Abstract
Software Defined Network(SDN) is an emerging network architecture and is being used in many IT industries and academia. Its popularity in the present age has attracted many attacks in SDN. Distributed Denial of Service(DDoS) attack is a common issue in the domain of network security. In this work, DDoS attack detection is done using feature extraction and classification from the live traffic of SDN. An effective feature extraction mechanism will not only help in filtering the most suitable task-relevant data but also improve the performance of machine learning algorithms. To identify the best performing classifier with these extracted features, some well-known classifiers namely Support Vector Machine (SVM), Random Forest(RF), K-Nearest Neighbor, eXtreme Gradient Boosting(XGBoost) and Naive Bayes(NB) are trained and tested with the extracted features. It is found that SVM is outperforming other classifiers under some performance measuring metrics namely accuracy, precision, recall, False Alarm Rate(FAR),F1 value, and AUC value. Also, its performance is better than some other state-of-the art works so, it is selected for deployment in the SDN controller which can detect the attack in live traffic.
Similar content being viewed by others
References
Polat H, Polat O, Cetin A (2020) Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainab (Switzerland) 12(3)
Su J, Xu R, Yu SM, Wang BW, Wang J (2020) Redundant rule detection for software-defined networking. KSII Trans Internet Inf Syst 14(6)
Stancu AL, Halunga S, Vulpe A, Suciu G, Fratu O, Popovici EC (2015) A comparison between several Software Defined Networking controllers. 2015 12th International Conference on Telecommunications in Modern Satellite, Cable and Broadcasting Services, TELSIKS 2015, pp 223–226
Mamushiane L, Lysko A, Dlamini S (2018) A comparative evaluation of the performance of popular SDN controllers. IFIP Wireless Days, pp 54–59
Kaur K, Kaur S, Gupta V (2016) Performance analysis of python based openflow controllers. In: IET Conference Publications, vol 2016, pp 6–9
Mahrach S, Haqiq A (2020) DDoS flooding attack mitigation in software defined networks. Int J Adv Comput Sci Appl 11(1)
Meti N, Narayan DG, Baligar VP (2017) Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In: 2017 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2017, vol 2017-Janua
Liu Y, Zhao B, Zhao P, Fan P, Liu H (2019) A survey: Typical security issues of software-defined networking. China Commun 16(7):13–31
Ali J, Lee S, Roh BH (2018) Performance analysis of POX and Ryu with different SDN topologies. ACM Int Conf Proceed Ser:244–249
Bholebawa IZ, Dalal UD (2016) Design and performance analysis of openflow-enabled network topologies using mininet. Int J Comput Commun Eng 5(6):419–429
Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks
Khraisat A, Gondal I, Vamplew P, Kamruzzaman J (2019) Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1)
Tan L, Pan Y, Wu J, Zhou J, Jiang H, Deng Y (2020) A new framework for DDoS attack detection and defense in SDN environment. IEEE Access 8
Kalkan K, Altay L, Gür G, Alagöz F (2018) JESS: Joint Entropy-Based DDoS Defense Scheme in SDN. IEEE J Sel Areas Commun 36(10)
Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62
Kumar P, Tripathi M, Nehra A, Conti M, Lal C (2018) SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN. IEEE Trans Netw Serv Manag 15(4)
Chen Z, Jiang F, Cheng Y, Gu X, Liu W, Peng J (2018) XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud. In: Proceedings - 2018 IEEE International Conference on Big Data and Smart Computing, BigComp 2018
Niyaz Q, Sun W, Javaid AY (2017) A deep learning based DDoS detection system in software-defined networking (SDN). ICST Trans Secur Safety 4(12):153515
Karan BV, Narayan DG, Hiremath PS (2018) Detection of DDoS Attacks in Software Defined Networks. In: Proceedings 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions, CSITSS 2018
Haider S, Akhunzada A, Mustafa I, Patel TB, Fernandez A, Choo KKR, Iqbal J (2020) A deep CNN ensemble framework for efficient DDoS attack detection in software defined networks. IEEE Access 8
Wang Y, Hu T, Tang G, Xie J, Lu J (2019) SGS: safe-guard scheme for protecting control plane against DDoS attacks in software-defined networking. IEEE Access 7
Sahoo KS, Tripathy BK, Naik K, Ramasubbareddy S, Balusamy B, Khari M, Burgos D (2020) An evolutionary SVM model for DDOS attack detection in software defined networks. IEEE Access 8
Yu S, Zhang J, Liu J, Zhang X, Li Y, Xu T (2021) A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN. Eurasip J Wirel Commun Netw 2021(1)
Ravi N, Shalinie SM (2020) Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture. IEEE Internet Things J 7(4)
Ahuja N, Singal G, Mukhopadhyay D, Kumar N (2021) Automated DDOS attack detection in software defined networking. J Netw Comput Appl 187
Banitalebi Dehkordi A, Soltanaghaei M (2020) A novel distributed denial of service (DDoS) detection method in software defined networks. IEEE Trans Ind Appl
