Attack detection analysis in software-defined networks using various machine learning method

The Software-Defined Network (SDN) provides a more flexible and effectively managed network design for next-generation networking. Network managers can easily manage and regulate the entire network using its programmable central controller architecture. This central controller serves as the focal po...

Full description

Saved in:
Bibliographic Details
Published inComputers & electrical engineering Vol. 108; p. 108655
Main Authors Wang, Yonghong, Wang, Xiaofeng, Ariffin, Mazeyanti Mohd, Abolfathi, Masoumeh, Alqhatani, Abdulmajeed, Almutairi, Laila
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.05.2023
Subjects
Attack detection
DDoS
Deep learning
Feature selection
Machine learning
Renyi joint entropy algorithm
Software denied networking
Deep learning
Feature selection
Attack detection
Software denied networking
Machine learning
Renyi joint entropy algorithm
DDoS
Online AccessGet full text

Cover

More Information
Summary:The Software-Defined Network (SDN) provides a more flexible and effectively managed network design for next-generation networking. Network managers can easily manage and regulate the entire network using its programmable central controller architecture. This central controller serves as the focal point for numerous attack vectors due to its centralized structure. However, Distributed Denial of Service (DDoS) attacks against the SDN is the most prominent. The goal of this project is to use a machine learning method to categorize SDN traffic as either attack or normal traffic. Next, the Feature Selection method, such as the Filter-based Fisher score method, Wrapper-based method, and analysis of variables (ANOVA) f-test, is used for finely-granulated detection. Then, a rule-based detection method using the Renyi joint entropy algorithm is employed to detect DDoS attacks on SDN controllers. We manage a public "DDoS attack SDN Dataset" with 23 attributes overall. The dataset includes normal and attack traffic for the Internet Control Message Protocol (ICMP), User Datagram Protocol (UDP), and Transmission Control Protocol (TCP). Except for attributes that specify the target and source machines, the dataset, which contains more than 100,000 recordings, has statistical features such as byte count, duration sec, packet rate, and packet per flow. In the classification process, many classifiers such as Artificial Neural Network (ANN), XGBoost (XGB), Support Vector Machine (SVM), and k-Nearest Neighbor (k-NN) were used. The test results demonstrated the efficacy and efficiency of the suggested strategy using the analysis of variables (ANOVA), which performed better than competing methods across a range of evaluation parameters.
ISSN:0045-7906
1879-0755
DOI:10.1016/j.compeleceng.2023.108655