Abstract
Software Defined Networking (SDN) is a paradigm shift in the network industry with decoupling of control and data plane. This helps network engineers to control and manage their network from centralized controller and troubleshoot the network at much better pace. With the benefits that SDN provides, it also has some vulnerable to attacks like Distributed Denial of Service (DDoS) that can disrupt the availability of the network. Most of the recent research work in DDoS detection and mitigation is done over Traditional network environments and packet limit strategy is used for mitigation by researchers with very less focus on redirection of illegitimate traffic which can result in less downtime and helpful in network analysis. The major contribution of this paper is detection and mitigation of DDoS in Software Defined Networks. We have created our own DDoS dataset with over 1.7 million entries. For Detection, we have used two different methods: (1) Snort (IDS) and (2) Machine Learning. In Machine Learning, we have used eight different Machine Learning algorithms that also include Ensemble Classifier and a Hybrid method of SVM-RF. We were able to get 99.1% accuracy which is a substantial growth as compared to recent works. For Mitigation, we have again used two methods: (1) Drop illegitimate traffic and (2) Redirect Illegitimate traffic. Results showed that hybrid SVM-RF algorithm works better as compared to individual Machine Learning algorithms and also as mitigation depends on Detection accuracy, so, the better the detection, the better the mitigation.
Graphic abstract
In this paper detection and mitigation of DDoS has been performed over a SDN network. In which We have created our own dataset with over 1.7 million entries. For detection we have used two method: Snort (IDS), and Machine Learning and for Mitigation, Drop illegitimate traffic, and Redirect Illegitimate traffic.
Similar content being viewed by others
Data availability
DataSet Link: https://www.kaggle.com/datasets/dravtarsingh/sdn-ddos-dataset DataSet DOI Citation: https://doi.org/10.34740/kaggle/dsv/6431422.
References
Singh, A., Kaur, N., Kaur, H.: Extensive performance analysis of OpenDayLight (ODL) and open network operating system (ONOS) SDN controllers. Microprocess. Microsyst. 95, 104715 (2022). https://doi.org/10.1016/j.micpro.2022.104715
Singh, J., Behal, S.: Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. Comput. Sci. Rev. 37, 100279 (2020)
Singh, A., Kaur, N., Kaur, H.: An extensive vulnerability assessment and countermeasures in open network operating system software defined networking controller. Concurr. Comput. Pract. Exp. 34(15), e6978 (2022). https://doi.org/10.1002/cpe.6978
Banitalebi Dehkordi, A., Soltanaghaei, M., Boroujeni, F.Z.: The DDoS attacks detection through machine learning and statistical methods in SDN. J. Supercomput. 77, 2383–2415 (2021)
Muzafar, S., Jhanjhi, N.Z., Khan, N.A., Ashfaq, F.: DDoS attack detection approaches in on software defined network. In: 2022 14th International Conference on Mathematics, Actuarial Science, Computer Science and Statistics (MACS), pp. 1–5. IEEE (2022)
Muzafar, S., Jhanjhi, N.: DDoS attacks on software defined network: challenges and issues. In: 2022 International Conference on Business Analytics for Technology and Security (ICBATS), pp. 1–6. IEEE (2022)
Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42, 425–441 (2017)
Ali, T.E., Chong, Y.W., Manickam, S.: Machine learning techniques to detect a DDoS attack in SDN: a systematic review. Appl. Sci. 13(5), 3183 (2023)
Yungaicela-Naula, N.M., Vargas-Rosales, C., Perez-Diaz, J.A.: SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning. IEEE Access 9, 108495–108512 (2021)
