Enhancing the Detection Rate and Mitigation of DDoS Attacks in Software Defined Network Controller Using Hybrid Deep Learning Model

Abstract

Software-defined network (SDN) is a cutting-edge method of managing and controlling networks, using software-based controllers or application programming interfaces to interface with the underlying hardware that divides the data plane from the control plane. SDN resolved the issues with the conventional network architecture like lack of flexibility, scalability, and centralized control, leading to inefficient resource allocation, complex management, and limited adaptability to changing network requirements. However, there are several security risks that this new paradigm architecture is susceptible to, particularly DDoS attacks. This attack involves continuously sending packets to the computer networks or the controller which makes the controller out of service. Users won’t be able to access the system or network resources because of these attacks. Many researchers were using ML and nowadays, DL to detect DDoS attacks on SDN, where they lack mitigation of the detection they have done and mostly classification of the attack types and feature selection. In this paper, we classified the traffic into normal and different attack types found in both datasets used which are InSDN and CICDDoS2019. These data are publicly available and generated from the real scenario of the SDN environment. We classified the traffic by using various DL (deep learning) like LSTM (long short-term memory), RNN (recurrent neural network), MLP (multi-layer perception), and hybrid of the DL models with CNN (convolutional neural network), with a separate train test of 80/20. After choosing our dataset we pre-processed it by cleaning and transforming it. Next, we used the chi-square feature selection algorithm to select the highest relevant features from both our datasets. From our experimental results, we concluded that the hybrid CNN-MLP model demonstrated the highest performance metrics, achieving an accuracy of 99.89% using the CICDDoS2019 dataset and 99.91% using the InSDN dataset. Our model outperformed the baseline LSTM model by 0.46%, reaching the highest accuracy in both datasets. Furthermore, we successfully mitigated attacks classified by the hybrid model. Our network architecture, implemented using Mininet, comprised 3 POX controllers, 8 switches, and 30 hosts, with 2 hosts designated as attackers by applying flow rules to drop malicious packets based on identified attacker IP addresses. Additionally, to ensure network stability, if a bottleneck occurs on the main controller, the other controllers seamlessly will take over.