Comparison of Feature Selection Methods for DDoS Attacks on Software Defined Networks using Filter-Based, Wrapper-Based and Embedded-Based

The development of internet technology is growing very rapidly. Moreover, keeping internet users protected from cyberattacks is part of the security challenges. Distributed Denial of Service (DDoS) is a real attack that continues to grow. DDoS attacks have become one of the most difficult attacks to detect and mitigate appropriately. Software Defined Network (SDN) architecture is a novel network management and a new concept of the infrastructure network. A controller is a single point of failure in SDN, which is the most dangerous of various attacks because the attacker can take control of the controller so that it can control all network traffic. Various detection and mitigation methods have been offered, but not many consider the capacity of the SDN controller. In this research, we propose a feature selection method for DDoS attacks. This research aims to select the most important features of DDoS attacks on SDN so that the detection of DDoS on SDN can be lightweight and early. This research uses a dataset [1] generated by a Mininet emulator. The simulation runs for benign TCP, UDP, and ICMP traffic and malicious traffic, which is the collection of TCP SYN attacks, UDP Flood attacks, and ICMP attacks. A total of 23 features are available in the dataset, some are extracted from the switches, and others are calculated. By using three methods, filter-based, wrapper-based, and embedded-based, we get consistent results where the pktcount feature is the highest feature importance of DDoS attacks on SDN.