Waleed, A., Jamali, A.F., Masood, A.: Which open-source IDS? Snort, Suricata or Zeek. Comput. Netw. 213, 109116 (2022)
Sharifani, K., Amini, M.: Machine learning and deep learning: a review of methods and applications. World Inf. Technol. Eng. J. 10(07), 3897–3904 (2023)
Dasari, K.B., Devarakonda, N.: Detection of DDoS attacks using machine learning classification algorithms. Int. J. Comput. Netw. Inf. Secur. 12(6), 89 (2022)
Reddy, K.G., Thilagam, P.S.: Naïve Bayes classifier to mitigate the DDoS attacks severity in ad-hoc networks. Int. J. Comput. Netw. Inf. Secur. 12(2), 221–226 (2020)
Anyanwu, G.O., Nwakanma, C.I., Lee, J.M., Kim, D.S.: RBF-SVM kernel-based model for detecting DDoS attacks in SDN integrated vehicular network. Ad Hoc Netw. 140, 103026 (2023)
Dong, S., Sarem, M.: DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8, 5039–5048 (2019)
Bahashwan, A.A., Anbar, M., Manickam, S., Al-Amiedy, T.A., Aladaileh, M.A., Hasbullah, I.H.: A systematic literature review on machine learning and deep learning approaches for detecting DDoS attacks in software-defined networking. Sensors 23(9), 4441 (2023)
Tonkal, Ö., Polat, H., Başaran, E., Cömert, Z., Kocaoğlu, R.: Machine learning approach equipped with neighbourhood component analysis for DDoS attack detection in software-defined networking. Electronics 10(11), 1227 (2021)
Maheshwari, A., Mehraj, B., Khan, M.S., Idrisi, M.S.: An optimized weighted voting based ensemble model for DDoS attack detection and mitigation in SDN environment. Microprocess. Microsyst. 89, 104412 (2022)
Badotra, S., Panda, S.N.: SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking. Clust. Comput. 24, 501–513 (2021)
Kumar, M., Bhandari, A.: DDoS Detection in ONOS SDN Controller Using Snort, pp. 155–164. Springer, Berlin (2022)
Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8, 155859–155872 (2020)
Polat, H., Polat, O., Cetin, A.: Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3), 1035 (2020)
Bhayo, J., Shah, S.A., Hameed, S., Ahmed, A., Nasir, J., Draheim, D.: Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks. Eng. Appl. Artif. Intell. 123, 106432 (2023)
Amrish, R., Bavapriyan, K., Gopinaath, V., Jawahar, A., Kumar, C.V.: DDoS detection using machine learning techniques. J. IoT Soc. Mob. Anal. Cloud 4(1), 24–32 (2022)
Fenil, E., Kumar, P.M.: Towards a secure software defined network with adaptive mitigation of DDoS attacks by machine learning approaches. In: 2022 International Conference on Advances in Computing, Communication and Applied Informatics (ACCAI), pp. 1–13. IEEE (2022). https://ieeexplore.ieee.org/abstract/document/9752607
Samaan, S.S., Jeiad, H.A.: Feature-based real-time distributed denial of service detection in SDN using machine learning and Spark. Bull. Electr. Eng. Inform. 12(4), 2302–2312 (2023)
Polat, H., Türkoğlu, M., Polat, O., Şengür, A.: A novel approach for accurate detection of the DDoS attacks in SDN-based SCADA systems based on deep recurrent neural networks. Expert Syst. Appl. 197, 116748 (2022)
Ali, T.E., Chong, Y.W., Manickam, S.: Comparison of ML/DL approaches for detecting DDoS attacks in SDN. Appl. Sci. 13(5), 3033 (2023)
Acknowledgements
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Contributions
AS performed the experimentation work and HK wrote the manuscript text and NK prepared figures and tabular data. All authors reviewed the manuscript.
Corresponding author
Ethics declarations
Competing interests
The authors have not disclosed any competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Singh, A., Kaur, H. & Kaur, N. A novel DDoS detection and mitigation technique using hybrid machine learning model and redirect illegitimate traffic in SDN network. Cluster Comput (2023). https://doi.org/10.1007/s10586-023-04152-1
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10586-023-04152-1