Journal of Cyber Security and Risk Auditing

ISSN: 3079-5354 (Online)

Enhancing DDoS Attack Detection and Mitigation in SDN Using Advanced Machine Learning Techniques

by 

Nathaniel Frederick ;

Aitizaz Ali

PDF logoPDF

Published: 2024/12/06

Abstract

The introduction of Software-Defined Networking (SDN) as a new infrastructure has demonstrated significant advantages over traditional networks in terms of scalability, flexibility, and security. However, SDN networks are also more susceptible to Distributed Denial of Service (DDoS) attacks, which can lead to a loss of system availability. Therefore, in this research, a machine learning-based model is developed to detect and prevent DDoS attacks in SDN environments. Our approach extends traditional flow-based features by incorporating additional parameters such as average flow packet size and recent flow history, among others, to enhance detection accuracy. Six machine learning models—Logistic Regression (LR), Naïve Bayes (NB), K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Decision Tree (DT), and Random Forest (RF)—were evaluated using the CIC-DDoS2019 dataset. The results show that the Random Forest model achieved the highest detection rate with the lowest false positive rate compared to the other models, while also having minimal impact on normal traffic. The proposed system functions as an Intrusion Prevention System (IPS) by sampling flow parameters from Open Flow switches at intervals. Upon detecting an attack, the system applies traffic policing measures. Experimental results confirm that the Random Forest model achieved a high F1-score of 99.87%, making it a promising candidate for real-time DDoS detection and mitigation in SDN networks.

Keywords

Software-Defined Networking (SDN)DDoSIntrusion Prevention System (IPS)Random ForestMachine LearningNetwork Security

Doi Link

https://doi.org/10.63180/jcsra.thestap.2024.1.4

How to Cite the Article

Frederick, N., & Ali, A. (2024). Enhancing DDoS Attack Detection and Mitigation in SDN Using Advanced Machine Learning Techniques. Journal of Cyber Security and Risk Auditing, 2024(1), 23–37. https://doi.org/10.63180/jcsra.thestap.2024.1.4

Enhancing DDoS Attack Detection and Mitigation in SDN Using Advanced Machine Learning Techniques is licensed under CC BY 4.0CCBY

References

  1. Cai, J., Qian, F., Yu, R., & Shen, L. (2020). Output feedback control for pneumatic muscle joint system with saturation input. IEEE Access, 8, 83901–83906. https://doi.org/10.1109/access.2020.2991729
  2. Choo, K.-K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security, 30(8), 719–731. https://doi.org/10.1016/j.cose.2011.08.004
  3. Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44(5), 643–666. https://doi.org/10.1016/j.comnet.2003.10.003
  4. Gal-Oz, N., Gonen, Y., & Gudes, E. (2019). Mining meaningful and rare roles from web application usage patterns. Computers & Security, 82, 296–313. https://doi.org/10.1016/j.cose.2019.01.005
  5. Hashmi, U. S., Zaidi, S. A., Darbandi, A., & Imran, A. (2018). On the efficiency tradeoffs in user-centric cloud RAN. In 2018 IEEE International Conference on Communications (ICC). https://doi.org/10.1109/icc.2018.8422228
  6. Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80–84. https://doi.org/10.1109/mc.2017.201
  7. Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53. https://doi.org/10.1145/997150.997156
  8. Morvant, E. (2015). Domain adaptation of weighted majority votes via perturbed variation-based self-labeling. Pattern Recognition Letters, 51, 37–43. https://doi.org/10.1016/j.patrec.2014.08.013
  9. Pareek, G., & B.R., P. (2021). Secure and efficient revocable key-aggregate cryptosystem for multiple non-predefined non-disjoint aggregate sets. Journal of Information Security and Applications, 58, 102799. https://doi.org/10.1016/j.jisa.2021.102799
  10. Peng, T., Leckie, C., & Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39(1), 3. https://doi.org/10.1145/1216370.1216373
  11. Rahman, Md. A., Asyhari, A. T., Bhuiyan, M. Z., Salih, Q. M., & Zamli, K. Z. (2018). L-CAQ: Joint link-oriented channel-availability and channel-quality based channel selection for mobile cognitive radio networks. Journal of Network and Computer Applications, 113, 26–35. https://doi.org/10.1016/j.jnca.2018.03.022
  12. Spanos, G., & Angelis, L. (2016). The impact of information security events on the stock market: A systematic literature review. Computers & Security, 58, 216–229. https://doi.org/10.1016/j.cose.2015.12.006
  13. Swain, G. (2016). A steganographic method combining LSB substitution and PVD in a block. Procedia Computer Science, 85, 39–44. https://doi.org/10.1016/j.procs.2016.05.174