Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model

Abdussalam Ahmed Alashhab; Mohd Soperi Zahid; Babangida Isyaku; Asma Abbas Elnour; Wamda Nagmeldin; Abdelzahir Abdelmaboud; Talal Ali Ahmed Abdullah; Umar Danjuma Maiwada

doi:10.1109/ACCESS.2024.3384398

IEEE Access (Jan 2024)

Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model

Abdussalam Ahmed Alashhab,
Mohd Soperi Zahid,
Babangida Isyaku,
Asma Abbas Elnour,
Wamda Nagmeldin,
Abdelzahir Abdelmaboud,
Talal Ali Ahmed Abdullah,
Umar Danjuma Maiwada

Affiliations

Abdussalam Ahmed Alashhab: ORCiD; Department of Computer Science, Faculty of Information Technology, Alasmarya Islamic University, Zliten, Libya
Mohd Soperi Zahid: ORCiD; Department of Computer and Information Science, Universiti Teknologi PETRONAS, Seri Iskandar, Malaysia
Babangida Isyaku: ORCiD; Department of Computer Science, Faculty of Computing and Information Technology, Sule Lamido University, Kano, Jigawa, Nigeria
Asma Abbas Elnour: Computer Department, Applied College, Girls Section, King Khalid University, Muhayel, Aseer, Saudi Arabia
Wamda Nagmeldin: Department of Information Systems, College of Computer Engineering, Prince Sattam bin Abdulaziz University, Al-Kharj, Saudi Arabia
Abdelzahir Abdelmaboud: Humanities Research Center, Sultan Qaboos University, Seeb, Oman
Talal Ali Ahmed Abdullah: ORCiD; Department of Computer and Information Science, Universiti Teknologi PETRONAS, Seri Iskandar, Malaysia
Umar Danjuma Maiwada: ORCiD; Department of Computer and Information Science, Universiti Teknologi PETRONAS, Seri Iskandar, Malaysia

DOI: https://doi.org/10.1109/ACCESS.2024.3384398
Journal volume & issue: Vol. 12
pp. 51630 – 51649

Abstract

Read online

Software Defined Networks (SDN) offer dynamic reconfigurability and scalability, revolutionizing traditional networking. However, countering Distributed Denial of Service (DDoS) attacks remains a formidable challenge for both traditional and SDN-based networks. The integration of Machine Learning (ML) into SDN holds promise for addressing these threats. While recent research demonstrates ML’s accuracy in distinguishing legitimate from malicious traffic, it faces difficulties in handling emerging, low-rate, and zero-day DDoS attacks due to limited feature scope for training. The ever-evolving DDoS landscape, driven by new protocols, necessitates continuous ML model retraining. In response to these challenges, we propose an ensemble online machine-learning model designed to enhance DDoS detection and mitigation. This approach utilizes online learning to adapt the model with expected attack patterns. The model is trained and evaluated using SDN simulation (Mininet and Ryu). Its dynamic feature selection capability overcomes conventional limitations, resulting in improved accuracy across diverse DDoS attack types. Experimental results demonstrate a remarkable 99.2% detection rate, outperforming comparable models on our custom dataset as well as various benchmark datasets, including CICDDoS2019, InSDN, and slow-read-DDoS. Moreover, the proposed model undergoes comparison with industry-standard commercial solutions. This work establishes a strong foundation for proactive DDoS threat identification and mitigation in SDN environments, reinforcing network security against evolving cyber risks.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords