Machine Learning-based Distributed Denial of Service Attacks Detection Technique using New Features in Software-defined Networks

Full Text (PDF, 289KB), PP.15-27

Views: 0 Downloads: 0


Waheed G. Gadallah 1,* Nagwa M. Omar 1 Hosny M. Ibrahim 1

1. Faculty of Computers and Information, Assiut University, Assiut, Egypt

* Corresponding author.


Received: 29 Jan. 2021 / Revised: 20 Feb. 2021 / Accepted: 7 Mar. 2021 / Published: 8 Jun. 2021

Index Terms

Software-Defined Networking, Distributed Denial of Service, Machine Learning, Support Vector Machine


Software-Defined Networking is a new network architecture that separates control and data planes. It has central network control and programmability facilities, so it improves manageability, scaling, and performance. However, it may suffer from creating a single point of failure against the controller, which represents the network control plane. So, defending the controller against attacks such as a distributed denial of service attack is a valuable and urgent issue. The advances of this paper are to implement an accurate and significant method to detect this attack with high accuracy using machine learning-based algorithms exploiting new advanced features obtained from traffic flow information and statistics. The developed model is trained with kernel radial basis function. The technique uses advanced features such as unknown destination addresses, packets inter-arrival time, transport layer protocol header, and type of service header. To the best knowledge of the authors, the proposed approach of the paper had not been used before. The proposed work begins with generating both normal and attack traffic flow packets through the network. When packets reach the controller, it extracts their headers and performs necessary flow calculations to get the needed features. The features are used to create a dataset that is used as an input to linear support vector machine classifier. The classifier is used to train the model with kernel radial basis function. Methods such as Naive Bayes, K-Nearest Neighbor, Decision Tree, and Random Forest are also utilized and compared with the SVM model to improve the detection operation. Hence, suspicious senders are blocked and their information is stored. The experimental results prove that the proposed technique detects the attack with high accuracy and low false alarm, compared to other related techniques.

Cite This Paper

Waheed G. Gadallah, Nagwa M. Omar, Hosny M. Ibrahim, "Machine Learning-based Distributed Denial of Service Attacks Detection Technique using New Features in Software-defined Networks", International Journal of Computer Network and Information Security(IJCNIS), Vol.13, No.3, pp.15-27, 2021. DOI: 10.5815/ijcnis.2021.03.02


[1] Barabash, Oleg and Kravchenko, Yuri and Mukhin, Vadym and Kornaga, Yaroslav and Leshchenko, Olga, "Optimization of Parameters at SDN Technologie Networks., " International Journal of Intelligent Systems \& Applications, vol. 9, no. 9, 2017.

[2] A. Abdou, P. C. van Oorschot and T. Wan, "Comparative Analysis of Control Plane Security of SDN and Conventional Networks," IEEE Communications, vol. 20, pp. 3542-3559, 2018.

[3] Open Vswitch. 2018, [Online]. Available at:

[4] J. van, L. M. van Adrichem and A. Kuipers, "Scalability and Resilience of Software-Defined Networking: An Overview," arXiv preprint, 2014.

[5] H. Zhang, Z. Cai , Q. Liu , Q. Xiao, Y. Li, and C. F. Cheang , "A Survey on Security-Aware Measurement in SDN," Security and Communication Networks, 2018.

[6] S. Mousavi and M. St-Hilaire, "Early detection of DDoS attacks against SDN controllers," International Conference on Computing, Networking and Communications, pp. 77—81, 2015.

[7] C. Douligeris and A. Mitrokotsa, "DDOS attacks and defense mechanisms: classification and state-of-the-art," Computer Networks 44, vol. 44, pp. 643-666, 2004.

[8] L. Barki, A. Shilling, N. Meti, Narayan and M. M. Mulla, "Detection of Distributed Denial of Service Attacks in Software Defined Networks, " Intl. Conference on Advances in Computing, Communications and Informatics, pp. 2576-2581, 2016.

