Abstract
The Software-Defined Network (SDN) is a new network paradigm that promises more dynamic and efficiently manageable network architecture for new-generation networks. With its programmable central controller approach, network operators can easily manage and control the whole network. However, at the same time, due to its centralized structure, it is the target of many attack vectors. Distributed Denial of Service (DDoS) attacks are the most effective attack vector to the SDN. The purpose of this study is to classify the SDN traffic as normal or attack traffic using machine learning algorithms equipped with Neighbourhood Component Analysis (NCA). We handle a public “DDoS attack SDN Dataset” including a total of 23 features. The dataset consists of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) normal and attack traffics. The dataset, including more than 100 thousand recordings, has statistical features such as byte_count, duration_sec, packet rate, and packet per flow, except for features that define source and target machines. We use the NCA algorithm to reveal the most relevant features by feature selection and perform an effective classification. After preprocessing and feature selection stages, the obtained dataset was classified by k-Nearest Neighbor (kNN), Decision Tree (DT), Artificial Neural Network (ANN), and Support Vector Machine (SVM) algorithms. The experimental results show that DT has a better accuracy rate than the other algorithms with 100% classification achievement.
Highlights
Software-Defined Network (SDN) is a new paradigm that facilitates network management with its dynamic and programmable structure
Itstaoirmasgeto) [c7o]n. sIut maiemtshetobaconndswuimdtehtohfe tbhaenndewtwidotrhkowf itthhevnoeltuwmoertkriwc iatthtavcoklsu. mCeotmrimc aotntaactktsa.cCksomsumchoansaItCtaMckPs, UsuDchP,aasnIdCTMCPP,USYDNP, flaonoddTaCreP-pSeYrNforfmloeoddbayreupsienrgfovrmulenderbaybiulistiinesgivnuLlnayerearb3ilaitniedsLinayLeary4erpr3oatoncdoLlsa[y8e]r. 4 protocols I[n8]t.his study, we focus on the SDN to ensure a lightweight hybrid model equipped with NInCtAhisanstdudmya,cwhienfeolceuasrnoinngthaepSpDroNacthoeesntosucroenatrliibguhttewteoigehntsuhryibnrgida mneowd-egleenqeuriaptipoend mwaitnhagNeCabAleannedtwmoarckhainrcehlieteacrtnuinreg. aInppdreoteaccthinegs tDoDcoonStartitbauctkestwo ietnhsmuraicnhginaenleeawr-ngiennge, rsaotmioen flmoawnacgheaarabcletenreisttwicosr(kpaarcckheittesciztue,rea.rIrnivdaeltteimctien,greDspDoonSsaetttiamckes, wpaitchkemt arachtei,npealecakrentipnegr, sfloomwe, eftlco.w) acrheaursaecdtetroisitdicesn(tpifaycwkehtestihzeer, tahrerivnaetlwtiomrke,trreasfpfioc nissenotirmmea,lp
Hyper-parameters of machine learning algorithms were determined automatically using the method of optimization of hyper-parameters to perform an effective classification
Summary
SDN is a new paradigm that facilitates network management with its dynamic and programmable structure. In SDN, control and data planes are divided from each other, and network management is carried out by a central controller [1]. This emerging new approach brings along security problems in addition to the advantages it provides. In addition to attacks encountered in traditional network structures, SDN is exposed to attacks specific to itself [2]. DDoS attacks in which users are denied access to network services are at the top of the attacks on the controller
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
