DDoS Attack Detection System Using Semi-supervised Machine Learning in SDN
thesisposted on 23.05.2021, 18:39 by Mohamed Ahmed Azmi Etman
Distributed Denial of Service (DDoS) attacks is one of the most dangerous cyber-attack to Software Defined Networks (SDN). It works by sending a large volume of fake network traffic from multiple sources in order to consume the network resources. Among various DDoS attacks, TCP SYN flooding attack is one of the most popular DDoS attacks. In this attack, the attacker sends large amounts of half-open TCP connections on the targeted server in order to exhaust its resources and make it unavailable. SDN architecture separates the control plane and data plane. This separation makes it easier to the controller to program and manage the entire network from single device to make better decisions than when the control is distributed among all the switches. These features will be utilized in this thesis to implement our detection system. Researchers have proposed many solutions to better utilize SDN to detect DDoS attacks, however, it is still a very challenging problem for quick and precise detection of this kind of attacks. In this thesis, we introduce a novel DDoS detection system based on semi-supervised algorithm with Logistic Regression classifier. The algorithm is implemented as a software module on POX SDN controller. We have conducted various test scenarios, comparing it with the traditional approach in the literature. The approach presented in this thesis manages to have a better attack detection rate with a lower reaction time.