IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v12y2020i3p1035-d315107.html
   My bibliography  Save this article

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Author

Listed:
  • Huseyin Polat

    (Faculty of Technology, Gazi University, Ankara 06500, Turkey)

  • Onur Polat

    (Faculty of Technology, Gazi University, Ankara 06500, Turkey)

  • Aydin Cetin

    (Faculty of Technology, Gazi University, Ankara 06500, Turkey)

Abstract

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

Suggested Citation

  • Huseyin Polat & Onur Polat & Aydin Cetin, 2020. "Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models," Sustainability, MDPI, vol. 12(3), pages 1-16, February.
    • Handle: RePEc:gam:jsusta:v:12:y:2020:i:3:p:1035-:d:315107
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/12/3/1035/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/12/3/1035/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Babangida Isyaku & Mohd Soperi Mohd Zahid & Maznah Bte Kamat & Kamalrulnizam Abu Bakar & Fuad A. Ghaleb, 2020. "Software Defined Networking Flow Table Management of OpenFlow Switches Performance and Security Challenges: A Survey," Future Internet, MDPI, vol. 12(9), pages 1-30, August.
    2. Hubert Szczepaniuk & Edyta Karolina Szczepaniuk, 2022. "Applications of Artificial Intelligence Algorithms in the Energy Sector," Energies, MDPI, vol. 16(1), pages 1-24, December.
    3. Mazhar Javed Awan & Umar Farooq & Hafiz Muhammad Aqeel Babar & Awais Yasin & Haitham Nobanee & Muzammil Hussain & Owais Hakeem & Azlan Mohd Zain, 2021. "Real-Time DDoS Attack Detection System Using Big Data Approach," Sustainability, MDPI, vol. 13(19), pages 1-19, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:12:y:2020:i:3:p:1035-:d:315107. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.