LION IDS: A meta-heuristics approach to detect DDoS attacks against Software-Defined Networks

Abstract

Most of the enterprises are transforming their conventional networks into Software-Defined Network (SDN) to avail the cost efficiency and network flexibility. But recent attacks and security breaches against SDNs expose the security weakness of the technology. Distributed Denial of Service (DDoS) is the most common attack launched against various SDN architecture layers. Hence, DDoS has been claimed to be the most dangerous attack and threat to SDN. The existing mitigation techniques are traffic volumetric methods, entropical methods and traffic flow analysis methods. They depend on traffic sampling to achieve truly inline against DDoS detection accuracy in real time. However, traffic sampling-based methods are expensive with chances for incomplete approximation of underlying traffic patterns being very high. Early detection of DDoS attack in the controller is critical and requires highly adaptive and accurate methods. In this paper, an effective and accurate DDoS detection method using Lion optimization algorithm is proposed. The proposed detection technique is robust enough to detect DDoS attack within the least magnitude of attack traffic. Further, to evaluate the performance, the proposed method is compared with the state-of-the-art techniques. The outcome of this paper is current method limitation and scope for improvement depicted from overall study and analysis. The experimental results have proved that the proposed method outperforms the existing state-of-the-art methods with 96% accuracy.