Real-time DDoS Detection and Mitigation in Software Defined Networks using Machine Learning Techniques

Software Defined Network (SDN) is the new era of networking technology based on a centralized controller that separates the switch hardware from its operating software. The most important challenge is the security of SDN and the most prominent attack is the Distributed Denial of Service (DDoS) attack. Some of the research work done so far detects DDoS attacks using a threshold, which is usually assumed without proper scientific reason and hence may not be always accurate. The mitigation techniques used by some researchers block the host from sending the network traffic beyond a threshold, by installing drop rules in the flow table of the switch connected to that host. Doing so will not only block the attack traffic but also the genuine ones from other applications of that host. In this paper, we propose a model that calculates the threshold limit for the type of applications sending data to a particular switch, in real-time using a machine learning (ML) model, and determines whether that application traffic is DDoS traffic. After the detection, only application type sending DDoS traffic is blocked while other genuine applications are allowed to send the network traffic without any interruption. The use of a dynamic threshold, based on the current network traffic, will help in detecting DDoS efficiently.