Abstract
Software-defined networking (SDN) has recently become a prominent technique for addressing the inherent difficulties of traditional distributed networks. The main advantage of SDN is the decoupling of the control plane and the data plane, which makes the network more flexible and manageable. SDN is a network architecture of the future; nevertheless, its configuration settings are centralized, leaving it vulnerable to DDoS attacks. Distributed Denial of Service (DDoS) represents a grave threat to computer networks. These attacks are common because they are simple to execute and difficult to detect. Due to this vulnerability, the SDN controller will be flooded by the incoming packets from the switches, resulting in its overload. This project intends to create and deploy an attack detection system based on machine learning (ML) algorithms for detecting DDoS attacks over SDN network traffic. Using the CICIDS2017 dataset, the ML models were trained and tested. The feature sets for classification were determined using a proposed features selection algorithm, evaluation via multiple tests, and the filtered features are the most applicable and relevant in an SDN environment. The performance of each classifier was evaluated using different performance metrics for the four feature sets obtained from the feature selection algorithm. Using either 6 or 11 features, the candidate PART classifier achieves an accuracy of 99.77% and 99.96%, respectively. The proposed classifier shows high accuracy for both UDP and SYN attacks on the CICDDoS2019 dataset.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kreutz, D., Ramos, F.M.V., Verissimo, P.E., et al.: Software-defined networking: a comprehensive survey. Proc IEEE 103, 14–76 (2014)
Kim, H., Feamster, N.: Improving network management with software defined networking. IEEE Commun. Mag. 51, 114–119 (2013)
Banitalebi Dehkordi, A., Soltanaghaei, M., Boroujeni, F.Z.: The DDoS attacks detection through machine learning and statistical methods in SDN. J. Supercomput. 77, 2383–2415 (2021)
Abubakar, R., Aldegheishem, A., Majeed, M.F., et al.: An effective mechanism to mitigate real-time DDoS attack. IEEE Access 8, 126215–126227 (2020)
Musumeci, F., Fidanci, A.C., Paolucci, F., et al.: Machine-Learning-enabled DDoS attacks detection in P4 programmable networks. J. Netw. Syst. Manag. 30, 1–27 (2022)
Bhushan, K., Gupta, B.B.: Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J. Ambient. Intell. Humaniz. Comput. 10(5), 1985–1997 (2018). https://doi.org/10.1007/s12652-018-0800-9
Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutor. 16, 1955–1980 (2014)
Jose, A.S., Nair, L.R., Paul, V.: Towards detecting flooding DDOS attacks over software defined networks using machine learning techniques. Rev GEINTEC-GESTAO Innov. E Tecnol. 11, 3837–3865 (2021)
Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: 2015 International Conference on Computing, Networking and Communications (ICNC) , pp 77–81. IEEE (2015)
Wang, M., Lu, Y., Qin, J.: A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur 88, 101645 (2020)
Kalkan, K., Altay, L., Gür, G., Alagöz, F.: JESS: Joint entropy-based DDoS defense scheme in SDN. IEEE J Sel. Areas Commun. 36, 2358–2372 (2018)
Kokila, R.T., Selvi, S.T., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 Sixth International Conference on Advanced Computing (ICoAC) , pp 205–210. IEEE (2014)
Park, Y., Kengalahalli, N.V., Chang, S.-Y.: Distributed security network functions against botnet attacks in software-defined networks. In: 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 1–7. IEEE (2018)
Rangaraju, N.K., Sriramoju, S.B., Sarma, S.: A study on machine learning techniques towards the detection of distributed denial of service attacks. Int. J. Pure Appl. Math. 120, 7407–7423 (2018)
Pitropakis, N., Panaousis, E., Giannetsos, T., et al.: A taxonomy and survey of attacks against machine learning. Comput. Sci. Rev. 34, 100199 (2019)
Li, J., Zhao, Z., Li, R., Zhang, H.: Ai-based two-stage intrusion detection for software defined iot networks. IEEE Internet Things J. 6, 2093–2102 (2018)
Myint, O.M., Kamolphiwong, S., Kamolphiwong, T., Vasupongayya, S.: Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN). J Comput. Netw. Commun. 2019 (2019)
Novaes, M.P., Carvalho, L.F., Lloret, J., Proenca, M.L.: Long short-term memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment. IEEE Access 8, 83765–83781 (2020)
Anil, A., Rufzal, T.A., Vasudevan, V.A.: DDoS detection in software-defined network using entropy method. In: Proceedings of the Seventh International Conference on Mathematics and Computing, pp 129–139. Springer, Heidelberg (2022). https://doi.org/10.1007/978-981-16-6890-6_10
Gadallah, W.G., Omar, N.M., Ibrahim, H.M.: Machine learning-based distributed denial of service attacks detection technique using new features in software-defined networks. Int J Comput Netw Inf Secur 13, 15–27 (2021)
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18, 1153–1176 (2015)
Awan, M.J., Farooq, U., Babar, H.M.A., et al.: Real-time DDoS attack detection system using big data approach. Sustainability 13, 10743 (2021)
Niranjan, A., Nutan, D.H., Nitish, A., et al.: ERCR TV: ensemble of random committee and random tree for efficient anomaly classification using voting. In: 2018 3rd International Conference for Convergence in Technology (I2CT) , pp 1–5. IEEE (2018)
Rahman, O., Quraishi, M.A.G., Lung, C.-H.: DDoS attacks detection and mitigation in SDN using machine learning. In: 2019 IEEE World Congress on Services (SERVICES), pp 184–189. IEEE (2019)
Stiawan, D., Bin, I.M.Y., Bamhdi, A.M., Budiarto, R.: CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 8, 132911–132921 (2020)
Installing POX—POX Manual Current documentation. https://noxrepo.github.io/pox-doc/html/. Accessed 7 June 2022
Scapy. https://scapy.net/. Accessed 7 June 2022
Khairi, M.H.H., Ariffin, S.H.S., Latiff, N.M.A., et al.: Detection and classification of conflict flows in SDN using machine learning algorithms. IEEE Access 9, 76024–76037 (2021)
Fan, C., Kaliyamurthy, N.M., Chen, S., et al.: Detection of DDoS attacks in software defined networking using entropy. Appl. Sci. 12, 370 (2021)
Maheshwari, A., Mehraj, B., Khan, M.S., Idrisi, M.S.: An optimized weighted voting based ensemble model for DDoS attack detection and mitigation in SDN environment. Microprocess. Microsyst. 89, 104412 (2022)
Liu, Y., Zhi, T., Shen, M., et al.: Software-defined DDoS detection with information entropy analysis and optimized deep learning. Futur. Gener. Comput. Syst. 129, 99–114 (2022)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kareem, M.I., Jasim, M.N. (2023). Machine Learning-Based DDoS Attack Detection in Software-Defined Networking. In: Al-Bakry, A.M., et al. New Trends in Information and Communications Technology Applications. NTICT 2022. Communications in Computer and Information Science, vol 1764. Springer, Cham. https://doi.org/10.1007/978-3-031-35442-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-35442-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35441-0
Online ISBN: 978-3-031-35442-7
eBook Packages: Computer ScienceComputer Science (R0)