Developing a model to detect and prevent DDoS attacks in SDN environments using machine learning

Raad Abdo Mohammed Al Selwi; Mogeeb Abdulhakim Saeed; Mohammed Ahmed M. Saif; Ammar Hasan M. Almagashi; Abdullah Mofareh Saleh Saeed; Fuad Abdo Mahyoub Mohammed

Developing a model to detect and prevent DDoS attacks in SDN environments using machine learning

Authors

Raad Abdo Mohammed Al Selwi Department of IT, Al Saeed faculty for Engineering and IT, Taiz University, Yemen Department of Cyber Security, Engineering and IT Faculty, Al Saeed University, Yemen
Mogeeb Abdulhakim Saeed Department of CNDS, Al Saeed faculty for Engineering and IT, Taiz University, Yemen
Mohammed Ahmed M. Saif Department of CNDS, Al Saeed faculty for Engineering and IT, Taiz University, Yemen
Ammar Hasan M. Almagashi Department of CNDS, Al Saeed faculty for Engineering and IT, Taiz University, Yemen
Abdullah Mofareh Saleh Saeed Department of CNDS, Al Saeed faculty for Engineering and IT, Taiz University, Yemen
Fuad Abdo Mahyoub Mohammed Department of CNDS, Al Saeed faculty for Engineering and IT, Taiz University, Yemen

Keywords:

Software Defined Networking, Denial-of-Service attack, Machine learning, Detect and prevent DDoS attack

Abstract

A developing architecture called Software-Defined Networking (SDN) is dynamic, manageable, affordable, and adaptive, making it perfect for the high-bandwidth, dynamic nature of today's applications. The network control and forwarding functions are separated in this design, allowing for direct programming of the network control and the abstraction of the underlying infrastructure for applications and network services. One type of cyber-attack that affects the infrastructure of these networks is a Distributed Denial-of-Service (DDoS) attack. When a victim is the target of a DDoS attack, the servers are jammed or overwhelmed with the malicious traffic to prevent the legitimate users from accessing their accounts or legitimate online services. To detect and prevent this attack, in this paper we developed a model to detect and prevent a DDoS attack in SDN environments using machine learning. The proposed model work to detect the attack by identifying the attacker's switch ID and port number, and collect them as a unique number that is added to a special list. Before processing data traffic for any device, the ID number and port number are combined as a unique number, and the list is searched. If they match, this data is ignored, without closing the controller.