A hybrid deep learning model for multi-class DDoS detection in SDN networks

This paper, as an extended version of a communication presented at the ISIVC'2024 conference, deals with security issues in the software-defined networks (SDN); it introduces a Distributed Denial of Service (DDoS) detection system leveraging deep learning (DL) features. The main objective is to enhance SDN security by accurately classifying DDoS attacks, improving efficiency, particularly for zero-day attack detection, and enabling targeted mitigation strategies. Our contribution focuses on refining a hybrid DL model with a novel architecture that applies algorithms simultaneously to distinguish the normal SDN traffic and five carefully selected other classes covering various attack kinds, using an optimized CIC-DDoS2019 dataset for more efficient classification. Compared to the conference paper, the model has been reinforced by the use of attention mechanisms and transformer architectures in addition to layers' adjustments and hyper-parameters re-settings. Additionally, the previously used training and testing data have been combined and split into three sets: 70% for training, 15% for validation (continuous partial evaluation), and 15% for final testing. The resulting solution (hybrid DNN-LSTM) demonstrated continuous exponential improvement of validation accuracy during the training step, recording a higher value near 99% and achieving a final testing accuracy of 98.84%. The improved model is suitable for real-world SDN systems, with its deployment, potential challenges, and practical benefits discussed.