Skip to main content
SpringerLink
Log in

A framework to detect DDoS attack in Ryu controller based software defined networks using feature extraction and classification

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Software Defined Network(SDN) is an emerging network architecture and is being used in many IT industries and academia. Its popularity in the present age has attracted many attacks in SDN. Distributed Denial of Service(DDoS) attack is a common issue in the domain of network security. In this work, DDoS attack detection is done using feature extraction and classification from the live traffic of SDN. An effective feature extraction mechanism will not only help in filtering the most suitable task-relevant data but also improve the performance of machine learning algorithms. To identify the best performing classifier with these extracted features, some well-known classifiers namely Support Vector Machine (SVM), Random Forest(RF), K-Nearest Neighbor, eXtreme Gradient Boosting(XGBoost) and Naive Bayes(NB) are trained and tested with the extracted features. It is found that SVM is outperforming other classifiers under some performance measuring metrics namely accuracy, precision, recall, False Alarm Rate(FAR),F1 value, and AUC value. Also, its performance is better than some other state-of-the art works so, it is selected for deployment in the SDN controller which can detect the attack in live traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

References

  1. Polat H, Polat O, Cetin A (2020) Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainab (Switzerland) 12(3)

  2. Su J, Xu R, Yu SM, Wang BW, Wang J (2020) Redundant rule detection for software-defined networking. KSII Trans Internet Inf Syst 14(6)

  3. Stancu AL, Halunga S, Vulpe A, Suciu G, Fratu O, Popovici EC (2015) A comparison between several Software Defined Networking controllers. 2015 12th International Conference on Telecommunications in Modern Satellite, Cable and Broadcasting Services, TELSIKS 2015, pp 223–226

  4. Mamushiane L, Lysko A, Dlamini S (2018) A comparative evaluation of the performance of popular SDN controllers. IFIP Wireless Days, pp 54–59

  5. Kaur K, Kaur S, Gupta V (2016) Performance analysis of python based openflow controllers. In: IET Conference Publications, vol 2016, pp 6–9

  6. Mahrach S, Haqiq A (2020) DDoS flooding attack mitigation in software defined networks. Int J Adv Comput Sci Appl 11(1)

  7. Meti N, Narayan DG, Baligar VP (2017) Detection of distributed denial of service attacks using machine learning algorithms in software defined networks. In: 2017 International Conference on Advances in Computing, Communications and Informatics, ICACCI 2017, vol 2017-Janua

  8. Liu Y, Zhao B, Zhao P, Fan P, Liu H (2019) A survey: Typical security issues of software-defined networking. China Commun 16(7):13–31

    Article  Google Scholar 

  9. Ali J, Lee S, Roh BH (2018) Performance analysis of POX and Ryu with different SDN topologies. ACM Int Conf Proceed Ser:244–249

  10. Bholebawa IZ, Dalal UD (2016) Design and performance analysis of openflow-enabled network topologies using mininet. Int J Comput Commun Eng 5(6):419–429

    Article  Google Scholar 

  11. Ye J, Cheng X, Zhu J, Feng L, Song L (2018) A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks

  12. Khraisat A, Gondal I, Vamplew P, Kamruzzaman J (2019) Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1)

  13. Tan L, Pan Y, Wu J, Zhou J, Jiang H, Deng Y (2020) A new framework for DDoS attack detection and defense in SDN environment. IEEE Access 8

  14. Kalkan K, Altay L, Gür G, Alagöz F (2018) JESS: Joint Entropy-Based DDoS Defense Scheme in SDN. IEEE J Sel Areas Commun 36(10)

  15. Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62

  16. Kumar P, Tripathi M, Nehra A, Conti M, Lal C (2018) SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN. IEEE Trans Netw Serv Manag 15(4)

  17. Chen Z, Jiang F, Cheng Y, Gu X, Liu W, Peng J (2018) XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud. In: Proceedings - 2018 IEEE International Conference on Big Data and Smart Computing, BigComp 2018

  18. Niyaz Q, Sun W, Javaid AY (2017) A deep learning based DDoS detection system in software-defined networking (SDN). ICST Trans Secur Safety 4(12):153515

    Article  Google Scholar 

  19. Karan BV, Narayan DG, Hiremath PS (2018) Detection of DDoS Attacks in Software Defined Networks. In: Proceedings 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions, CSITSS 2018

  20. Haider S, Akhunzada A, Mustafa I, Patel TB, Fernandez A, Choo KKR, Iqbal J (2020) A deep CNN ensemble framework for efficient DDoS attack detection in software defined networks. IEEE Access 8

  21. Wang Y, Hu T, Tang G, Xie J, Lu J (2019) SGS: safe-guard scheme for protecting control plane against DDoS attacks in software-defined networking. IEEE Access 7

  22. Sahoo KS, Tripathy BK, Naik K, Ramasubbareddy S, Balusamy B, Khari M, Burgos D (2020) An evolutionary SVM model for DDOS attack detection in software defined networks. IEEE Access 8

  23. Yu S, Zhang J, Liu J, Zhang X, Li Y, Xu T (2021) A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN. Eurasip J Wirel Commun Netw 2021(1)

  24. Ravi N, Shalinie SM (2020) Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture. IEEE Internet Things J 7(4)

  25. Ahuja N, Singal G, Mukhopadhyay D, Kumar N (2021) Automated DDOS attack detection in software defined networking. J Netw Comput Appl 187

  26. Banitalebi Dehkordi A, Soltanaghaei M (2020) A novel distributed denial of service (DDoS) detection method in software defined networks. IEEE Trans Ind Appl

