The Software-Defined Network (SDN) is a new network paradigm that promises more dynamic and efficiently manageable network architecture for new-generation networks. With its programmable central controller approach, network operators can easily manage and control the whole network. However, at the same time, due to its centralized structure, it is the target of many attack vectors. Distributed Denial of Service (DDoS) attacks are the most effective attack vector to the SDN. The purpose of this study is to classify the SDN traffic as normal or attack traffic using machine learning algorithms equipped with Neighbourhood Component Analysis (NCA). We handle a public “DDoS attack SDN Dataset” including a total of 23 features. The dataset consists of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) normal and attack traffics. The dataset, including more than 100 thousand recordings, has statistical features such as byte_count, duration_sec, packet rate, and packet per flow, except for features that define source and target machines. We use the NCA algorithm to reveal the most relevant features by feature selection and perform an effective classification. After preprocessing and feature selection stages, the obtained dataset was classified by k-Nearest Neighbor (kNN), Decision Tree (DT), Artificial Neural Network (ANN), and Support Vector Machine (SVM) algorithms. The experimental results show that DT has a better accuracy rate than the other algorithms with 100% classification achievement.
In computer networks, diverse applications generate network traffic with different characteristics. Network traffic classification is significant to manage networks better, improve service quality and ensure security. Software-Defined Networks (SDN) provides flexible and adaptable techniques for traffic classification with its programmable structure. SDN flows naturally exhibit particular characteristics of network applications and protocols. Therefore, it can be said that SDN can present significant opportunities in traffic classification using machine learning. This study proposes a traffic classification approach using machine learning models in SDN. In this study, DNS, Telnet, Ping and Voice traffic flows were created on the SDN using the Distributed Internet Traffic Generator (D-ITG) tool. Twelve-features representing these traffic flows (the number of packets transmitted, average transmission time, the number of instantly transmitted packets, etc.) were determined, and over the SDN controller in the physical network, a real-time dataset was created by collecting data depending on the features. Later, the performance of k Nearest Neighbor (k-NN), Support Vector Machine (SVM), Multi-Layer Perceptron (MLP), Decision Tree (DT) and Naive Bayes (NB) machine learning models were tested for traffic classification on this dataset. When the k-NN model was tested on this real-time dataset, its classification accuracy was obtained as the maximum with 99.4%. Therefore, this model has been determined as a machine learning giving the highest classification performance with the lowest cost flow features in traffic classification in SDN.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.