Optimizing DDoS Detection in SDNs Through Machine Learning Models

TL;DR

This paper evaluates machine learning models for DDoS detection in SDNs, demonstrating that RF and XGB achieve perfect accuracy and reliability, especially with balanced datasets, addressing existing detection challenges.

Contribution

It introduces an effective approach using RF and XGB models for DDoS detection in SDNs, emphasizing the importance of dataset balance for improved accuracy and reliability.

Findings

RF and XGB achieved perfect accuracy and AUC scores.

XGB had the lowest Brier Score, indicating highest reliability.

Balanced datasets significantly improve detection performance.

Abstract

The emergence of Software-Defined Networking (SDN) has changed the network structure by separating the control plane from the data plane. However, this innovation has also increased susceptibility to DDoS attacks. Existing detection techniques are often ineffective due to data imbalance and accuracy issues; thus, a considerable research gap exists regarding DDoS detection methods suitable for SDN contexts. This research attempts to detect DDoS attacks more effectively using machine learning algorithms: RF, SVC, KNN, MLP, and XGB. For this purpose, both balanced and imbalanced datasets have been used to measure the performance of the models in terms of accuracy and AUC. Based on the analysis, we can say that RF and XGB had the perfect score, 1.0000, in the accuracy and AUC, but since XGB ended with the lowest Brier Score which indicates the highest reliability. MLP achieved an accuracy of 99.93%, SVC an accuracy of 97.65% and KNN an accuracy of 97.87%, which was the next best performers after RF and XGB. These results are consistent with the validity of SDNs as a platform for RF and XGB techniques in detecting DDoS attacks and highlights the importance of balanced datasets for improving detection against generative cyber attacks that are continually evolving.