Abstract
Software-defined networks (SDNs) offer robust network architectures for current and future Internet of Things (IoT) applications. At the same time, SDNs constitute an attractive target for cyber attackers due to their global network view and programmability. One of the major vulnerabilities of typical SDN architectures is their susceptibility to Distributed Denial of Service (DDoS) flooding attacks. DDoS flooding attacks can render SDN controllers unavailable to their underlying infrastructure, causing service disruption or a complete outage in many cases. In this paper, machine learning-based detection and classification of DDoS flooding attacks on SDNs is investigated using popular machine learning (ML) algorithms. The ML algorithms, classifiers and methods investigated are quadratic discriminant analysis (QDA), Gaussian Naïve Bayes (GNB), k-nearest neighbor (k-NN), and classification and regression tree (CART). The general principle is illustrated through a case study, in which, experimental data (i.e. jitter, throughput, and response time metrics) from a representative SDN architecture suitable for typical mid-sized enterprise-wide networks is used to build classification models that accurately identify and classify DDoS flooding attacks. The SDN model used was emulated in Mininet and the DDoS flooding attacks (i.e. hypertext transfer protocol (HTTP), transmission control protocol (TCP), and user datagram protocol (UDP) attacks) have been launched on the SDN model using low orbit ion cannon (LOIC). Although all the ML methods investigated show very good efficacy in detecting and classifying DDoS flooding attacks, CART demonstrated the best performance on average in terms of prediction accuracy (98%), prediction speed (5.3 ×105 observations per second), training time (12.4 ms), and robustness.
Highlights
IntroductionN ETWORKING technologies such as Internet of Things (IoT) are growing at steady rates in terms of users, intermediate systems (i.e. network devices), and applications
N ETWORKING technologies such as Internet of Things (IoT) are growing at steady rates in terms of users, intermediate systems, and applications
An application of the extreme gradient boosting (XGBoost) algorithm for the detection and classification of Distributed Denial of Service (DDoS) flooding attacks can be found in [39]. These results show better performance compared to random forest, support vector machine, and gradient boosting decision tree when applied in an software-defined networks (SDNs)-based cloud network
Summary
N ETWORKING technologies such as IoT are growing at steady rates in terms of users, intermediate systems (i.e. network devices), and applications. The increasing emphasis on seamless and distributed connectivity, cloudbased applications, and real-time network monitoring and automation suggests that these trends are likely to continue [3] In line with this growth and the quality of service delivery to accommodate the increasing demands of network users, there is a synergy between research communities and industries in exploring innovative ways of modeling network architectures [4], [5]. A particular area of interest in this regard is software-defined networks (SDNs) that decouple their control planes from their data planes [6] This distinct feature of SDNs has led to many state-of-the-art IoT network architectures such as 5G and beyond network architectures being SDN-based [7]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
