Detecting DDoS based on attention mechanism for Software-Defined Networks

In this paper, we propose a deep learning model based on a novel Divide and Conquer Attention (DCA) mechanism, for efficient detection of Distributed Denial of Service (DDoS) attacks in a virtual Software Defined Networking(SDN) environment. DDoS is a cyber-attack that depletes the resources of the target victim through excessive traffic attacks, preventing users from using the server normally. As network infrastructure evolves, the threat of cyber-attacks such as DDoS is increasing, and DDoS attack methods are also becoming very diverse. DDoS attacks are more dangerous in SDN because a failure occurring in the SDN controller paralyzes the entire network managed by the controller and has recently received a lot of attention. Therefore, our proposed DCA based detection model learns complex attack patterns and network traffic, providing enhanced detection. The DCA based detection model that focuses on various functions of network traffic based on importance provides a better understanding of abnormal behavior patterns. Our results obtained from virtual network attack scenario experiments with Open Network Operating System (ONOS) SDN controller and Mininet network simulator show that DCA based model outperforms traditional machine learning methods and other deep learning models. Then, we conduct performance evaluations against various recent deep learning -based network analysis studies to provide various advantages for the utilization of DCA based detection model.