DDoS Attack Detection in Software Defined Networks by various Metrics

Abstract

Background: Software-Defined Networks (SDNs) are a new architectural approach to smart centralized control networks that were introduced alongside Open Flow in 2011. SDNs are programmed using software applications that help operators manage the network in a fully consistent and comprehensive way. Centralization in these networks is considered a weakness, especially if it is accessed by a Distributed Denial of Service (DDoS) attack - which is the process of uploading huge floods of various sorts of traffic to a website, from multiple sources, in order to make it and its services inaccessible to users. Method: In our current research, we will build an SDN through a Mininet virtualization simulator, and by using Python. A DDoS attack will be detected depending on two facts: firstly, Traffic State - which normally sees traffic packets sent at around 30 packets per second (DDoS packets are about 250 packets per second and will completely disrupt the network if the attack persists). Secondly, the number of IP Hits. The method used in the research appears very effective in detecting DDoS, according to the results we have achieved. Result: The proposed performance of the system: The Precision (PREC), Recall (REC), and F-Measure (F1) metrics have been used for assessment. Conclusion: The novelty of the current research lies in the detection of penetration in SDN networks, by calculating the number of hits by the hacker's device and the number of times they enter the main device in the network, in addition to the large amount of data sent by the hacker's device to the network. The experimental results are promising as compared with the datasets like CIC-DoS, CICIDS2017, CSE-CIC-IDS2018, and customized dataset. The results ranged between 90% and 96%.