An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers
Software-Defined Networking (SDN) is a new paradigm that revolutionizes the idea of a software-driven network through the separation of control and data planes. It addresses the problems of traditional network architecture. Nevertheless, this brilliant architecture is exposed to several security thr...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2021-02-01
|
| Series: | Technologies |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7080/9/1/14 |
| _version_ | 1827600743847165952 |
|---|---|
| author | James Dzisi Gadze Akua Acheampomaa Bamfo-Asante Justice Owusu Agyemang Henry Nunoo-Mensah Kwasi Adu-Boahen Opare |
| author_facet | James Dzisi Gadze Akua Acheampomaa Bamfo-Asante Justice Owusu Agyemang Henry Nunoo-Mensah Kwasi Adu-Boahen Opare |
| author_sort | James Dzisi Gadze |
| collection | DOAJ |
| description | Software-Defined Networking (SDN) is a new paradigm that revolutionizes the idea of a software-driven network through the separation of control and data planes. It addresses the problems of traditional network architecture. Nevertheless, this brilliant architecture is exposed to several security threats, e.g., the distributed denial of service (DDoS) attack, which is hard to contain in such software-based networks. The concept of a centralized controller in SDN makes it a single point of attack as well as a single point of failure. In this paper, deep learning-based models, long-short term memory (LSTM) and convolutional neural network (CNN), are investigated. It illustrates their possibility and efficiency in being used in detecting and mitigating DDoS attack. The paper focuses on TCP, UDP, and ICMP flood attacks that target the controller. The performance of the models was evaluated based on the accuracy, recall, and true negative rate. We compared the performance of the deep learning models with classical machine learning models. We further provide details on the time taken to detect and mitigate the attack. Our results show that RNN LSTM is a viable deep learning algorithm that can be applied in the detection and mitigation of DDoS in the SDN controller. Our proposed model produced an accuracy of 89.63%, which outperformed linear-based models such as SVM (86.85%) and Naive Bayes (82.61%). Although KNN, which is a linear-based model, outperformed our proposed model (achieving an accuracy of 99.4%), our proposed model provides a good trade-off between precision and recall, which makes it suitable for DDoS classification. In addition, it was realized that the split ratio of the training and testing datasets can give different results in the performance of a deep learning algorithm used in a specific work. The model achieved the best performance when a split of 70/30 was used in comparison to 80/20 and 60/40 split ratios. |
| first_indexed | 2024-03-09T04:42:28Z |
| format | Article |
| id | doaj.art-e69c0865d55b4ea4819a8a6d9bc4ed2d |
| institution | Directory Open Access Journal |
| issn | 2227-7080 |
| language | English |
| last_indexed | 2024-03-09T04:42:28Z |
| publishDate | 2021-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Technologies |
| spelling | doaj.art-e69c0865d55b4ea4819a8a6d9bc4ed2d2023-12-03T13:19:39ZengMDPI AGTechnologies2227-70802021-02-01911410.3390/technologies9010014An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN ControllersJames Dzisi Gadze0Akua Acheampomaa Bamfo-Asante1Justice Owusu Agyemang2Henry Nunoo-Mensah3Kwasi Adu-Boahen Opare4Faculty of Electrical and Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi Ghana AK-039-5028, GhanaFaculty of Electrical and Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi Ghana AK-039-5028, GhanaFaculty of Electrical and Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi Ghana AK-039-5028, GhanaFaculty of Electrical and Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi Ghana AK-039-5028, GhanaFaculty of Electrical and Computer Engineering, Kwame Nkrumah University of Science and Technology, Kumasi Ghana AK-039-5028, GhanaSoftware-Defined Networking (SDN) is a new paradigm that revolutionizes the idea of a software-driven network through the separation of control and data planes. It addresses the problems of traditional network architecture. Nevertheless, this brilliant architecture is exposed to several security threats, e.g., the distributed denial of service (DDoS) attack, which is hard to contain in such software-based networks. The concept of a centralized controller in SDN makes it a single point of attack as well as a single point of failure. In this paper, deep learning-based models, long-short term memory (LSTM) and convolutional neural network (CNN), are investigated. It illustrates their possibility and efficiency in being used in detecting and mitigating DDoS attack. The paper focuses on TCP, UDP, and ICMP flood attacks that target the controller. The performance of the models was evaluated based on the accuracy, recall, and true negative rate. We compared the performance of the deep learning models with classical machine learning models. We further provide details on the time taken to detect and mitigate the attack. Our results show that RNN LSTM is a viable deep learning algorithm that can be applied in the detection and mitigation of DDoS in the SDN controller. Our proposed model produced an accuracy of 89.63%, which outperformed linear-based models such as SVM (86.85%) and Naive Bayes (82.61%). Although KNN, which is a linear-based model, outperformed our proposed model (achieving an accuracy of 99.4%), our proposed model provides a good trade-off between precision and recall, which makes it suitable for DDoS classification. In addition, it was realized that the split ratio of the training and testing datasets can give different results in the performance of a deep learning algorithm used in a specific work. The model achieved the best performance when a split of 70/30 was used in comparison to 80/20 and 60/40 split ratios.https://www.mdpi.com/2227-7080/9/1/14SDNDDoSmachine learningdeep learning |
| spellingShingle | James Dzisi Gadze Akua Acheampomaa Bamfo-Asante Justice Owusu Agyemang Henry Nunoo-Mensah Kwasi Adu-Boahen Opare An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers Technologies SDN DDoS machine learning deep learning |
| title | An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers |
| title_full | An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers |
| title_fullStr | An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers |
| title_full_unstemmed | An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers |
| title_short | An Investigation into the Application of Deep Learning in the Detection and Mitigation of DDOS Attack on SDN Controllers |
| title_sort | investigation into the application of deep learning in the detection and mitigation of ddos attack on sdn controllers |
| topic | SDN DDoS machine learning deep learning |
| url | https://www.mdpi.com/2227-7080/9/1/14 |
| work_keys_str_mv | AT jamesdzisigadze aninvestigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT akuaacheampomaabamfoasante aninvestigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT justiceowusuagyemang aninvestigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT henrynunoomensah aninvestigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT kwasiaduboahenopare aninvestigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT jamesdzisigadze investigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT akuaacheampomaabamfoasante investigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT justiceowusuagyemang investigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT henrynunoomensah investigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers AT kwasiaduboahenopare investigationintotheapplicationofdeeplearninginthedetectionandmitigationofddosattackonsdncontrollers |