XGBoost Machine Learning Model-Based DDoS Attack Detection and Mitigation in an SDN Environment

XGBoost Machine Learning Model-Based DDoS Attack Detection and Mitigation in an SDN Environment

© 2023 by IJETT Journal
Volume-71 Issue-2
Year of Publication : 2023
Author : Arvind T, K. Radhika
DOI : 10.14445/22315381/IJETT-V71I2P237

How to Cite?

Arvind T, K. Radhika, "XGBoost Machine Learning Model-Based DDoS Attack Detection and Mitigation in an SDN Environment," International Journal of Engineering Trends and Technology, vol. 71, no. 2, pp. 349-361, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I2P237

SDN sparked tremendous interest because of its several benefits, such as simple programming, quick scalability, centralized administration, etc. However, security is a significant problem, and Distributed denial of service (DDoS) threats a major challenge for SDN. One way to safeguard a Software-Defined networking infrastructure from DDoS assaults is to use machine learning models. This study presents an XGBoost-based approach for DDoS detection and mitigation. It evaluates it against other Machine Learning techniques, including Logistic Regression, Naive Bayes, Decision Trees, XGBoost, and Multilayer Perceptron. This method will generate, collect, classify, detect, and then mitigate Distributed denial-of-service assaults. The results show that the suggested approach protects SDN from DDoS attacks with high accuracy and a low error level while making good use of network resources. Despite the short training and testing period, the proposed method detects DDoS attacks with greater accuracy.

SDN, DDoS, Machine learning, Mininet, Ryu.