Myint Oo M, Kamolphiwong S, Kamolphiwong T, Vasupongayya S (2019) Advanced support vector machine-(ASVM-) based detection for Distributed Denial of Service (DDoS) attack on software defined networking (SDN). Journal of Computer Networks and Communications
Chouhan RK, Atulkar M, Nagwani NK (2019) Performance Comparison of Ryu and Floodlight Controllers in Different SDN Topologies. In: 1st International Conference on Advanced Technologies in Intelligent Control, Environment, Computing and Communication Engineering, ICATIECE 2019
Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3)
Priyadarsini PI (2021) ABC-BSRF: Artificial Bee Colony and Borderline-SMOTE RF Algorithm for Intrusion Detection System on Data Imbalanced Problem, vol 56
Almomani O (2020) A feature selection model for network intrusion detection system based on pso, gwo, ffa and ga algorithms. Symmetry 12(6):1–20
Yang L, Zhao H (2019) DDoS attack identification and defense using SDN based on machine learning method. Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018, pp 174–178
Wang Y, Xia ST, Tang Q, Wu J, Zhu X (2018) A novel consistent random forest framework: Bernoulli random forests. IEEE Trans Neural Netw Learn Syst 29(8)
Altman N, Krzywinski M (2017) Ensemble methods: bagging and random forests. Nat Methods 14(10)
Dong S, Sarem M (2020) DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8
Punjabi M, Prajapati GL (2018) Lazy learner and PCA: An evolutionary approach. In: Proceedings of Computing Conference 2017
Mishra A, Gupta BB, Perakovic D, Penalvo FJG, Hsu CH (2021) Classification Based Machine Learning for Detection of DDoS attack in Cloud Computing. In: Digest of Technical Papers - IEEE International Conference on Consumer Electronics
Dehkordy DT, Rasoolzadegan A (2020) DroidTKM: Detection of Trojan Families using the KNN Classifier Based on Manhattan Distance Metric. In: 2020 10h International Conference on Computer and Knowledge Engineering, ICCKE 2020
Suwanda R, Syahputra Z, Zamzami EM (2020) Analysis of euclidean distance and manhattan distance in the K-means algorithm for variations number of centroid K. In: Journal of Physics: Conference Series, vol 1566
Farahani G (2021) Black hole attack detection using k-nearest neighbor algorithm and reputation calculation in mobile ad hoc networks. Security and Communication Networks
Kachavimath AV, Nazare SV, Akki SS (2020) Distributed Denial of Service Attack Detection using Naïve Bayes and K-Nearest Neighbor for Network Forensics. In: 2nd International Conference on Innovative Mechanisms for Industry Applications, ICIMIA 2020 - Conference Proceedings
Gaur V, Kumar R (2021) Analysis of machine learning classifiers for early detection of DDoS attacks on IoT devices. Arab J Sci Eng
Devan P, Khare N (2020) An efficient XGBoost-DNN-based classification model for network intrusion detection system. Neural Comput Appl 32(16)
Alamri HA, Thayananthan V (2020) Bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against DDoS attacks. IEEE Access 8
Venkatesh B, Anuradha J (2019) A review of Feature Selection and its methods Cybern Inf Technol 19(1)
Yudhana A, Riadi I, Ridho F (2018) DDoS classification using neural network and naïve bayes methods for network forensics. Int J Adv Comput Sci Appl 9(11)
Banitalebi Dehkordi A, Soltanaghaei MR, Boroujeni FZ (2021) The DDoS attacks detection through machine learning and statistical methods in SDN. J Supercomput 77(3)
Wani AR, Rana QP, Saxena U, Pandey N (2019) Analysis and Detection of DDoS Attacks on Cloud Computing Environment using Machine Learning Techniques. In: Proceedings - 2019 Amity International Conference on Artificial Intelligence, AICAI 2019
Abdullah M, Alshannaq A, Balamash A, Almabdy S (2018) Enhanced intrusion detection system using feature selection method and ensemble learning algorithms. Int J Comput Sci Inf Secur (IJCSIS) 16(2)
Wang M, Lu Y, Qin J (2020) A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur 88:101645
Alhaj TA, Siraj MM, Zainal A, Elshoush HT, Elhaj F (2016) Feature selection using information gain for improved structural-based alert correlation. PLoS ONE 11(11)
Wang Z, Cao C, Zhu Y (2020) Entropy and confidence-based undersampling boosting random forests for imbalanced problems. IEEE Trans Neural Netw Learn Syst 31(12)
Elhag S, Fernández A, Altalhi A, Alshomrani S, Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23(4):1321–1336
Abusitta A, Bellaiche M, Dagenais M (2018) An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment. J Cloud Comput 7(1)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Chouhan, R.K., Atulkar, M. & Nagwani, N.K. A framework to detect DDoS attack in Ryu controller based software defined networks using feature extraction and classification. Appl Intell 53, 4268–4288 (2023). https://doi.org/10.1007/s10489-022-03565-6
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-022-03565-6