DDoS Attack Early Detection and Mitigation System on SDN using Random Forest Algorithm and Ryu Framework
Title | DDoS Attack Early Detection and Mitigation System on SDN using Random Forest Algorithm and Ryu Framework |
Publication Type | Conference Paper |
Year of Publication | 2021 |
Authors | Nurwarsito, Heru, Nadhif, Muhammad Fahmy |
Conference Name | 2021 8th International Conference on Computer and Communication Engineering (ICCCE) |
Date Published | June 2021 |
Publisher | IEEE |
ISBN Number | 978-1-7281-1065-3 |
Keywords | Classification algorithms, composability, DDoS, DDoS attack mitigation, denial-of-service attack, Heuristic algorithms, Human Behavior, machine learning, Metrics, pubcrawl, random forest algorithm, resilience, Resiliency, Ryu Framework, Scalability, SDN, Servers, Software, Switches |
Abstract | Distributed Denial of Service (DDoS) attacks became a true threat to network infrastructure. DDoS attacks are capable of inflicting major disruption to the information communication technology infrastructure. DDoS attacks aim to paralyze networks by overloading servers, network links, and network devices with illegitimate traffic. Therefore, it is important to detect and mitigate DDoS attacks to reduce the impact of DDoS attacks. In traditional networks, the hardware and software to detect and mitigate DDoS attacks are expensive and difficult to deploy. Software-Defined Network (SDN) is a new paradigm in network architecture by separating the control plane and data plane, thereby increasing scalability, flexibility, control, and network management. Therefore, SDN can dynamically change DDoS traffic forwarding rules and improve network security. In this study, a DDoS attack detection and mitigation system was built on the SDN architecture using the random forest machine-learning algorithm. The random forest algorithm will classify normal and attack packets based on flow entries. If packets are classified as a DDoS attack, it will be mitigated by adding flow rules to the switch. Based on tests that have been done, the detection system can detect DDoS attacks with an average accuracy of 98.38% and an average detection time of 36 ms. Then the mitigation system can mitigate DDoS attacks with an average mitigation time of 1179 ms and can reduce the average number of attack packets that enter the victim host by 15672 packets and can reduce the average number of CPU usage on the controller by 44,9%. |
URL | https://ieeexplore.ieee.org/document/9467167 |
DOI | 10.1109/ICCCE50029.2021.9467167 |
Citation Key | nurwarsito_ddos_2021 |