Distributed denial of service attacks detection for software defined networks based on evolutionary decision tree model

Abstract

The software defined networks (SDN) system has modern techniques in networking, it separates the forwarding plane from the control plane and works to collect control functions in a central unit (controller), and this separation process leads to many advantages, such as cost reduction and programming ability. Concurrently, because of its centralized architecture, it is prone to a variety of attacks. Distributed denial of service (DDoS) attack has a significant impact on SDN, it is characterized by its ability to consume network resources as well as its ability to turn off the entire network. The work in this study aims to improve and increase the security and robustness of SDN systems against the attack or intrusion, by using a machine learning model to detect attack traffic and classify traffic of SDN as (attack or normal), and optimization algorithm (genetic algorithm) for improving the accuracy of the classification. After preparing and preprocessing the dataset, we used the genetic algorithm (GA) to optimize the hyperparameters of the decision tree (DT) model, and the proposed evolutionary decision tree (EDT) model was used to classify traffic into normal and attack traffic. The results indicate that the suggested model achieved a high classification accuracy of 99.46.