SDN BASED DDoS DETECTION USING TEMPORAL CONVOLUTIONAL NETWORK

Abstract

Software-Defined Networking (SDN) is an emerging network architecture to overcome the weaknesses of traditional networks. The main goal of SDN is to separate the control and data planes and make network management more effortless. The network intelligence is log ically separated and centralized at the control layer. Distributed Denial-of-Service (DDoS) is one of the most prevalent and sophisticated threats. DDoS attack attempts to disrupt the available services of a target machine by sending massive malicious requests from a large number of hacked computers called botnets. Accurate detection and prevention of DDoS attacks are necessary to protect network systems. In this work, we propose and demonstrate the design, implementation, and testing of detecting DDoS attacks using a Temporal Con volutional Network (TCN). The proposed TCN model is evaluated using the DDoS attack SDN dataset. Feature Selection is made using Neighboring Component Analysis (NCA) and XGBoost feature selection. The performance of the TCN model is compared to other state-of-the-art Machine Learning and Deep Learning techniques. The supervised Machine Learning algorithms used for the comparison are Logistic Regression, Gaussian Naive Bayes, SVM, Gradient Boosting, and XGBoost with Auto Encoder extracted features. The Deep Learning techniques used for DDoS detection in an SDN environment are DNN, CNN, LSTM, BiLSTM and Tab Net. The experimental result shows that tree-based classifiers such as Gra dient Boosting and XGBoost perform very well in the case of supervised Machine Learning algorithms. The Deep Learning algorithms significantly improve the performance of DDoS detection. TCN model outperforms all other models and gives the best accuracy of 99.48 %. The TCN model with XGBoost feature selection improves the performance of the model and yields 99.57 % accuracy. The results are validated using another comprehensive SDN dataset called INSDN dataset. The TCN model gives 99.98 % accuracy in the INSDN dataset and implies that TCN performs very well in both datasets. We obtained a definite improvement in DDoS detection compared to other benchmarking methods. TCN model with XGBoost feature selection offers much confidence in protecting SDN networks. In the initial experi ments silhouette score from K means clustering is used to analyze the similarities between the classes in the SDN DDoS attack dataset