Real-time DDoS detection in software-defined networks using machine learning

Abstract

As the landscape of the digital world keeps changing and getting more advanced, so do the sophistication and complexities of cyber threats. Distributed Denial of Service (DDoS) attacks have become a major threat to network security. Additionally, in software defined networks (SDN), the structure uses a controller to track down the network flow. In this research, we worked with a traditional static dataset, “CICIoT2023” in order to detect DDoS attacks on IoT devices with an efficient approach by applying effective feature engineering using Random Forest and PCA, followed by comparing various machine learning models including Random Forest, KNN, Decision Tree (DT), Logistic Regression (LR) and Naive Bayes. Using only 3 key features out of 47, the research shows that Random Forest selection method gives better accuracy for most of the ML models. Among those ML models, Decision Tree shows 99.97% accuracy with optimal model complexity. Our study also focused on constructing a network topology using Mininet simulation tool and Ryu controller in a SDN environment, which further complies with DDoS detection in real-time networks. Therefore, our research is not only focusing on the efficiency of the traditional approach but also on generating real-time networks to detect DDoS attacks simultaneously.