Using Machine Learning and Software-Defined Networking to Detect and Mitigate DDoS Attacks in Fiber-Optic Networks

Abstract

Fiber optic networks (FONs) are considered the backbone of telecom companies worldwide. However, the network elements of FONs are scattered over a wide area and managed through a centralized controller based on intelligent devices and the internet of things (IoT), with actuators used to perform specific tasks at remote locations. During the COVID-19 pandemic, many telecom companies advised their employees to manage the network using the public internet (e.g., working from home while connected to an IoT network). Theses IoT devices mostly have weak security algorithms that are easily taken-over by hackers, and therefore can generate Distributed Denial of Service (DDoS) attacks in FONs. A DDoS attack is one of the most severe cyberattack types, and can negatively affect the stability and quality of managing networks. Nowadays, software-defined networks (SDN) constitute a new approach that simplifies how the network can be managed through a centralized controller. Moreover, machine learning algorithms allow the detection of incoming malicious traffic with high accuracy. Therefore, combining SDN and ML approaches can lead to detecting and stopping DDoS attacks quickly and efficiently, especially compared to traditional methods. In this paper, we evaluated six ML models: Logistic Regression, K-Nearest Neighbor, Support Vector Machine, Naive Bayes, Decision Tree, and Random Forest. The accuracy reached 100% while detecting DDoS attacks in FON with two approaches: (1) using SVM with three features (SOS, SSIP, and RPF) and (2) using Random Forest with five features (SOS, SSIP, RPF, SDFP, and SDFB). The training time for the first approach was 14.3 s, whereas the second approach only requires 0.18 s; hence, the second approach was utilized for deployment.