Cloud computing is a rapidly advancing technology with numerous benefits, such as increased availability, scalability, and flexibility. Relocating computing infrastructure to a network simplifies hardware and software resource monitoring in the cloud. Software-Defined Networking (SDN)-based cloud networking improves cloud infrastructure efficiency by dynamically allocating and utilizing network resources. While SDN cloud networks offer numerous advantages, they are vulnerable to Distributed Denial-of-Service (DDoS) attacks. DDoS attacks try to stop genuine users from using services and drain network resources to reduce performance or shut down services. However, early-stage detection of DDoS attack patterns in cloud environments remains challenging. Current methods detect DDoS at the SDN controller level, which is often time-consuming. We recommend focusing on SDN switches for early detection. Due to the large volume of data from diverse sources, we recommend traffic clustering and traffic anomalies prediction which is of DDoS attacks at each switch. Furthermore, to consolidate the data from multiple clusters, event correlation is performed to understand network behavior and detect coordinated attack activities. Many existing techniques stay behind for early detection and integration of multiple techniques to detect DDoS attack patterns. In this paper, we introduce a more efficient and effectively integrated SDN framework that addresses a gap in previous DDoS solutions. Our framework enables early and accurate detection of DDoS traffic patterns within SDN-based cloud environments. In this framework, we use Recursive Feature Elimination (RFE), Density Based Spatial Clustering (DBSCAN), time series techniques like Auto Regressive Integrated Moving Average (ARIMA), Lyapunov exponent, exponential smoothing filter, dynamic threshold, and lastly, Rule-based classifier. We have evaluated the proposed RDAER model on the CICDDoS 2019 dataset, that achieved an accuracy level of 99.92% and a fast detection time of 20 s, outperforming existing methods.
Read full abstract