The rising complexity and persistence of Distributed Denial of Service (DDoS) attacks, particularly low-rate variants, present significant challenges in detection and mitigation within Software-Defined Networking (SDN) environments. Existing detection systems often flood networks with alerts, burdening security personnel and delaying timely mitigation. Furthermore, many solutions are designed and tested in simulated conditions, limiting their real-world applicability. To address these challenges, we propose an SDN-based security framework enhanced with automated monitoring, detection, and mitigation capabilities, optimized for slow-rate DDoS attacks. Our framework was rigorously evaluated on a physical testbed, achieving mitigation efficiencies between 91.66% and 100% under varied attack conditions, thus proving its robustness in practical settings. Additionally, we introduce the SDN-SlowRate-DDoS dataset, designed to assist researchers and industry professionals in developing and testing intrusion detection solutions in more realistic scenarios. To further improve DDoS defense in SDN, we incorporate an ensemble online machine learning model that dynamically adapts to evolving attack patterns, enhancing accuracy across attack types and outperforming traditional models with a detection rate of 99.2% on benchmark datasets. This dual approach leverages both real-world testing and adaptive machine learning, advancing proactive DDoS threat management in SDN environments
Read full abstract