Ensemble-Based DDoS Attack Detection Model for Software-Defined Networks by Utilizing Flow-Based Features
No Thumbnail Available
Date
2023-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
In this modern era, networking has advanced in a swift manner. The need for businesses to incorporate the benefits of having enormous amount of dynamic applications, services, physical objects, machines, etc is skyrocketing. Therefore, the networking infrastructure become more complex in terms of networking devices and resource utilization. Therefore, the traditional networking paradigm becomes ineffective and inefficient to handle those requirements. As a result, Software Defined Networking (SDN), gets more consideration from researchers and practitioners.
In contrast to the traditional networking paradigm, SDN has efficient resource utilization, simple network management capability, better performance, network virtualization capability, and network programmability capability. But, it is with some serious network security issues like network tampering, unauthorized access, flow rule conflict, poor controller deployment, and Distributed Denial of Service attack (DDoS). Among these security issues DDoS is one of the
devastating attacks on SDN. As a result, several studies are conducted to detect DDoS on SDN networks by utilizing statistical approaches, traditional machine learning (ML) approaches, and state-of-the-art techniques like DL. The traditional ML techniques are less efficient in contrast with the state-of-the-art approaches like DL. On the other hand, the state-of-the-art techniques are computationally complex. To overcome this problem, we proposed an ensemble-based DDoS detection model for SDN by utilizing flow-based dataset.
The experiment is conducted using the InSDN dataset. The dataset contains the normal group that contains the normal traffic, the metasploitable-2 group which contains attacks that target the metasploitable-2 server, and the Open Virtual Switch (OVS) group contains attacks that target the OVS machine. Because the dataset contains attacks like DoS, DDoS, Web Attacks, R2L, Malware, Probe, and U2R attacks, it is a must for us to separate the DDoS attack data to prepare it for our purpose. Furthermore, we split the dataset into 70% for training, and 30% for testing purposes.
The result shows that the adaptive boosting ensemble technique has the highest accuracy with a value of 100%. But, when it comes to latency the gradient boosting algorithm has the minimum latency with a value of 60.6 ms. On the contrary, the KNN_DT-based stacking algorithm has the highest latency with 119,431.5 ms
Description
Keywords
Software Defined Network (SDN), Distributed Denial of Service Attack (DDoS), Machine Learning (ML), Ensemble-Based Algorithms