Real-time distributed denial of service attack detection on software defined networking environment

Abstract

In today's increasingly internet-reliant world, cyber-attacks are increasing rapidly. Among these threats, Distributed Denial of Service (DDoS) stands out as a terrible cyber-attack, capable of disrupting access to essential resources for legitimate users. The evolution of technology has made it remarkably easy and cost-effective to execute large-scale DDoS attacks. Moreover, DDoS attacks continually evolve in sophistication, making them challenging to trace out it effectively. This paper focuses on the way of DDoS detection within the Software-Defined Networking (SDN) environment, presenting a novel approach that emphasizes real-time detection through the integration of machine learning. While SDN architecture boasts dynamic and centralized control over network technology, enhancing the efficient management of network resources, it remains susceptible to DDoS threats. Recognizing this vulnerability, here proposed leveraging SDN for a simulation process aimed at analyzing traffic patterns in real-time. The simulation involves the creation of a comprehensive network environment with the necessary number of hosts, servers, and attackers. Here used HOIC/LOIC and hping3 to generate various DDoS attacks and normal data from normal traffic capture. To collect relevant data for analysis, here employed the Wireshark, a network analyzer and CICFlowMeter-4.0 are employed here, complemented by the SDN-Ryu controller to capture both normal traffic labeled as ‘0’ and attack traffic labeled as ‘1’. Subsequently, machine learning algorithms are applied to classify the collected data, utilizing a previously generated dataset. Six supervised machine learning models ware implemented to detect DDoS and calculated Precision, Recall, and F1-score, and the resulting ROC/AUC curve is plotted to assess the accuracy of the detection system. Remarkably, the findings reveal a high accuracy rate of 99.99% for KNN, DT and RF machine learning models. This indicates the effectiveness of the proposed system in accurately identifying DDoS attacks in real-time. The integration of machine learning algorithms, coupled with SDN capabilities, presents a promising solution to the complex challenge of DDoS detection. In a nutshell, the proposed DDoS detection system, utilizing SDN and machine learning, emerges as a valuable tool for strengthening the security of networks and computer systems. As the landscape of cyber threats undergoes constant evolution, it is crucial to continuously develop and deploy sophisticated detection mechanisms to outpace potential adversaries for an organization. This project contributes to the growing body of knowledge that can be applicable in the field of cybersecurity, offering insights and solutions to address the ever-evolving challenges of availability of the service of the organization posed by DDoS attacks in contemporary network environments.