Li,Yawei Shan

DOI: https://doi.org/10.3390/s23136176

IF: 3.9

2023-07-06

Sensors

Abstract:Distributed denial-of-service (DDoS) attacks pose a significant cybersecurity threat to software-defined networks (SDNs). This paper proposes a feature-engineering- and machine-learning-based approach to detect DDoS attacks in SDNs. First, the CSE-CIC-IDS2018 dataset was cleaned and normalized, and the optimal feature subset was found using an improved binary grey wolf optimization algorithm. Next, the optimal feature subset was trained and tested in Random Forest (RF), Support Vector Machine (SVM), K-Nearest Neighbor (k-NN), Decision Tree, and XGBoost machine learning algorithms, from which the best classifier was selected for DDoS attack detection and deployed in the SDN controller. The results show that RF performs best when compared across several performance metrics (e.g., accuracy, precision, recall, F1 and AUC values). We also explore the comparison between different models and algorithms. The results show that our proposed method performed the best and can effectively detect and identify DDoS attacks in SDNs, providing a new idea and solution for the security of SDNs.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shideh Yavary Mehr,Byrav Ramamurthy

DOI: https://doi.org/10.1145/3360468.3368183

2019-12-09

Abstract:Software-Defined Networking (SDN) is a dynamic, and manageable network architecture which is more cost-effective than existing network architectures. The idea behind this architecture is to centralize intelligence from the network hardware and funnel this intelligence to the management system (controller) [2]-[4]. Since the centralized SDN controller controls the entire network and manages policies and the flow of the traffic throughout the network, it can be considered as the single point of failure [1]. It is important to find some ways to identify different types of attacks on the SDN controller [8]. Distributed Denial of Service (DDoS) attack is one of the most dangerous attacks on SDN controller. In this work, we implement DDoS attack on the Ryu controller in a tree network topology using Mininet emulator. Also, we use a machine learning method, Vector Machines (SVM) to detect DDoS attack. We propose to install flows in switches, and we consider time attack pattern of the DDoS attack for detection. Simulation results show the effects of DDoS attacks on the Ryu controller is reduced by 36% using our detection method.

Yonghong Wang,Xiaofeng Wang,Mazeyanti Mohd Ariffin,Masoumeh Abolfathi,Abdulmajeed Alqhatani,Laila Almutairi

DOI: https://doi.org/10.1016/j.compeleceng.2023.108655

2023-05-01

Abstract:The Software-Defined Network (SDN) provides a more flexible and effectively managed network design for next-generation networking. Network managers can easily manage and regulate the entire network using its programmable central controller architecture. This central controller serves as the focal point for numerous attack vectors due to its centralized structure. However, Distributed Denial of Service (DDoS) attacks against the SDN is the most prominent. The goal of this project is to use a machine learning method to categorize SDN traffic as either attack or normal traffic. Next, the Feature Selection method, such as the Filter-based Fisher score method, Wrapper-based method, and analysis of variables (ANOVA) f-test, is used for finely-granulated detection. Then, a rule-based detection method using the Renyi joint entropy algorithm is employed to detect DDoS attacks on SDN controllers. We manage a public "DDoS attack SDN Dataset" with 23 attributes overall. The dataset includes normal and attack traffic for the Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), and Transmission Control Protocol (TCP). Except for attributes that specify the target and source machines, the dataset, which contains more than 100,000 recordings, has statistical features such as byte count, duration sec, packet rate, and packet per flow. In the classification process, many classifiers such as Artificial Neural Network (ANN), XGBoost (XGB), Support Vector Machine (SVM), and k-Nearest Neighbor (k-NN) were used. The test results demonstrated the efficacy and efficiency of the suggested strategy using the analysis of variables (ANOVA), which performed better than competing methods across a range of evaluation parameters.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Ancy Sherin Jose,Latha R Nair,Varghese Paul

