Machine learning algorithms to detect DDoS attacks in SDN

Software-Defined Networking (SDN) is an emerging network paradigm that has gained significant traction from many researchers to address the requirement of current data centers. Although central control is the major advantage of SDN, it is also a single point of failure if it is made unreachable by a Distributed Denial of Service (DDoS) attack. Despite the large number of traditional detection solutions that exist currently, DDoS attacks continue to grow in frequency, volume, and severity. This paper brings an analysis of the problem and suggests the implementation of four machine learning algorithms (SVM, MLP, Decision Tree, and Random Forest) with the purpose of classifying DDoS attacks in an SDN simulated environment (Mininet 2.2.2). With this goal, the DDoS attacks were simulated using the Scapy tool with a list of valid IPs, acquiring, as a result, the best accuracy with the Random Forest algorithm and the best processing time with the Decision Tree algorithm. Moreover, it is shown the most important features to classify DDoS attacks and some drawbacks in the implementation of a classifier to detect the three kinds of DDoS attacks discussed in this paper (controller attack, flow-table attack, and bandwidth attack).