Cyber-Secure SDN: A CNN-Based Approach for Efficient Detection and Mitigation of DDoS attacks

Abstract

Software Defined Networking (SDN) has become popular due to its flexibility and agility in network management, enabling rapid adaptation to changing business requirements, enhancing network performance, and reducing operational costs. However, the ubiquity of internet-based services has given rise to an alarming increase in cyber-attacks, posing serious threats to the security and stability of modern networks. Among these attacks, Distributed Denial of Service (DDoS) attacks have emerged as one of the most devastating, capable of disrupting critical services. Recent studies have shown that Deep Learning (DL) techniques with Software-defined networking have the potential to mitigate these threats effectively. However, existing solutions suffer from issues such as reliance on pre-defined rules and signatures, computational efficiency, low detection rates, and inefficient notification mechanisms, making them ineffective in detecting DDoS attacks. This paper proposes an efficient approach (BRS + CNN) using Balanced Random Sampling (BRS) and Convolutional Neural Networks (CNNs) to detect DDoS attacks in SDN environments. We have applied various mitigation techniques to mitigate these threats, such as filtering, rate limiting, and iptables rule for blocking spoofed IPs. In addition, we introduce a monitoring system that utilizes rate-limiting to oversee blocked IP addresses, ensuring that legitimate traffic is processed efficiently. The proposed model achieves high performance in binary and multi-classification, with an accuracy of over 99.99% for binary classification and 98.64% for multi-classification. Our proposed DDoS detection system not only detects the attack but also sends detailed contextual information to a designated email address. We compare our model with existing literature and demonstrate its superiority using Area Under The Curve (AUC) analysis. Moreover, we evaluated the efficiency and effectiveness of our proposed DDoS mitigation system by conducting a series of experiments across three distinct scenarios: Attack-Free, Attack-No Mitigation, and Attack-Mitigation. These results demonstrate the robustness of our proposed mitigation system in effectively combating DDoS attacks while also safeguarding the seamless continuity of regular network operations.