Detecting distributed denial of service attacks using Machine Learning

Abstract

Software-defined network (SDN) has become a revolutionary aspect in networks because it provides more control and network operation over a network infrastructure. The SDN controller is considered as the operating system of the SDN based network infrastructure which is responsible for executing the different network applications and maintaining the network services and functionalities. Despite all its tremendous capabilities, the SDN faces many security issues due to the complexity of the SDN architecture. A DDoS attack is a common attack on SDN due to its centralized architecture, especially at the control layer of the SDN that has a network-wide impact of exhausting network resources thereby resulting in non availability of services to serve legitimate requests. Machine learning is now widely used for fast detection of these attacks.The main objective of this project is therefore to detect the DDOS attacks and classify the normal or attack traffic using machine learning algorithms. In this proposed system, a comparative analysis of feature selection and machine learning classifiers was also derived to detect the malicious attacks.We first used SVM, KNN, Naive Bayes, and logistic Regression classifiers to detect the attacks due to their accurate classification and less complexity. However, it was observed that the trained and validated model results from the 4 classifiers (SVM, KNN, Na¨ıve Bayes and logistic regression) were not satisfactory enough in detecting DDoS attacks, with almost 3 classifiers producing accuracies below 75%. Therefore, we designed a hybrid machine learning model (Random Forest Classifier) whose inputs are the outputs and initial predictions of the 4 classifiers so as to obtain better model results in accurately distinguishing DDoS attacks from normal traffic. The hybrid model was able to produce an accuracy of 96.93%, hence a far better performance compared to each of the individual classifiers. The DDoS attack SDN dataset was used to train and test our proposed model. The results reveal that the hybrid model performs better than each of the individual ML classifiers in detecting DDoS attacks.