DOI: https://doi.org/10.47059/revistageintec.v11i4.2411

2021-07-29

Revista Gestão Inovação e Tecnologias

Abstract:Distributed Denial of Service Attack (DDoS) has emerged as a major threat to cyber space. A DDoS attack aims at exhausting the resources of the victim causing financial and reputational damages to it. The availability of free software make launching of DDoS attacks easy. The difficulty in differentiating a DDoS traffic from a legitimate traffic burst such as a flash crowd makes DDoS difficult to be identified. A wide range of techniques have been used in conventional networks to detect and mitigate DDoS attacks. Though the advent of Software Defined Networking (SDN) makes a network easy to be managed even SDN is vulnerable to DDoS attacks. In this case, the controller of the SDN gets overloaded with the incoming packets from the switches. In fact, a solution based on security analytics can be put in place to ward off this threat as a proactive security measure using the flow level statistics available from the SDN. Compared to the packet analysis used in traditional networks which is resource expensive the flow level statistics is relatively inexpensive. This paper focuses on the design and implementation of an attack detection system for detecting the flooding DDoS attacks TCP SYN flooding attacks, HTTP request flooding attacks, UDP flooding attacks and ICMP flooding attacks over SDN network traffic. The system uses various classification algorithms to classify a traffic into normal or attack. The feature sets for classification were arrived at using a feature selection module with ANOVA (Analysis of Variance) F-Test statistical method. Performance evaluation of each of the classifiers was carried out for the three feature sets obtained from the feature selection module using various performance measures and the results have been tabulated. The feature set which gives the best performance in detecting malicious traffic has been identified.

Abbas Jasem Altamemi,Aladdin Abdulhassan,Nawfal Turki Obeis

DOI: https://doi.org/10.11591/eei.v11i5.4155

2022-10-01

Bulletin of Electrical Engineering and Informatics

Abstract:The term software defined networking (SDN) is a network model that contributes to redefining the network characteristics by making the components of this network programmable, monitoring the network faster and larger, operating with the networks from a central location, as well as the possibility of detecting fraudulent traffic and detecting special malfunctions in a simple and effective way. In addition, it is the land of many security threats that lead to the complete suspension of this network. To mitigate this attack this paper based on the use of machine learning techniques contribute to the rapid detection of these attacks and methods were evaluated detecting DDoS attacks and choosing the optimum accuracy for classifying these types within the SDN, the results showed that the proposed system provides the better results of accuracy to detect the DDos attack in SDN network as 99.90% accuracy of Decision Tree (DT) algorithm.

Huseyin Polat,Onur Polat,Aydin Cetin

DOI: https://doi.org/10.3390/su12031035

IF: 3.9

2020-02-01

Sustainability

Abstract:Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

environmental sciences,environmental studies,green & sustainable science & technology

Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Liang Tan,Yue Pan,Jing Wu,Jianguo Zhou,Hao Jiang,Yuchuan Deng

DOI: https://doi.org/10.1109/access.2020.3021435

IF: 3.9

2020-01-01

IEEE Access

Abstract:While software defined network (SDN) brings more innovation to the development of future networks, it also faces a more severe threat from DDoS attacks. In order to deal with the single point of failure on SDN controller caused by DDoS attacks, we propose a framework for detection and defense of DDoS attacks in the SDN environment. Firstly, we deploy a trigger mechanism of DDoS attack detection on data plane to screen for abnormal flows in the network. Then, we use a combined machine learning algorithm based on K-Means and KNN to exploit the rate characteristics and asymmetry characteristics of the flows and to detect the suspicious flows determined by the detection trigger mechanism. Finally, the controller will take corresponding actions to defense against the attacks. In this paper, we propose a new framework of cooperative detection methods of control plane and data plane, which effectively improve the detection accuracy and efficiency, and prevent DDoS attacks on SDN.

