Real-Time Detection of DDoS Attacks Based on Random Forest in SDN

With the development of the Internet of Things, a huge number of devices are connected to the network, network traffic is exhibiting massive and low latency characteristics. At the same time, it is becoming cheaper and cheaper to launch DDoS attacks, and the attack traffic is becoming larger and larger. Software-defined networking SDN is proposed as a new network architecture. However, the controller as the core of SDN is vulnerable to DDoS attacks and causes a single point of failure in the network. This paper combines the ideas of distributed and edge computing, firstly, a DDoS attack detection algorithm using heterogeneous integrated feature selection and random forest algorithm is proposed. Then, this DDoS attack detection algorithm is distributed and deployed on the edge equipment switches of SDN to perform distributed edge parallel computing using the residual computing power of the switches for fast and accurate detection of DDoS attacks. Finally, simulation experiments are conducted in the SDN environment using the CIC-DDoS2019 dataset to evaluate the effectiveness and feasibility of the proposed scheme. The experimental results show that the performance evaluation metrics of this solution: accuracy, precision, recall and F-value all reach 99.99%, while the prediction time is only 0.4 s, all metrics are better than other DDoS attack detection methods in the same category. Therefore, this solution is able to detect DDoS attacks in a timely and accurate manner.

Automated summary

With the rapid development of the Internet of Things (IoT), network traffic is increasing exponentially due to a vast number of connected devices. This has led to a rise in Distributed Denial of Service (DDoS) attacks, which are becoming larger in scale and easier to launch. To address this, a distributed DDoS attack detection algorithm using feature selection and random forest is proposed in this paper. The algorithm is deployed on SDN edge switches for fast and accurate detection of DDoS attacks, leveraging the residual computing power of the switches. Experimental results demonstrate that the proposed solution outperforms other methods in terms of accuracy, precision, recall, and F-value, with a prediction time of only 0.4 seconds.