A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs

Software Defined Networking (SDN) is an emerging network platform, which facilitates centralised network management. The SDN enables the network operators to manage the overall network consistently and holistically, regardless the complexity of infrastructure devices. The promising features of the SDN enhance network security and facilitate the implementation of threat detection systems through software applications using open APIs. However, the emerging technology creates new security concerns and new threats that do not exist in the current traditional networks. Distributed Denial of Service attacks (DDoS) are one of the most rampant attacks that can interrupt the functionality of the network and make most of the network services unreachable for network users. The efficient identification of DDos attacks on SDN environments in literature is still a challenge because of the number of network features taken into account and the overhead of applying machine learning based anomaly detection techniques. Hence, in this paper, we aim to use two popular feature selection methods, i.e., Information Gain (IG) and Random Forest (RF) in order to analyse the most comprehensive relevant features of DDoS attacks in SDN networks. Using the most relevant features will improve the accuracy of the anomaly detection system and reduce the false alarm rates. Moreover, we propose a Deep Learning (DL) technique based on Long Short Term Memory (LSTM) and Autoencoder to tackle the problem of DDoS attacks in SDNs. We perform our analysis and evaluation on three different datasets, i.e., InSDN, CICIDS2017 and CICIDS2018. We also measure the overhead of the proposed DL model on the SDN controller and test the network performance in terms of network throughput and end-to-end latency. The results validate that the DL approach can efficiently identify DDoS attacks in SDN environments without any significant degradation in the controller performance.

Automated summary

Software Defined Networking (SDN) is an emerging network platform that enables centralised network management. However, it also brings new security concerns, such as Distributed Denial of Service (DDoS) attacks. This paper proposes using feature selection methods and deep learning techniques to tackle DDoS attacks in SDN networks.