IEEE Access (Jan 2024)

An Unsupervised Generative Adversarial Network System to Detect DDoS Attacks in SDN

  • Daniel M. Brandao Lent,
  • Vitor G. da Silva Ruffo,
  • Luiz F. Carvalho,
  • Jaime Lloret,
  • Joel J. P. C. Rodrigues,
  • Mario Lemes Proenca

DOI
https://doi.org/10.1109/ACCESS.2024.3402069
Journal volume & issue
Vol. 12
pp. 70690 – 70706

Abstract

Read online

Network management is a crucial task to maintain modern systems and applications running. Some applications have become vital for society and are expected to have zero downtime. Software-defined networks is a paradigm that collaborates with the scalability, modularity and manageability of systems by centralizing the network’s controller. However, this creates a weak point for distributed denial of service attacks if unprepared. This study proposes an anomaly detection system to detect distributed denial of service attacks in software-defined networks using generative adversarial neural networks with gated recurrent units. The proposed system uses unsupervised learning to detect unknown attacks in an interval of 1 second. A mitigation algorithm is also proposed to stop distributed denial-of-service attacks from harming the network’s operation. Two datasets were used to validate this model: the first developed by the computer networks study group Orion from the State University of Londrina. The second is a well-known dataset: CIC-DDoS2019, widely used by the anomaly detection community. Besides the gated recurrent units, other types of neurons are also tested in this work, they are: long short-term memory, convolutional and temporal convolutional. The detection module reached an F1-score of 99@ in the first dataset and 98@ in the second, while the mitigation module could drop 99@ of malicious flows in both datasets.

Keywords