Abstract
Software-Defined Networking (SDN) is a new paradigm that revolutionizes the idea of a software-driven network through the separation of control and data planes. It addresses the problems of traditional network architecture. Nevertheless, this brilliant architecture is exposed to several security threats, e.g., the distributed denial of service (DDoS) attack, which is hard to contain in such software-based networks. The concept of a centralized controller in SDN makes it a single point of attack as well as a single point of failure. In this paper, deep learning-based models, long-short term memory (LSTM) and convolutional neural network (CNN), are investigated. It illustrates their possibility and efficiency in being used in detecting and mitigating DDoS attack. The paper focuses on TCP, UDP, and ICMP flood attacks that target the controller. The performance of the models was evaluated based on the accuracy, recall, and true negative rate. We compared the performance of the deep learning models with classical machine learning models. We further provide details on the time taken to detect and mitigate the attack. Our results show that RNN LSTM is a viable deep learning algorithm that can be applied in the detection and mitigation of DDoS in the SDN controller. Our proposed model produced an accuracy of 89.63%, which outperformed linear-based models such as SVM (86.85%) and Naive Bayes (82.61%). Although KNN, which is a linear-based model, outperformed our proposed model (achieving an accuracy of 99.4%), our proposed model provides a good trade-off between precision and recall, which makes it suitable for DDoS classification. In addition, it was realized that the split ratio of the training and testing datasets can give different results in the performance of a deep learning algorithm used in a specific work. The model achieved the best performance when a split of 70/30 was used in comparison to 80/20 and 60/40 split ratios.
Highlights
Deep learning has been used in both Software-Defined Networking (SDN) and non-SDN architectures for intrusion detection but not distributed denial of service (DDoS) classification in SDN [17,18]
The long-short term memory (LSTM) model achieved a good tradeoff between a high recall and precision, as shown in Figures 12–14, which makes it suitable for DDoS classification
We demonstrated that recurrent neural network (RNN) LSTM is a viable deep learning algorithm that can be applied in the detection and mitigation of DDoS in the SDN controller
Summary
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. It is, necessary to implement a system that addresses this security threat. The feasibility and efficiency of applying variants of deep neural networks, namely convolutional neural network (CNN) and long short-term memory (LSTM), in training an ML model to detect and mitigate DDoS attack on SDN controllers are investigated. The performance analysis of linear-based ML and neural network models in the detection and mitigation of DDoS flood attacks was done using various train–test split ratios (60/40, 70/30, and 80/20).
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