Quamar Niyaz,Weiqing Sun,Ahmad Y Javaid

DOI: https://doi.org/10.4108/eai.28-12-2017.153515

2016-11-23

Abstract:Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. We propose a deep learning based multi-vector DDoS detection system in a software-defined network (SDN) environment. SDN provides flexibility to program network devices for different objectives and eliminates the need for third-party vendor-specific hardware. We implement our system as a network application on top of an SDN controller. We use deep learning for feature reduction of a large set of features derived from network traffic headers. We evaluate our system based on different performance metrics by applying it on traffic traces collected from different scenarios. We observe high accuracy with a low false-positive for attack detection in our proposed system.

Networking and Internet Architecture

Manish Kumar Rajak,Ravindra Tiwari

DOI: https://doi.org/10.15680/ijircce.2024.1203507

2024-03-25

International Journal of Innovative Research in Computer and Communication Engineering

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS- attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Nisha Ahuja,Debajyoti Mukhopadhyay,Gaurav Singal

DOI: https://doi.org/10.1007/s00779-023-01785-2

2024-01-25

Personal and Ubiquitous Computing

Abstract:Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.

computer science, information systems,telecommunications

Dong Li,Chang Yu,Qizhao Zhou,Junqing Yu

DOI: https://doi.org/10.1088/1757-899x/466/1/012003

2018-01-01

IOP Conference Series Materials Science and Engineering

Abstract:Software Defined Network(SDN) controller has the global view of the network, but it is vulnerable to DDoS attack. This paper proposes a new model to detect DDoS attack in SDN based on SVM . Firstly The model extracts several key features from the packet-in messages and measures the distribution of each feature by using entropy, then uses trained Support Vector Machine(SVM) algorithm to detect the DDoS attack. Experiments shows that this method can detect security events with high efficiency and mitigate the DDoS attack in real-time.

Jin Ye,Xiangyang Cheng,Jian Zhu,Luting Feng,Ling Song

DOI: https://doi.org/10.1155/2018/9804061

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:The detection of DDoS attacks is an important topic in the field of network security. The occurrence of software defined network (SDN) (Zhang et al., 2018) brings up some novel methods to this topic in which some deep learning algorithm is adopted to model the attack behavior based on collecting from the SDN controller. However, the existing methods such as neural network algorithm are not practical enough to be applied. In this paper, the SDN environment by mininet and floodlight (Ning et al., 2014) simulation platform is constructed, 6-tuple characteristic values of the switch flow table is extracted, and then DDoS attack model is built by combining the SVM classification algorithms. The experiments show that average accuracy rate of our method is 95.24 % with a small amount of flow collecting. Our work is of good value for the detection of DDoS attack in SDN.

computer science, information systems,telecommunications

Ahmad Hamarshe,Huthaifa I. Ashqar,Mohammad Hamarsheh

DOI: https://doi.org/10.48550/arXiv.2303.06513

IF: 5.414

2023-03-11

Machine Learning

Abstract:The concept of Software Defined Networking (SDN) represents a modern approach to networking that separates the control plane from the data plane through network abstraction, resulting in a flexible, programmable and dynamic architecture compared to traditional networks. The separation of control and data planes has led to a high degree of network resilience, but has also given rise to new security risks, including the threat of distributed denial-of-service (DDoS) attacks, which pose a new challenge in the SDN environment. In this paper, the effectiveness of using machine learning algorithms to detect distributed denial-of-service (DDoS) attacks in software-defined networking (SDN) environments is investigated. Four algorithms, including Random Forest, Decision Tree, Support Vector Machine, and XGBoost, were tested on the CICDDoS2019 dataset, with the timestamp feature dropped among others. Performance was assessed by measures of accuracy, recall, accuracy, and F1 score, with the Random Forest algorithm having the highest accuracy, at 68.9%. The results indicate that ML-based detection is a more accurate and effective method for identifying DDoS attacks in SDN, despite the computational requirements of non-parametric algorithms.