Author
Listed:
- Ali Zaman
(College of Computing and Information Sciences, Karachi Institute of Economics and Technology, Karachi 75190, Pakistan)
- Salman A. Khan
(College of Computing and Information Sciences, Karachi Institute of Economics and Technology, Karachi 75190, Pakistan)
- Nazeeruddin Mohammad
(Cybersecurity Center, Prince Mohammad bin Fahd University, Al-Khobar 31952, Saudi Arabia)
- Abdelhamied A. Ateya
(EIAS: Data Science and Blockchain Laboratory, College of Computer and Information Sciences, Prince Sultan University, Riyadh 11586, Saudi Arabia)
- Sadique Ahmad
(EIAS: Data Science and Blockchain Laboratory, College of Computer and Information Sciences, Prince Sultan University, Riyadh 11586, Saudi Arabia)
- Mohammed A. ElAffendi
(EIAS: Data Science and Blockchain Laboratory, College of Computer and Information Sciences, Prince Sultan University, Riyadh 11586, Saudi Arabia)
Abstract
A software-defined network (SDN) is a new architecture approach for constructing and maintaining networks with the main goal of making the network open and programmable. This allows the achievement of specific network behavior by updating and installing software, instead of making physical changes to the network. Thus, SDNs allow far more flexibility and maintainability compared to conventional device-dependent architectures. Unfortunately, like their predecessors, SDNs are prone to distributed denial of service (DDoS) attacks. These attack paralyze networks by flooding the controller with bogus requests. The answer to this problem is to ignore machines in the network sending these requests. This can be achieved by incorporating classification algorithms that can distinguish between genuine and bogus requests. There is abundant literature on the application of such algorithms on conventional networks. However, because SDNs are relatively new, they lack such abundance both in terms of novel algorithms and effective datasets when it comes to DDoS attack detection. To address these issues, the present study analyzes several variants of the decision tree algorithm for detection of DDoS attacks while using two recently proposed datasets for SDNs. The study finds that a decision tree constructed with a hill climbing approach, termed the greedy decision tree, iteratively adds features on the basis of model performance and provides a simpler and more effective strategy for the detection of DDoS attacks in SDNs when compared with recently proposed schemes in the literature. Furthermore, stability analysis of the greedy decision tree provides useful insights about the performance of the algorithm. One edge that greedy decision tree has over several other methods is its enhanced interpretability in conjunction with higher accuracy.
Suggested Citation
Ali Zaman & Salman A. Khan & Nazeeruddin Mohammad & Abdelhamied A. Ateya & Sadique Ahmad & Mohammed A. ElAffendi, 2025.
"Distributed Denial of Service Attack Detection in Software-Defined Networks Using Decision Tree Algorithms,"
Future Internet, MDPI, vol. 17(4), pages 1-25, March.
Handle:
RePEc:gam:jftint:v:17:y:2025:i:4:p:136-:d:1618190
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:4:p:136-:d:1618190. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.