Cutting-edge and innovative software solutions are provided to address network security, network virtualization, and other network-related challenges in highly congested SDN-powered networks. However, these networks are susceptible to the same security issues as traditional networks. For instance, SDNs are significantly vulnerable to distributed denial of service (DDoS) attacks. Previous studies have suggested various anomaly detection techniques based on machine learning, statistical analysis, or entropy measurement to combat DDoS attacks and other security threats in SDN networks. However, these techniques face challenges such as collecting sufficient and relevant flow data, extracting and selecting the most informative features, and choosing the best model for identifying and preventing anomalies. This paper introduces a new and advanced multi-stage modular approach for anomaly detection and mitigation in SDN networks. The approach consists of four modules: data collection, feature selection, anomaly classification, and anomaly response. The approach utilizes the NetFlow standard to gather data and generate a dataset, employs the Information Gain Ratio (IGR) to select the most valuable features, uses gradient-boosted trees (GBT), and leverages Representational State Transfer Application Programming Interfaces (REST API) and Static Entry Pusher within the floodlight controller to construct an exceptionally efficient structure for detecting and mitigating anomalies in SDN design. We conducted experiments on a synthetic dataset containing 15 types of anomalies, such as DDoS attacks, port scans, worms, etc. We compared our model with four existing techniques: SVM, KNN, DT, and RF. Experimental results demonstrate that our model outperforms the existing techniques in terms of enhancing Accuracy (AC) and Detection Rate (DR) while simultaneously reducing Classification Error (CE) and False Alarm Rate (FAR) to 98.80 %, 97.44 %, 1.2 %, and 0.38 %, respectively.
Read full abstract