Online Machine Learning Approach to Detect and Mitigate Low-Rate DDoS Attacks in SDN-Based Networks

Online Machine Learning Approach to Detect and Mitigate Low-Rate DDoS Attacks in SDN-Based Networks

Software Defined Networking (SDN) technology provides rapid configuration, scalability, and management through its dynamic, programmable architecture that outperforms traditional network architecture with limitations on scalability and management. However, the threat of Distributed Denial of Service...

Full description

Saved in:
Bibliographic Details
Published in:2023 IEEE International Conference on Artificial Intelligence in Engineering and Technology (IICAIET) pp. 152 - 157
Main Authors: Alashhab, Abdussalam Ahmed, Mohd Zahid, Mohd Soperi, Alashhab, Mohamed, Alashhab, Shehabuldin
Format: Conference Proceeding
Language:English
Published: IEEE 12-09-2023
Subjects:
Adaptation models
Denial-of-service attack
EBM
LDDoS attack
Machine learning algorithms
Online Machine Learning
Open Flow
Scalability
SDN
SGD
Stochastic processes
Telecommunication traffic
Training data
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software Defined Networking (SDN) technology provides rapid configuration, scalability, and management through its dynamic, programmable architecture that outperforms traditional network architecture with limitations on scalability and management. However, the threat of Distributed Denial of Service (DDoS) attacks remains difficult to detect and threatens traditional and SDN-based networks. Fortunately, Machine Learning (ML) and Deep Learning (DL) technologies along with SDN have proven to have a superior potential to deal with these threats effectively. However, most of the previous studies focused on resolving high-rate DDoS attacks, and only a few dealt with the detection of Low-rate DDoS attacks that are difficult to detect due to their similarity to legitimate traffic. In addition, these studies do not utilize up to date data sets that contain the new features. To address this issue, we propose an online machine learning model that utilizes Stochastic Gradient Descent (SGD) optimizer and Explainable Boosting Machine (EBM) classifier to detect LDDoS attacks in SDN-based networks. Our model is designed to process large amounts of network traffic data in real-time and updates the model parameters incrementally to continually train the model on expected DDoS attacks, as the attack may change and appear differently. We evaluated the proposed approach in an SDN-simulated environment using Mininet and the Ryu controller. Our experimental results show that the proposed EBM model achieves high accuracy and outperforms existing methods, with 99% accuracy on the training data. The proposed system effectively counters LDDoS attacks and adapts to future mutations and zero-day DDoS attacks.
DOI:10.1109/IICAIET59451.2023.10291787