ONOS DDoS Defender: A Comparative Analysis of Existing DDoS Attack Datasets using Ensemble Approach

Software-Defined Networking (SDN) outperforms conventional networks in terms of programmability, management, flexibility, and efficiency. This is because SDN separates the control and data planes. The centralised control of devices aids in the prevention of Distributed Denial of Service (DDoS) attacks. The controller has a larger network perspective and has the ability to filter network traffic in order to detect harmful flows. The separation of the control and data planes provided benefits, but it is vulnerable to DDoS attacks. DDoS assaults are difficult to detect and resist in real-time. This is only possible if appropriate features for attack detection are chosen. We intend to employ feature selection methods such as BORUTA, IRelief, Random Forest, Information Gain and Chi-Square Test to obtain the most relevant features for DDoS detection. Moreover, we have devised a strategy to detect and mitigate DDoS attack using tracebacking approach through ONOS Flood Defender (OFD) Application. The application effectively detects different DDoS attack traffic using XGBoost and Multilayer Perceptron algorithms with 99% accuracy and least testing times without adding unnecessary load to the system and mitigates the attack in approximately 3.2 s using tracebacking approach. We have performed our experiment on four benchmark datasets CIC-DoS 2017, CIC-DDoS 2019, CIC-IDS 2018 and InSDN. We have evaluated the trade-off between detection accuracy and testing time in order to determine the most effective detection model for addressing DDoS attacks on SDN networks.