  27. Myint Oo M, Kamolphiwong S, Kamolphiwong T, Vasupongayya S (2019) Advanced support vector machine-(ASVM-) based detection for Distributed Denial of Service (DDoS) attack on software defined networking (SDN). Journal of Computer Networks and Communications

  28. Chouhan RK, Atulkar M, Nagwani NK (2019) Performance Comparison of Ryu and Floodlight Controllers in Different SDN Topologies. In: 1st International Conference on Advanced Technologies in Intelligent Control, Environment, Computing and Communication Engineering, ICATIECE 2019

  29. Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3)

  30. Priyadarsini PI (2021) ABC-BSRF: Artificial Bee Colony and Borderline-SMOTE RF Algorithm for Intrusion Detection System on Data Imbalanced Problem, vol 56

    Google Scholar 

  31. Almomani O (2020) A feature selection model for network intrusion detection system based on pso, gwo, ffa and ga algorithms. Symmetry 12(6):1–20

    Article  Google Scholar 

  32. Yang L, Zhao H (2019) DDoS attack identification and defense using SDN based on machine learning method. Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018, pp 174–178

  33. Wang Y, Xia ST, Tang Q, Wu J, Zhu X (2018) A novel consistent random forest framework: Bernoulli random forests. IEEE Trans Neural Netw Learn Syst 29(8)

  34. Altman N, Krzywinski M (2017) Ensemble methods: bagging and random forests. Nat Methods 14(10)

  35. Dong S, Sarem M (2020) DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8

  36. Punjabi M, Prajapati GL (2018) Lazy learner and PCA: An evolutionary approach. In: Proceedings of Computing Conference 2017

  37. Mishra A, Gupta BB, Perakovic D, Penalvo FJG, Hsu CH (2021) Classification Based Machine Learning for Detection of DDoS attack in Cloud Computing. In: Digest of Technical Papers - IEEE International Conference on Consumer Electronics

  38. Dehkordy DT, Rasoolzadegan A (2020) DroidTKM: Detection of Trojan Families using the KNN Classifier Based on Manhattan Distance Metric. In: 2020 10h International Conference on Computer and Knowledge Engineering, ICCKE 2020

  39. Suwanda R, Syahputra Z, Zamzami EM (2020) Analysis of euclidean distance and manhattan distance in the K-means algorithm for variations number of centroid K. In: Journal of Physics: Conference Series, vol 1566

  40. Farahani G (2021) Black hole attack detection using k-nearest neighbor algorithm and reputation calculation in mobile ad hoc networks. Security and Communication Networks

  41. Kachavimath AV, Nazare SV, Akki SS (2020) Distributed Denial of Service Attack Detection using Naïve Bayes and K-Nearest Neighbor for Network Forensics. In: 2nd International Conference on Innovative Mechanisms for Industry Applications, ICIMIA 2020 - Conference Proceedings

  42. Gaur V, Kumar R (2021) Analysis of machine learning classifiers for early detection of DDoS attacks on IoT devices. Arab J Sci Eng

  43. Devan P, Khare N (2020) An efficient XGBoost-DNN-based classification model for network intrusion detection system. Neural Comput Appl 32(16)

  44. Alamri HA, Thayananthan V (2020) Bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against DDoS attacks. IEEE Access 8

  45. Venkatesh B, Anuradha J (2019) A review of Feature Selection and its methods Cybern Inf Technol 19(1)

  46. Yudhana A, Riadi I, Ridho F (2018) DDoS classification using neural network and naïve bayes methods for network forensics. Int J Adv Comput Sci Appl 9(11)

  47. Banitalebi Dehkordi A, Soltanaghaei MR, Boroujeni FZ (2021) The DDoS attacks detection through machine learning and statistical methods in SDN. J Supercomput 77(3)

  48. Wani AR, Rana QP, Saxena U, Pandey N (2019) Analysis and Detection of DDoS Attacks on Cloud Computing Environment using Machine Learning Techniques. In: Proceedings - 2019 Amity International Conference on Artificial Intelligence, AICAI 2019

  49. Abdullah M, Alshannaq A, Balamash A, Almabdy S (2018) Enhanced intrusion detection system using feature selection method and ensemble learning algorithms. Int J Comput Sci Inf Secur (IJCSIS) 16(2)

  50. Wang M, Lu Y, Qin J (2020) A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur 88:101645

    Article  Google Scholar 

  51. Alhaj TA, Siraj MM, Zainal A, Elshoush HT, Elhaj F (2016) Feature selection using information gain for improved structural-based alert correlation. PLoS ONE 11(11)

  52. Wang Z, Cao C, Zhu Y (2020) Entropy and confidence-based undersampling boosting random forests for imbalanced problems. IEEE Trans Neural Netw Learn Syst 31(12)

  53. Elhag S, Fernández A, Altalhi A, Alshomrani S, Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23(4):1321–1336

    Article  Google Scholar 

  54. Abusitta A, Bellaiche M, Dagenais M (2018) An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment. J Cloud Comput 7(1)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Applications, NIT Raipur, Raipur, India

    Ravindra Kumar Chouhan & Mithilesh Atulkar

  2. Department of Computer Science & Engineering, NIT Raipur, Raipur, India

    Naresh Kumar Nagwani

Authors
  1. Ravindra Kumar Chouhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mithilesh Atulkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Naresh Kumar Nagwani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ravindra Kumar Chouhan.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Chouhan, R.K., Atulkar, M. & Nagwani, N.K. A framework to detect DDoS attack in Ryu controller based software defined networks using feature extraction and classification. Appl Intell 53, 4268–4288 (2023). https://doi.org/10.1007/s10489-022-03565-6

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-022-03565-6

Keywords

Search

Navigation