Rational identification of suitable classification models for detecting ddos attacks in software-defined networks

Abstract

Software-Defined Network (SDN) is an approach where the network architecture is divided into 3 planes, namely the control plane, the data plane, and the application plane. It represents a major step forward from traditional, hardware-based networking to software-based networking where a programmable central controller, at the control plane, facilitates controlling the routing of data and allows for easier network management and scalability. On the other hand, the architecture makes the controller a target for many malicious attacks, most common of them being Distributed Denial of Service (DDoS) attacks. Thus, to address cybersecurity issues in SDN architecture, we investigated recent studies and trends that used Machine Learning algorithms to detect DDoS attacks in the control plane. We compared popular ML algorithms - k-Nearest Neighbors (k-NN), Support Vector Machine (SVM), Decision Trees (DT), Artificial Neural Network (ANN) - with different feature selection methods: Neighbourhood Component Analysis (NCA), and minimum Redundancy - Maximum Relevance (mRMR). Considering real-time DDoS attack detection, we have proposed an ensemble learning model that outperforms previously proposed models for detecting DDoS attacks. The proposed model utilizes feature selection and is generalized with a 10-Fold Cross Validation Recall of a 100%, F1-Score of 99.9988%, and Accuracy of 99.9990%.