[1] T Arvind, and Dr.K.Radhika, "Machine Learning Methods for Distributed DoS Attacks: Traffic Generation, Collection and Classification in an SDN Environment," International Journal of Application or Innovation in Engineering & Management, vol. 11, no. 8, pp. 1-8, 2022. Crossref, https://doi.org/10.2648/IJAIEM.1762.3462
[2] Kumar D, and Mrs. C. Veni, "IoE Security through Multi-Agent SDN," International Journal of Computer Trends and Technology, vol. 69, no. 12, pp. 5-9, 2021. Crossref, https://doi.org/10.14445/22312803/IJCTT-V69I12P102
[3] Dr.S.Kannan, and Mr.T.Pushparaj, "Creation of Testbed Security using Cyber-Attacks," SSRG International Journal of Computer Science and Engineering, vol. 4, no. 11, pp. 4-14, 2017. Crossref, https://doi.org/10.14445/23488387/IJCSE-V4I11P102
[4] K. Giotis et al., “Combining OpenFlow and sFlow for an Effective and Scalable Anomaly Detection and Mitigation Mechanism on SDN Environments,” Computer Networks, vol. 62, pp. 122–136, 2014. Crossref, https://doi.org/10.1016/j.bjp.2013.10.014
[5] Seyed Mohammad Mousavi, and Marc St-Hilaire, “Early Detection of Ddos Attacks Against SDN Controllers,” Proceedings of the International Conference on Computing, Networking and Communications, pp. 77–81, 2015. Crossref, https://doi.org/10.1109/ICCNC.2015.7069319
[6] Sangeetha M.V, and Bhavithra J, "Applying Packet Score Technique in SDN for DDoS Attack Detection," SSRG International Journal of Computer Science and Engineering, vol. 5, no. 6, pp. 20-24, 2018. Crossref, https://doi.org/10.14445/23488387/IJCSE-V5I6P104
[7] Fang-Yie Leu, and I-Long Lin, “A DoS/DDoS Attack Detection System Using Chi-Square Statistic Approach,” Systemics, Cybernetics and Informatics, vol. 8, no. 2, 2010.
[8] Beny Nugraha, and Rathan Narasimha Murthy, “Deep Learning-based Slow DDoS Attack Detection in SDN-based Networks,” IEEE Conference on Network Function Virtualization and Software Defined Networks, NFV-SDN, pp. 51–56, 2020. Crossref, https://doi.org/10.1109/NFV-SDN50289.2020.9289894
[9] Anupama Mishra, Neena Gupta, and B. B. Gupta, “Defense Mechanisms against DDos Attack Based on Entropy in SDN-Cloud Using Pox Controller,” Telecommunication Systems, vol. 77, no. 1, pp. 47–62, 2021. Crossref, https://doi.org/10.1007/s11235-020-00747-w
[10] Nisha Ahuja et al., “Automated DDoS Attack Detection in Software Defined Networking,” Journal of Network and Computer Applications, vol. 187, p. 103108, 2021. Crossref, https://doi.org/10.1016/j.jnca.2021.103108
[11] Liang Tan et al., “A New Framework for DDos Attack Detection and Defense in SDN Environment,” IEEE Access, vol. 8, pp. 161908– 161919, 2020. Crossref, https://doi.org/10.1109/ACCESS.2020.3021435
[12] Trung V. Phan, and Minho Park, “Efficient Distributed Denial-of-Service Attack Defense in SDN-Based Cloud,” IEEE Access, vol. 7, pp. 18701–18714, 2019. Crossref, https://doi.org/10.1109/ACCESS.2019.2896783
[13] Afsaneh Banitalebi Dehkordi, Mohammad Reza Soltanaghaei, and Farsad Zamani Boroujeni, “The DDos Attacks Detection through Machine Learning and Statistical Methods in SDN,” Journal of Supercomputing, vol. 77, no. 3, pp. 2383–2415, 2021. Crossref, https://doi.org/10.1007/s11227-020-03323-w
[14] Nisharani Meti, D G Narayan, and V. P. Baligar, “Detection of Distributed Denial of Service Attacks using Machine Learning Algorithms in Software Defined Networks,” 2017 International Conference on Advances in Computing, Communications and Informatics, pp.1366- 1371, 2017. Crossref, https://doi.org/10.1109/ICACCI.2017.8126031
[15] Mahmoud Said Elsayed, Nhien-An Le-Khac, and Anca D. Jurcut, “InSDN: A novel SDN Intrusion Dataset,” IEEE Access, vol. 8, pp. 165263-165284, 2020. Crossref, https://doi.org/10.1109/ACCESS.2020.3022633
[16] T Arvind, and Dr.K.Radhika, “An SDN Based DDoS Traffic Generation, Collection and Classification Using Machine Learning Techniques,” International Conference on Advanced Engineering Optimization Through Intelligent Techniques, Sardar Vallabhbhai National Institute of Technology, 2022.
[17] Obaid Rahman, Mohammad Ali Gauhar Quraishi, and Chung-Horng Lung, “DDoS Attacks Detection and Mitigation in SDN using Machine Learning,” IEEE World Congress on Services, pp. 184-189, 2019. Crossref, https://doi.org/10.1109/SERVICES.2019.00051
[18] Reneilson Santos et al., “Machine Learning Algorithms to Detect DDos Attacks in SDN,” Concurrency and Computation: Practice and Experience, vol. 32, no. 16, 2020. Crossref, https://doi.org/10.1002/cpe.5402
[19] Boyang Zhang, Tao Zhang, and Zhijian Yu, “DDoS Detection and Prevention Based on Artificial Intelligence Techniques,” 3rd IEEE International Conference on Computer and Communications, pp. 1276–1280, 2017. Crossref, https://doi.org/10.1109/CompComm.2017.8322748
[20] Shi Dong, and Mudar Sarem, “DDoS Attack Detection Method Based on Improved KNN with the Degree of DDoS Attack in Software Defined Networks,” IEEE Access, vol. 8, pp.5039-48, 2020. Crossref, https://doi.org/10.1109/ACCESS.2019.2963077
[21] Rochak Swami, Mayank Dave, and Virender Ranga, “Detection and Analysis of TCP-SYN DDos Attack in Software-Defined Networking,” Wireless Personal Communications, vol. 118, no. 4, pp. 2295–317, 2021. Crossref, https://doi.org/10.1007/s11277-021-08127-6
[22] Filippo Rebecchi et al., “DDoS protection with Stateful Software-Defined Networking,” International Journal of Network Management, vol. 29, no. 1, p. e2042, 2019. Crossref, https://doi.org/10.1002/nem.2042 .
[23] Rochak Swami, Mayank Dave, and Virender Ranga, “Software-Defined Networking based DDoS Defense Mechanisms,” ACM Computing Surveys, vol. 52, no. 2, pp. 1-36, 2019. Crossref, https://doi.org/10.1145/3301614
