DDoS Attack Detection and Classification Using Entropy and Deep Learning Model for Multi-controller SDN

Abstract

The data and control planes are separated by software defined network (SDN), which also addresses the challenge of deploying new services and offers various advantages for networking. But that didn’t mean SDN solves every problem in networks like “security, and reliability remain as the issues yet to be addressed. In a such case SDN is more vulnerable to Distributed-Denial of Service (DDoS) attacks. The attacker can launch DDoS attacks to the controller in order to make the controller out of service. Most papers are focused on a single controller topology which leads to a single controller failure, use binary classification which leads to lack of detailed classification of the attack type. In this thesis, to address the DDoS security issue in multi-controller SDN, a system based on information entropy and deep learning has been proposed. The advantages of information entropy and deep learning are combined in this technique. This Two-level detection is used for network traffic to ensure high accuracy and reduced the workload of deep detection server controller at the same time. Firstly, suspicious traffic can be reviewed through information entropy detection by the controller. Then, fine-grained packet-based detection is performed by the Long Short-Term Memory (LSTM) to classify the attack in to different attack type category. Finally, the controller sends the updated traffic information to neighbor controllers. To avoid a single point of controller failure in our thesis, we use a multi-controller which is a logically centralized and physically distributed controller. To address lack of detail attack classification we use categorical classification. This type of classification allowed to make specific Attack classification in which what type of attack is coming to the controller. And also, we used the chi-square (x2 ) test feature selection algorithm to reveal the most relevant features that scored the highest in the provided data set, only the most pertinent features were picked. The experiment finding proves that the proposed LSTM model achieved an accuracy of up to 99.42% using CIC-DDoS2019 dataset which has the potential to detect and classify the DDoS attack traffic effectively in the multi-controller SDN environment. As we have noticed from the related models that our proposed model has enhanced by 0.42% accuracy which is higher than Recurrent Neural Network -Autoencoder (RNN-AE) model on the CICDDoS2019 data set. Also, it improves by 0.44% accuracy which is higher than the Convolutional Neural Network (CNN) model on the ICICDDoS2017 data set.