Detection of distributed denial of service attacks in software defined networks

• Published in: 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI) pp. 2576 - 2581
• Main Authors: Barki, Lohit, Shidling, Amrit, Meti, Nisharani, Narayan, D. G., Mulla, Mohammed Moin
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.09.2016
• Subjects: Clustering algorithms; Computer architecture; Computer crime; DDoS; IDS; Machine learning algorithms; SDN; Servers; Software; Training
• DOI: 10.1109/ICACCI.2016.7732445

Software Defined Network (SDN) architecture is a new and novel way of network management. In SDN, switches do not process the incoming packets. They match for the incoming packets in the forwarding tables and if there is none it will be sent to the controller for processing which is the operating system of the SDN. A Distributed Denial of Service (DDoS) attack is a biggest threat to cyber security in SDN network. The attack will occur at the network layer or the application layer of the compromised systems that are connected to the network. In this paper we discuss the DDoS attacks from the traces of the traffic flow. We use different machine learning algorithms such as Naive Bayes, K-Nearest neighbour, K-means and K-medoids to classify the traffic as normal and abnormal. Then these algorithms are measured using parameters such as detection rate and efficiency. The algorithm having more accuracy is chosen to implement Signature IDS and results of it are then processed by Advanced IDS which detects anomalous behaviour based on open connections and provides accurate results of the hosts specifying which hosts is involved in the DDOS attack.