[24] Jupyter Notebook. [Online]. Available: https://jupyter.org/install
[25] Arvind T, and Dr.K.Radhika, “Comparative Assessment of SDN Openflow Controllers under Mininet Emulation Environment,” International Journal of Emerging Trends & Technology in Computer Science, vol. 11, no. 4, pp. 80-84, 2022.
[26] Trung V. Phan, and Minho Park, “Efficient Distributed Denial-of-Service Attack Defense in SDN-Based Cloud,” IEEE Access, vol. 7, pp. 18701-18714, 2019. Crossref, https://doi.org/10.1109/ACCESS.2019.2896783
[27] Sukhveer Kaur et al., "A Comprehensive Survey of DDoS Defense Solutions in SDN: Taxonomy, Research Challenges, and Future Directions," Computers & Security, vol. 110, p. 102423, 2021. Crossref, https://doi.org/10.1016/j.cose.2021.102423
[28] RYU SDN Framework Ryubook 1.0 Documentation. [Online]. Available: https://osrg.github.io/ryu-book/en/html
[29] Ryu Documentation. [Online]. Available: https://ryu.readthedocs.io/en/latest/getting_started.html
[30] Shi Dong, Khushnood Abbas, and Raj Jain, “A Survey on Distributed Denial of Service (Ddos) Attacks in SDN and Cloud Computing Environments,” IEEE Access, vol. 7, pp. 80813–80828, 2019. Crossref, https://doi.org/10.1109/ACCESS.2019.2922196
[31] Introduction to Mininet, GitHub. [Online]. Available: https://github.com/mininet/mininet/wiki/Introduction-to-Mininet
[32] Saurav Nanda et al., “Predicting Network Attack Patterns in SDN using Machine Learning Approach,” IEEE Conference on Network Function Virtualization and Software Defined Networks, pp. 167-172, 2016. Crossref, https://doi.org/10.1109/NFV-SDN.2016.7919493
[33] Matheus P. Novaes et al., “Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment,” IEEE Access, vol. 8, pp. 83765–83781, 2020. Crossref, https://doi.org/10.1109/ACCESS.2020.2992044
[34] Zohaib Hassan et al., “Detection of Distributed Denial of Service Attacks Using Snort Rules in Cloud Computing & Remote Control Systems,” IEEE 5th International Conference on Methods and Systems of Navigation and Motion Control, IEEE, pp. 283-288, 2018. Crossref, https://doi.org/10.1109/MSNMC.2018.8576287
[35] Hassan A. Alamri, and Vijey Thayananthan, “Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks against DDos Attacks,” IEEE Access, vol. 8, pp. 194269–194288, 2020. Crossref, https://doi.org/10.1109/ACCESS.2020.3033942
[36] Huseyin Polat, Onur Polat, and Aydin Cetin, “Detecting DDoS Attacks in Software-Defined Networks through Feature Selection Methods and Machine Learning Models,” Sustainability, vol. 12, no. 3, 2020. Crossref, https://doi.org/10.3390/su12031035
[37] Adel Alshamrani et al., “A Defense System for Defeating Ddos Attacks in SDN Based Networks,” MobiWac 2017 - Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, pp. 83–92, 2017. Crossref, https://doi.org/10.1145/3132062.3132074
[38] Peng Xiao, “An Efficient DDos Detection with Bloom Filter in SDN,” 2016 IEEE Trustcom/BigDataSE/ISPA, IEEE, pp. 1-6, 2016. Crossref, https://doi.org/10.1109/TrustCom.2016.0038
[39] Ahmed AlEroud, and Izzat Alsmadi, “Identifying Cyber-Attacks on Software Defined Networks: An Inference-Based Intrusion Detection Approach,” Journal of Network and Computer Applications, vol. 80, pp. 152-164, 2017. Crossref, https://doi.org/10.1016/j.jnca.2016.12.024
[40] Shahzeb Haider et al., “A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks,” IEEE Access, vol. 8, pp. 53972–53983, 2020. Crossref, https://doi.org/10.1109/ACCESS.2020.2976908
[41] Danish Sattar, Ashraf Matrawy, and OlufemiAdeojo, "Adaptive Bubble Burst (ABB): Mitigating DDoS attacks in Software-Defined Networks," 2016 17th International Telecommunications Network Strategy and Planning Symposium, pp. 50-55, 2016. Crossref, https://doi.org/10.1109/NETWKS.2016.7751152
[42] Kübra Kalkan et al., “JESS: Joint Entropy-based DDoS Defense Scheme in SDN,” IEEE Journal on Selected Areas in Communications, vol. 36, no. 10, pp. 2358–2372, 2018. Crossref, https://doi.org/10.1109/JSAC.2018.2869997
[43] V Deepa , K. Muthamil Sudar, and P Deepalakshmi, “Detection of DDoS Attack on SDN Control Plane using Hybrid Machine Learning Techniques,” Proceedings of the International Conference on Smart Systems and Inventive Technology, pp. 299-303, 2018. Crossref, https://doi.org/10.1109/ICSSIT.2018.8748836
[44] Aye Thandar Kyaw, May Zin Oo, and Chit Su Khin, “Machine-Learning Based DDOS Attack Classifier in Software Defined Network,” The 17th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, pp. 431-434, 2020. Crossref, https://doi.org/10.1109/ECTI-CON49241.2020.9158230
[45] Tsung-Han Lee, Lin-Huang Chang, and Chao-Wei Syu, “Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks,” 2020 IEEE International Conference on Communications Workshops (ICC Workshops), pp. 1-6, 2020. Crossref, https://doi.org/10.1109/iccworkshops49005.2020.9145085
[46] Dragos Comaneci, and Ciprian Dobre, “Securing Networks Using SDN and Machine Learning,” IEEE International Conference on Computational Science and Engineering, IEEE, pp. 194–200, 2018. Crossref, https://doi.org/10.1109/CSE.2018.00034
[47] Song Wang et al., “Detecting Flooding DDos Attacks in Software Defined Networks Using Supervised Learning Techniques,” Engineering Science and Technology, An International Journal, vol. 35, p. 101176, 2022. Crossref, https://doi.org/10.1016/j.jestch.2022.101176
[48] Rui Wang, Zhiping Jia, and Lei Ju, “An Entropy-Based Distributed DDos Detection Mechanism in Software-Defined Networking,” IEEE Trustcom/BigDataSE/ISPA, Helsinki, pp. 310–317, 2015. Crossref, https://doi.org/10.1109/Trustcom.2015.389