Software Defined Network : The Comparison of SVM kernel on DDoS Detection

Abstract

SDN is a new technology in the concept of a network where there is a separation between the data plane and the control plane as the brain that regulates data forwarding so that it becomes a target for DDoS attacks. Detection of DDoS attacks is an important topic in the field of network security. because of the difficulty of detecting the difference between normal traffic and anomalous attacks. Based on data from helpnetsecurity.com, in 2020 there were 4.83 million attempted DoS/DDoS attacks on various services, this shows that network security is very important. Various methods have been used in detecting DDoS attacks such as using a threshold on passing network traffic with an average traffic size compared to 3 times the standard deviation, the weakness of this method is if there is a spike in traffic it will be detected as an attack even though the traffic is normal so that it increases false positives. To maintain security on the SDN network, the reason is that a system is needed that can detect DDoS attacks anomalously by taking advantage of the habits that appear on the system and assuming that if there are deviations from the habits that appear then it is declared a DDoS attack, the SVM method is used to categorize the data traffic obtained from the controller to detect whether it is a DDoS attack or not. Based on the tests conducted with 500 training data, the accuracy is 99,2%. The conclusion of this paper is that the RBF SVM kernel can be very good at detecting anomalous DDoS attacks.