Machine learning assisted snort and zeek in detecting DDoS attacks in software-defined networking

A new network architecture called the Software-Defined Network (SDN) gives next-generation networks a more flexible and efficiently controlled network architecture. Using the programmable central controller design, network supervisors may easily supervise and manage the entire infrastructure. However, due to its centralized structure, SDN has been a target of various attack vectors. The most successful attack method against the SDN among these has been Distributed Denial of Service (DDoS). Therefore, this study proposes a snort and Zeek enabled with machine learning (ML) based model to classify the benign traffic from DDoS attack traffic. This study main contribution is the discovery of new features for DDoS attack detection, which made it difficult to distinguish authorized traffic from attack traffic when spread across so many points of origin. Using the ML-based enabled RYU controller with SNORT and ZEEK created fewer false positives and a smaller variety of true positives per attack than the existing methods. The processing time of ML-based enabled with SNORT and ZEEK on the real-time testbed is better contrasted to the existing methods. Using the open resource technologies offered a far better understanding of cyber safety and its benefits from the readily available programs to construct a solid network keeping an eye on the traffic. © The Author(s), under exclusive licence to Bharati Vidyapeeth's Institute of Computer Applications and Management 2023.