Machine Learning-Based DDoS Attack Detection in Software-Defined Networking

Abstract

Software-defined networking (SDN) has recently become a prominent technique for addressing the inherent difficulties of traditional distributed networks. The main advantage of SDN is the decoupling of the control plane and the data plane, which makes the network more flexible and manageable. SDN is a network architecture of the future; nevertheless, its configuration settings are centralized, leaving it vulnerable to DDoS attacks. Distributed Denial of Service (DDoS) represents a grave threat to computer networks. These attacks are common because they are simple to execute and difficult to detect. Due to this vulnerability, the SDN controller will be flooded by the incoming packets from the switches, resulting in its overload. This project intends to create and deploy an attack detection system based on machine learning (ML) algorithms for detecting DDoS attacks over SDN network traffic. Using the CICIDS2017 dataset, the ML models were trained and tested. The feature sets for classification were determined using a proposed features selection algorithm, evaluation via multiple tests, and the filtered features are the most applicable and relevant in an SDN environment. The performance of each classifier was evaluated using different performance metrics for the four feature sets obtained from the feature selection algorithm. Using either 6 or 11 features, the candidate PART classifier achieves an accuracy of 99.77% and 99.96%, respectively. The proposed classifier shows high accuracy for both UDP and SYN attacks on the CICDDoS2019 dataset.