DDoS Attack Detection and Mitigation in SDN using Machine Learning

Software Defined Networking (SDN) is a networking paradigm that has been very popular due to its advantages over traditional networks with regard to scalability, flexibility, and its ability to solve many security issues. Nevertheless, SDN networks are exposed to new security threats and attacks, especially Distributed Denial of Service (DDoS) attacks. For this aim, we have proposed a model able to detect and mitigate attacks automatically in SDN networks using Machine Learning (ML). Different than other approaches found in literature which use the native flow features only for attack detection, our model extends the native features. The extended flow features are the average flow packet size, the number of flows to the same host as the current flow in the last 5 seconds, and the number of flows to the same host and port as the current flow in the last 5 seconds. Six ML algorithms were evaluated, namely Logistic Regression (LR), Naive Bayes (NB), K-Nearest Neighbor (KNN), Support Vector Machine (SVM), Decision Tree (DT), and Random Forest (RF). The experiments showed that RF is the best performing ML algorithm. Also, results showed that our model is able to detect attacks accurately and quickly, with a low probability of dropping normal traffic.