DDoS Attack Detection in Software Defined Network via Machine Learning Algorithms

DDoS attacks are one of the serious network security threats facing the Internet. These attacks are a well-known and widely researched yet unsolved security challenge of traditional networks. Detection of DDoS attacks accurately and quickly is a key research topic in the security field. Software Defined Networking (SDN) is an emerging network innovation architecture that separates the network data plane and the control plane, which has the characteristics of network programmable, centralized management control, and interface opening. SDN brings new solution possibilities to existing deficiencies of the traditional networks. SDN controller has the global network view hence, it can detect DDoS attack rapidly and efficiently.

We can think of DDoS attack detection as a classification problem that is, classifying the given data and judging that whether the current network state is normal or abnormal. An SDN controller can periodically collect statistics for packet attributes from the switches. By using these statistics and employing machine learning algorithms (MLA), one can conclude that whether a DDoS attack exists or not. Hence the aim of this project is developing and comparing different MLA (SVM, kNN, naive bayes and etc.) for the detection of DDoS attack in an SDN environment. It could also be possible to try to detect different kind of DDoS attacks with a limited set of MLA.