[9] N. Z. Bawany, J. A. Shamsi, and K. Salah, "DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions," Arab J Sci Eng, vol. 42, pp. 425–441, 2017.

[10] Classification Algorithms in Machine Learning. 2018, [online]. Available at:

[11] Seyyid Ahmed Medjahed, Mohammed Ouali, Tamazouzt Ait Saadi, Abdelkader Benyettou,"An Optimization-Based Framework for Feature Selection and Parameters Determination of SVMs", International Journal of Information Technology and Computer Science, vol.7, no.5, pp.1-9, 2015.

[12] J. Ashraf, and S. Latif, "Handling intrusion and DDoS attacks in software-defined networks using machine learning techniques, " IEEE National Software Engineering Conference, pp. 55-60, 2014.

[13] Y. XU, H. SUN, F. XIANG, AND Z. SUN "Efficient DDoS Detection Based on K-FKNN in Software Defined Networks," IEEE Access, vol.7, pp. 160536 - 160545, 2019.

[14] Wang, Tao and Chen, Hongchang, "SGuard: A lightweight SDN safe-guard architecture for DoS attacks," IEEE China Communications, vol. 14, pp. 113-125, 2017.

[15] Han, Tao and Jan, S. R. Ullah, Z. Tan, "A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers," Concurrency and Computation: Practice and Experience 32, vol. 32, 2020.

[16] Latah, Majd and Toker, Levent, "A novel intelligent approach for detecting DoS flooding attacks in software-defined networks," International Journal of Advances in Intelligent Informatics, 2018.

[17] H. Peng, Z. Sun, X. Zhao, S. Tan, and Z. Sun, "A detection method for anomaly flow in software defined network," IEEE Access, vol. 6, pp. 27809 - 27817, 2018.

[18] C. Xu, Hui , Y. Wu, X. Guo, and W. Lin, “An SDNFV-Based DDoS Defense Technology for Smart Cities,” IEEE Access, vol. 7, pp. 137856 - 137874, 2019.

[19] Polat, Huseyin and Polat, Onur and Cetin, Aydin, "Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning," Sustainability, vol. 12, p.1035, 2020.

[20] Novaes, Matheus P and Carvalho, Luiz F and Lloret, Jaime and Proen{\c{c}}a, Mario Lemes. 2020. Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment. IEEE Access, vol. 8, pp. 83765--83781

[21] Ujjan, Raja Majid Ali and Pervez, Zeeshan and Dahal, Keshav and Bashir, Ali Kashif and Mumtaz, Rao and Gonz{\'a}lez, J. 2020. Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Elsevier’s Future Generation Computer Systems, vol. 111, pp. 763--779

[22] Ali, Sarwan and Alvi, Maria Khalid and Faizullah, Safi and Khan, Muhammad Asad and Alshanqiti, Abdullah and Khan, Imdadullah. 2020. Detecting ddos attack on sdn due to vulnerabilities in openflow. IEEE 2019 International Conference on Advances in the Emerging Computing Technologies (AECT), pp. 1-6.

[23] 35 Types of DDoS Attacks Explained. 2018, [online]. Available at:

[24] The Mathematics Behind Support Vector Machine Algorithm (SVM). 2018, [online]. Available at:

[25] Thuy Nguyen Thi Thu, Vuong Dang Xuan, "Supervised Support Vector Machine in Predicting Foreign Exchange Trading", International Journal of Intelligent Systems and Applications, Vol.10, No.9, pp.48-56, 2018. 

[26] Mahmood Z. Abdullah, Nasir A. Al-awad, Fatima W. Hussein, " Evaluating and Comparing the Performance of Using Multiple Controllers in Software Defined Networks", International Journal of Modern Education and Computer Science, Vol.11, No.8, pp. 27-34, 2019.

[27] T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, S. Shenker, N. Gude, "NOX: Towards an Operating System for Networks," Computer Communication Review, vol. 38, pp. 105-110, 2008.

[28] Mininet. 2018, [Online]. Available at:

[29] Scapy. 2018, [Online]. Available at: