Detection and Classification of DDoS Flooding Attacks on Software-Defined Networks: A Case Study for the Application of Machine Learning

Sangodoyin, Abimbola O., Akinsolu, Mobayode O., Pillai, Prachant and Grout, Vic (2021) Detection and Classification of DDoS Flooding Attacks on Software-Defined Networks: A Case Study for the Application of Machine Learning. IEEE Access, 9. pp. 122495-122508. ISSN 2169-3536

GURO_Detection_and_Classification_of_DDoS_Flooding_Attacks.pdf - Published Version
Available under License Creative Commons Attribution.

Download (1MB) | Preview


Software-defined networks (SDNs) offer robust network architectures for current and future Internet of Things (IoT) applications. At the same time, SDNs constitute an attractive target for cyber attackers due to their global network view and programmability. One of the major vulnerabilities of typical SDN architectures is their susceptibility to Distributed Denial of Service (DDoS) flooding attacks. DDoS flooding attacks can render SDN controllers unavailable to their underlying infrastructure, causing service disruption or a complete outage in many cases. In this paper, machine learning-based detection and classification of DDoS flooding attacks on SDNs is investigated using popular machine learning (ML) algorithms. The ML algorithms, classifiers and methods investigated are quadratic discriminant analysis (QDA), Gaussian Naïve Bayes (GNB), k -nearest neighbor (k-NN), and classification and regression tree (CART). The general principle is illustrated through a case study, in which, experimental data (i.e. jitter, throughput, and response time metrics) from a representative SDN architecture suitable for typical mid-sized enterprise-wide networks is used to build classification models that accurately identify and classify DDoS flooding attacks. The SDN model used was emulated in Mininet and the DDoS flooding attacks (i.e. hypertext transfer protocol (HTTP), transmission control protocol (TCP), and user datagram protocol (UDP) attacks) have been launched on the SDN model using low orbit ion cannon (LOIC). Although all the ML methods investigated show very good efficacy in detecting and classifying DDoS flooding attacks, CART demonstrated the best performance on average in terms of prediction accuracy (98%), prediction speed ( 5.3×105 observations per second), training time (12.4 ms), and robustness.

Item Type: Article
Keywords: SDN security , DDoS flooding attack , machine learning , network security
Divisions: Applied Science, Computing and Engineering
Depositing User: Hayley Dennis
Date Deposited: 30 Sep 2021 11:29
Last Modified: 30 Sep 2021 11:29

Actions (login required)

Edit Item Edit Item