Detecting and mitigating the distributed denial of service attacks in software defined networks using machine learning approach - the integrated random forest and K-nearest neighbours classifiers

Abstract

Distributed Denial of Service (DDoS) attacks present substantial risks to network availability and stability, especially within the realm of Software Defined Networks (SDNs). Inventive and efficient detection and mitigation methods become imperative to counter the continuously evolving nature of these attacks. SDN is characterized by its dynamic and programmable nature and is susceptible to DDoS attacks that can disrupt network operations. Traditional methods for detecting and mitigating DDoS attacks in SDNs may not be sufficient due to the evolving nature of these attacks. The research aims to develop a more effective and adaptive solution by using the Random Forest (RF) and k-Nearest Neighbours (KNN) machine learning algorithms. This approach seeks to enhance the accuracy, speed, and resilience of DDoS detection and mitigation in SDN networks. The research aims to address the pressing need for robust DDoS detection and mitigation mechanisms in SDNs by harnessing the power of machine learning, through the integration of RF and KNN and improving the KNN model. This approach is motivated by the evolving threat landscape, the unique challenges posed by SDN environments, and the potential for advanced machine learning techniques to enhance network security. Furthermore, the research objective is to enhance the K-Nearest Neighbors (KNN) classification algorithm. By looking deep into KNN and addressing its limitations, this study seeks to refine and optimize the algorithm's performance for various real-world applications. Through a systematic exploration of parameter tuning, feature engineering, and innovative techniques, this research aims to provide a more accurate and efficient KNN classifier. This study investigates the utilization of a machine learning approach, specifically Random Forest and K-Nearest Neighbours classifiers, to identify and counteract Distributed Denial of Service (DDoS) attacks in Software Defined Networks (SDNs). The research commences by exploring the fundamental concepts of SDNs and DDoS attacks, highlighting their interplay and the unique challenges they pose to network availability and stability. The methodology for the study typically involves steps such as Data Collection (gathering network traffic data from SDN, including both normal and potentially malicious traffic.), Data Preprocessing (Clean and preprocess the collected data to remove noise, handle missing values, and normalize features), Feature Engineering: Identify relevant features or attributes in the network traffic data that can help distinguish between normal and DDoS attack traffic. By following the methodology presented in this study, we can systematically investigate the feasibility and efficacy of the proposed approach for detecting and mitigating DDoS attacks in SDN. A comprehensive review of existing literature is conducted to understand the state-of- the-art techniques employed for DDoS detection and mitigation, with an emphasis on machine learning approaches. Expanding on the current understanding of mitigation against attacks, this thesis suggests employing Random Forest and K-Nearest Neighbours classifiers to improve the precision and effectiveness of DDoS detection in SDN environments. The proposed framework utilizes the ensemble learning abilities of Random Forest to address the challenges posed by the complex and diverse network traffic features, while the K-Nearest Neighbours algorithm offers the necessary flexibility and prompt decision-making for timely mitigation. To evaluate the proposed model, extensive experiments are conducted using a realistic SDN simulator and diverse DDoS attack scenarios. Multiple performance metrics, including accuracy of detection, rate of false positives, and response time, are assessed and compared to alternative methods. The results demonstrate the superiority of the Random Forest and K-Nearest Neighbours classifiers in detecting and mitigating DDoS attacks effectively, efficiently, and with minimal impact on legitimate traffic. In conclusion, this study shows that the improved KNN algorithm with a n_neighbours value of 2 has a higher accuracy rate compared to the Decision Tree classifier. Furthermore, this research explores the challenges and limitations associated with the proposed model and provides insights for further improvements. This dissertation makes a valuable contribution to the domain of network security by introducing a novel methodology that employs machine learning techniques to identify and counteract DDoS attacks in SDNs. The model presented not only enhances the precision of attack detection but also diminishes response time, empowering network administrators to safeguard their SDN infrastructure against intricate and evolving DDoS attacks effectively.