Detection of DDoS Attacks in Software Defined Networks

Abstract

Software Defined Networking (SDN) is an emerging networking paradigm which makes network agile, flexible and programmable. The important feature of SDN is its centralized control plane which manages the entire network. Distributed Denial of Service (DDoS) is the most popular cyber attack which results in exhaustion of the system resources, thus resulting in non-availability of the services to serve legitimate requests. SDN controller is highly vulnerable to DDoS attacks due to its centralized nature. Thus, detection of the DDoS attacks in the controller at the earliest is an important research issue. Many techniques are proposed to detect DDoS attacks. However, very few studies have been carried out in the context of SDN. In this work, we propose DDoS attack detection system for SDN using two levels of security. We first detect signature based attacks using Snort. Further, we use machine learning algorithms to detect anomaly based attacks. We use two algorithms namely Support Vector Machine (SVM) classifier and the Deep Neural Network (DNN) to create trained model based on KDD Cup dataset. We evaluate our system in SDN environment created using Mininet emulator with Ryu controller. The results reveal that DNN performs better than SVM.