Machine learning algorithms to detect DDoS attacks in SDN

Machine learning algorithms to detect DDoS attacks in SDN

Summary Summary Software‐Defined Networking (SDN) is an emerging network paradigm that has gained significant traction from many researchers to address the requirement of current data centers. Although central control is the major advantage of SDN, it is also a single point of failure if it is made...

Full description

Saved in:
Bibliographic Details
Published in:Concurrency and computation Vol. 32; no. 16
Main Authors: Santos, Reneilson, Souza, Danilo, Santo, Walter, Ribeiro, Admilson, Moreno, Edward
Format: Journal Article
Language:English
Published: Hoboken Wiley Subscription Services, Inc 25-08-2020
Subjects:
Algorithms
Classification
Computer simulation
Cybersecurity
Data centers
DDoS classification
decision tree
Decision trees
Denial of service attacks
Machine learning
Mininet
MLP
random forest
SDN environment
Security management
Software-defined networking
SVM
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Summary Summary Software‐Defined Networking (SDN) is an emerging network paradigm that has gained significant traction from many researchers to address the requirement of current data centers. Although central control is the major advantage of SDN, it is also a single point of failure if it is made unreachable by a Distributed Denial of Service (DDoS) attack. Despite the large number of traditional detection solutions that exist currently, DDoS attacks continue to grow in frequency, volume, and severity. This paper brings an analysis of the problem and suggests the implementation of four machine learning algorithms (SVM, MLP, Decision Tree, and Random Forest) with the purpose of classifying DDoS attacks in an SDN simulated environment (Mininet 2.2.2). With this goal, the DDoS attacks were simulated using the Scapy tool with a list of valid IPs, acquiring, as a result, the best accuracy with the Random Forest algorithm and the best processing time with the Decision Tree algorithm. Moreover, it is shown the most important features to classify DDoS attacks and some drawbacks in the implementation of a classifier to detect the three kinds of DDoS attacks discussed in this paper (controller attack, flow‐table attack, and bandwidth attack).
ISSN:1532-0626
1532-0634
DOI:10.1002/cpe.5402