DETECTION OF LDDOS ATTACKS USING SDN NETWORKS WITH MACHINE LEARNING ELEMENTS

Abstract

The article is devoted to the detection of distributed denial-of-service (DDoS) attacks, which pose a serious threat to computer networks. This study explores the possibility of detecting low-rate DDoS attacks using machine learning based on software-defined networking (SDN). The research is conducted on the basis of the application of the latest approach to the deployment of corporate networks, using virtualization technology using SDN networks. This enables centralized management of the network architecture, regardless of its complexity, thanks to a software-based controller. SDN is implemented on the basis of the OpenFlow protocol, which manages traffic: redirects, allows or prohibits the flow based on established policies. Machine learning (ML) and deep learning (DL) technologies, combined with SDN, demonstrate considerable capability to efficiently counter these network threats. Previous research has mainly focused on high-frequency DDoS attacks, ignoring low-frequency DDoS attacks that resemble legitimate traffic and frequently used legacy datasets. Although researchers utilize multiple offline learning algorithms to detect DDoS attacks, online learning classifiers are still insufficiently studied. The aim of the research is to propose an intrusion detection model adapted for SDN networks using an online passive-aggressive learning classifier. The effectiveness of the proposed model in detecting low-rate DDoS attacks while maintaining a low level of false positives is evaluated using different data sets, including specially simulated traffic scenarios The suggested model attains an average detection rate of 99.7% for both normal and DDoS traffic, outperforming similar models on multiple datasets, and effectively detecting and localizing DDoS attacks. The proposed model will contribute to the development of effective mechanisms for detecting and responding to low-rate DDoS attacks in SDN networks.