A framework to detect DDoS attack in Ryu controller based software defined networks using feature extraction and classification

Software Defined Network(SDN) is an emerging network architecture and is being used in many IT industries and academia. Its popularity in the present age has attracted many attacks in SDN. Distributed Denial of Service(DDoS) attack is a common issue in the domain of network security. In this work, DDoS attack detection is done using feature extraction and classification from the live traffic of SDN. An effective feature extraction mechanism will not only help in filtering the most suitable task-relevant data but also improve the performance of machine learning algorithms. To identify the best performing classifier with these extracted features, some well-known classifiers namely Support Vector Machine (SVM), Random Forest(RF), K-Nearest Neighbor, eXtreme Gradient Boosting(XGBoost) and Naive Bayes(NB) are trained and tested with the extracted features. It is found that SVM is outperforming other classifiers under some performance measuring metrics namely accuracy, precision, recall, False Alarm Rate(FAR),F1 value, and AUC value. Also, its performance is better than some other state-of-the art works so, it is selected for deployment in the SDN controller which can detect the attack in live traffic.