An Efficient IDS Framework for DDoS Attacks in SDN Environment

The rapid usage of the Internet for the last few decades has lead to the deployment of high-speed networks in commercial and educational institutions. As network traffic is increasing, security challenges are also increasing in the high-speed network. Although the Intrusion Detection System (IDS) has a significant role in spotting potential attacks, the heavy traffic flow causes severe technical challenges relating to monitoring and detecting the network activities. Moreover, the devastating nature of the Distributed Denial-of-Service (DDoS) attack draws out as a significant cyber-attack regardless of the emergence of Software Defined Network (SDN) architecture. This paper proposes a novel framework to address the performance issues of IDS and the design issues of SDN about DDoS attacks by incorporating intelligence in the data layer using Data Plane Development Kit (DPDK) in the SDN architecture. This novel framework is named as DPDK based DDoS Detection (D3) framework, since DPDK provides fast packet processing and monitoring in the data plane. Moreover, the statistical anomaly detection algorithm implemented in the data plane as Virtual Network Function (VNF) using DPDK offers fast detection of DDoS attacks. The experimental results of the D3 framework guarantee both efficiency and effect of the novel IDS framework. The publicly available CIC DoS datasets also ensure the detection effect of a single statistical anomaly detection algorithm against the DDoS attack.