Skip to main content
SpringerLink
Log in

DDoS attack traffic classification in SDN using deep learning

  • Original Paper
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Algorithm 1
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Data Availability

Data will be available on request.

Notes

  1. https://data.mendeley.com/datasets/jxpfjc64kr/1.

References

  1. Dabbagh M, Hamdaoui B, Guizani M, Rayes A (2015) Software-defined networking security: pros and cons. IEEE Communications Magazine. 53(6):73–79

    Article  Google Scholar 

  2. Ahuja N, Singal G, Mukhopadhyay D, Nehra A (2022) Ascertain the efficient machine learning approach to detect different ARP attacks. Comput Electr Eng 99

  3. Santos R, Souza D, Santo W, Ribeiro A. Moreno E Machine learning algorithms to detect DDoS attacks in SDN. Concurrency and Computation: Practice and Experience 5402

  4. Myint Oo M, Kamolphiwong S, Kamolphiwong T, Vasupongayya S (2019) Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN). Journal of Computer Netw Commun 2019

  5. Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Secur Commun Netw 2018

  6. Pérez-Díaz JA, Valdovinos IA, Choo K-KR, Zhu D (2020) A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access

  7. Mukhopadhyay D, Oh, B-J, Shim, S-H, Kim Y-C (2010) A study on recent approaches in handling DDoS attacks. arXiv preprint arXiv:1012.2979

  8. Kumar R, Swarnkar M, Singal G, Kumar N (2021) IoT network traffic classification using machine learning algorithms: an experimental analysis. IEEE Internet of Things J 9(2):989–1008

    Article  Google Scholar 

  9. Irvine: KDD dataset (2020). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. [Online; accessed 31-Oct-2020]

  10. UNB: NSL-KDD dataset (2020). https://www.unb.ca/cic/datasets/nsl.html. [Online; accessed 13-Sept-2020]

  11. Trust, I.: Kyoto dataset (2020). https://www.impactcybertrust.org/dataset_view?idDataset=918. [Online; accessed 31-Oct-2020]

  12. UNB: ISCX dataset (2019). https://www.unb.ca/cic/datasets/ids.html. [Online; accessed 20-Aug-2019]

  13. UNB: CICIDS dataset (2020). https://www.unb.ca/cic/datasets/ids-2017.html. [Online; accessed 15-July-2020]

  14. UNB: CSECICIDS dataset (2019). https://www.unb.ca/cic/datasets/ids-2018.html. [Online; accessed 11-Oct-2019]

  15. Wang W, Sheng Y, Wang J, Zeng X, Ye X, Huang Y, Zhu M (2017) HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6:1792–1806

    Article  Google Scholar 

  16. Vinayakumar R, Soman K, Poornachandran P (2017) Applying convolutional neural network for network intrusion detection. In: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp 1222–1228. IEEE

  17. Niyaz Q, Sun W, Javaid AY (2016) A deep learning based DDoS detection system in software-defined networking (SDN). arXiv preprint arXiv:1611.07400

  18. Phan TV, Bao NK, Park M (2016) A novel hybrid flow-based handler with DDoS attacks in software-defined networking. In: 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), pp 350–357. IEEE

  19. Abdulqadder I, Zou D, Aziz I, Yuan B, Dai W (2018) Deployment of robust security scheme in SDN based 5G network over NFV enabled cloud environment. IEEE Transactions on Emerging Topics in Computing

  20. Phan TV, Nguyen TG, Dao N-N, Huong TT, Thanh NH, Bauschert T (2020) DeepGuard: efficient anomaly detection in SDN with fine-grained traffic flow monitoring. IEEE Transactions on Network and Service Management. 17(3):1349–1362

    Article  Google Scholar 

  21. Lima Filho FSd, Silveira FA, Medeiros Brito Junior A, Vargas-Solar G, Silveira LF (2019) Smart detection: an online approach for DoS/DDoS attack detection using machine learning. Security and Communication Networks 2019

  22. AlMomin H, Ibrahim AA (2020) Detection of distributed denial of service attacks through a combination of machine learning algorithms over software defined network environment. In: 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), pp 1–4. IEEE

  23. AlEroud A, Alsmadi I (2017) Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach. J Netw Comput Appl 80:152–164

    Article  Google Scholar 

  24. Silva AS, Wickboldt JA, Granville LZ, Schaeffer-Filho A (2016) Atlantic: a framework for anomaly traffic detection, classification, and mitigation in SDN. In: NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, pp 27–35. IEEE

  25. Maimó LF, Gómez ÁLP, Clemente FJG, Pérez MG, Pérez GM (2018) A self-adaptive deep learning-based system for anomaly detection in 5G networks. IEEE Access. 6:7700–7712

    Article  Google Scholar 

  26. Al Haddad Z, Hanoune M, Mamouni A (2016) A collaborative network intrusion detection system (C-NIDS) in cloud computing. Int J Commun Netw Inf Secur 8(3):130

    Google Scholar 

  27. Buragohain C, Medhi N (2016) FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp 519–524 . IEEE

  28. Panda A, Samal SS, Turuk AK, Panda A, Venkatesh VC (2019) Dynamic hard timeout based flow table management in OpenFlow enabled SDN. In: 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), pp 1–6. IEEE

  29. Dayal N, Srivastava S (2018) An RBF-PSO based approach for early detection of DDoS attacks in SDN. In: 2018 10th International Conference on Communication Systems & Networks (COMSNETS), pp 17–24. IEEE

  30. Manan J, Ahmed A, Ullah I, Merghem-Boulahia L, Gaïti D (2019) Distributed intrusion detection scheme for next generation networks. J Netw Comput Appl 147:102422

  31. Ahuja N (2020) SDN dataset. https://data.mendeley.com/datasets/jxpfjc64kr/1. [Online; accessed 27-Sept-2020]

  32. Agarwal A, Khari M, Singh R (2021) Detection of DDoS attack using deep learning model in cloud storage application. Wireless Personal Communications, 1–21

  33. Sambangi S, Gondi L (2020) A machine learning approach for DDoS (distributed denial of service) attack detection using multiple linear regression. In: Multidisciplinary Digital Publishing Institute Proceedings, vol 63, p 51

  34. Ahuja N, Singal G, Mukhopadhyay D, Kumar N (2021) Automated DDoS attack detection in software defined networking. J Netw Comput Appl 187

  35. Ahuja N, Singal G (2019) DDoS attack detection & prevention in SDN using OpenFlow statistics. In: 2019 IEEE 9th International Conference on Advanced Computing (IACC), pp 147–152. IEEE

Download references

Author information

Authors and Affiliations

  1. CSE Department, Bennett University, Greater Noida, Uttar Pradesh, India

    Nisha Ahuja & Debajyoti Mukhopadhyay

  2. CSE Department, Netaji Subhas University of Technology, Delhi, India

    Gaurav Singal

Authors
  1. Nisha Ahuja
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Debajyoti Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gaurav Singal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaurav Singal.

Ethics declarations

Conflict of interest

The authors declare no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ahuja, N., Mukhopadhyay, D. & Singal, G. DDoS attack traffic classification in SDN using deep learning. Pers Ubiquit Comput 28, 417–429 (2024). https://doi.org/10.1007/s00779-023-01785-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-023-01785-2

Keywords

Search

Navigation