Abstract
The software-defined network (SDN) has recently developed as a network paradigm due to its high network programmability and flexibility, which can overcome the difficulty in traditional networks by detaching the control plane from the data plane. Following the controller's decision in the control plane, the data plane will transfer the packets. This unified administration will make it possible to see the network architecture as a whole in an abstract way. The controller is exposed to a significant threat if control is lost due to its centralised structure. Data plane resources are attacked by the attacker by focusing on switches that support OpenFlow. DDoS attacks damage network performance by overloading the SDN controller and network links, depleting the victim's bandwidth, and flooding the server with massive amounts of data. To address this issue, the authors employ statistical-based and machine learning-based techniques in SDN controller to inspect the new incoming flows.
TopIntroduction
Traditional networks are challenging to operate due of their vertical integration. The data plane and control plane functions in modern networks are incorporated into the networking components. This limits the networking infrastructure's ability to adapt and innovate. Each network device needs to be individually configured using vendor-specific instructions in order to enforce security policies. This makes configuration more difficult and limits the ability to change the network dynamically. Software-Defined Network, a potent model that will foster more creativity in networking development and research, has recently been developed as a solution to these issues (Muthamil et al., 2020). Decoupling the control plane from the data plane is the fundamental tenet of SDN. The network administrator can take control of the complete network infrastructure using this approach. The core premise of SDN is to introduce dynamic programming ideas into data plane switching hardware via a southbound interface. The controller can have a global perspective of the network since it is logically centralised.
Distributed Denial of Service is one of the frequent and serious threats to the SDN because of its centralised structure (Muthamil et al., 2021). A DDoS attack's main goal is to reduce the network's performance by overtaxing the SDN controller and network links, using up all of the victim's bandwidth, and inundating the server with a tonne of data. Due to the high volume of malicious traffic, this causes the target system to lag, crash, or even shut down. The attacker can then impose the necessary tools on the compromised system in order to attack the server. A bot is a term used to describe this infected machine, while a botnet is a term used to describe a collection of compromised systems. In recent research, there has been a strong emphasis on providing a security solution against DDoS attacks in SDN systems.
In this paper, utilising statistical and machine learning techniques, we present a detection mechanism against DDoS attacks. Flow information is collected from incoming incoming flows and the essential features necessary to detect the DDoS attack are extracted. In order to train the machine learning classifier, we intend to employ NSL KDD Dataset. Finally, we employ a hybrid machine learning classifier to more effectively and accurately detect the attack with a low percentage of false alarms.
Key Terms in this Chapter
ML: Artificial intelligence (AI) in the form of machine learning (ML) enables computer programmes to forecast outcomes more accurately without having been expressly taught to do so. Machine learning algorithms forecast new output values using historical data as input.
DDoS: Distributed denial of service attack is a deliberate attempt to flood the target or its surrounding infrastructure with Internet traffic in order to maliciously disrupt the regular traffic of a targeted server, service, or network. By using numerous compromised computer systems as sources of attack traffic, DDoS attacks are made effective.
SDN: Software-defined networking is dynamic, manageable, affordable, and adaptive, making it perfect for the high-bandwidth, dynamic nature of today's applications. With this architecture, network control and forwarding operations are separated.