Abstract
Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.
Similar content being viewed by others
Data Availability
Data will be available on request.
Notes
https://data.mendeley.com/datasets/jxpfjc64kr/1.
References
Dabbagh M, Hamdaoui B, Guizani M, Rayes A (2015) Software-defined networking security: pros and cons. IEEE Communications Magazine. 53(6):73–79
Ahuja N, Singal G, Mukhopadhyay D, Nehra A (2022) Ascertain the efficient machine learning approach to detect different ARP attacks. Comput Electr Eng 99
Santos R, Souza D, Santo W, Ribeiro A. Moreno E Machine learning algorithms to detect DDoS attacks in SDN. Concurrency and Computation: Practice and Experience 5402
Myint Oo M, Kamolphiwong S, Kamolphiwong T, Vasupongayya S (2019) Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN). Journal of Computer Netw Commun 2019
Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Secur Commun Netw 2018
Pérez-Díaz JA, Valdovinos IA, Choo K-KR, Zhu D (2020) A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access
Mukhopadhyay D, Oh, B-J, Shim, S-H, Kim Y-C (2010) A study on recent approaches in handling DDoS attacks. arXiv preprint arXiv:1012.2979
Kumar R, Swarnkar M, Singal G, Kumar N (2021) IoT network traffic classification using machine learning algorithms: an experimental analysis. IEEE Internet of Things J 9(2):989–1008
Irvine: KDD dataset (2020). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. [Online; accessed 31-Oct-2020]
UNB: NSL-KDD dataset (2020). https://www.unb.ca/cic/datasets/nsl.html. [Online; accessed 13-Sept-2020]
Trust, I.: Kyoto dataset (2020). https://www.impactcybertrust.org/dataset_view?idDataset=918. [Online; accessed 31-Oct-2020]
UNB: ISCX dataset (2019). https://www.unb.ca/cic/datasets/ids.html. [Online; accessed 20-Aug-2019]
UNB: CICIDS dataset (2020). https://www.unb.ca/cic/datasets/ids-2017.html. [Online; accessed 15-July-2020]
UNB: CSECICIDS dataset (2019). https://www.unb.ca/cic/datasets/ids-2018.html. [Online; accessed 11-Oct-2019]
Wang W, Sheng Y, Wang J, Zeng X, Ye X, Huang Y, Zhu M (2017) HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792–1806
Vinayakumar R, Soman K, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 1222–1228. IEEE
Niyaz Q, Sun W, Javaid AY (2016) A deep learning based DDoS detection system in software-defined networking (SDN). arXiv preprint arXiv:1611.07400
Phan TV, Bao NK, Park M (2016) A novel hybrid flow-based handler with DDoS attacks in software-defined networking. In: 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), pp 350–357. IEEE
Abdulqadder I, Zou D, Aziz I, Yuan B, Dai W (2018) Deployment of robust security scheme in SDN based 5G network over NFV enabled cloud environment. IEEE Transactions on Emerging Topics in Computing
Phan TV, Nguyen TG, Dao N-N, Huong TT, Thanh NH, Bauschert T (2020) DeepGuard: efficient anomaly detection in SDN with fine-grained traffic flow monitoring. IEEE Transactions on Network and Service Management. 17(3):1349–1362
Lima Filho FSd, Silveira FA, Medeiros Brito Junior A, Vargas-Solar G, Silveira LF (2019) Smart detection: an online approach for DoS/DDoS attack detection using machine learning. Security and Communication Networks 2019
AlMomin H, Ibrahim AA (2020) Detection of distributed denial of service attacks through a combination of machine learning algorithms over software defined network environment. In: 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), pp 1–4. IEEE
AlEroud A, Alsmadi I (2017) Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach. J Netw Comput Appl 80:152–164
Silva AS, Wickboldt JA, Granville LZ, Schaeffer-Filho A (2016) Atlantic: a framework for anomaly traffic detection, classification, and mitigation in SDN. In: NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, pp 27–35. IEEE
Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access. 6:7700–7712
Al Haddad Z, Hanoune M, Mamouni A (2016) A collaborative network intrusion detection system (C-NIDS) in cloud computing. Int J Commun Netw Inf Secur 8(3):130
Buragohain C, Medhi N (2016) FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp 519–524 . IEEE
Panda A, Samal SS, Turuk AK, Panda A, Venkatesh VC (2019) Dynamic hard timeout based flow table management in OpenFlow enabled SDN. In: 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), pp 1–6. IEEE
Dayal N, Srivastava S (2018) An RBF-PSO based approach for early detection of DDoS attacks in SDN. In: 2018 10th International Conference on Communication Systems & Networks (COMSNETS), pp 17–24. IEEE
Manan J, Ahmed A, Ullah I, Merghem-Boulahia L, Gaïti D (2019) Distributed intrusion detection scheme for next generation networks. J Netw Comput Appl 147:102422
Ahuja N (2020) SDN dataset. https://data.mendeley.com/datasets/jxpfjc64kr/1. [Online; accessed 27-Sept-2020]
Agarwal A, Khari M, Singh R (2021) Detection of DDoS attack using deep learning model in cloud storage application. Wireless Personal Communications, 1–21
Sambangi S, Gondi L (2020) A machine learning approach for DDoS (distributed denial of service) attack detection using multiple linear regression. In: Multidisciplinary Digital Publishing Institute Proceedings, vol 63, p 51
Ahuja N, Singal G, Mukhopadhyay D, Kumar N (2021) Automated DDoS attack detection in software defined networking. J Netw Comput Appl 187
Ahuja N, Singal G (2019) DDoS attack detection & prevention in SDN using OpenFlow statistics. In: 2019 IEEE 9th International Conference on Advanced Computing (IACC), pp 147–152. IEEE
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare no competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ahuja, N., Mukhopadhyay, D. & Singal, G. DDoS attack traffic classification in SDN using deep learning. Pers Ubiquit Comput 28, 417–429 (2024). https://doi.org/10.1007/s00779-023-01785-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-023-01785-2