Toward Robust SDN Architectures: A Machine Learning Approach to DDoS Detection
DOI:
https://doi.org/10.62019/avvrmh24Abstract
This paper offers an extensive exploration of Distributed Denial of Service (DDoS) attacks targeting Software-Defined Networking (SDN) environments and their centralized controller vulnerability. Based on a virtual testbed developed using Mininet and Ryu controller, different DDoS attacks, i.e., SYN, UDP, and ICMP floods, were simulated to check their effect on SDN performance indicators like CPU utilization, latency, throughput, and saturation of the flow table. Tests indicated that SYN flood attacks put the controller under most stress, generating excessive Packet_In messages, 100% CPU spikes, and extreme packet loss. UDP floods caused link saturation and even higher packet loss from stateless operation. ICMP floods had lesser but still significant impact on performance. In order to mitigate these vulnerabilities, the research employed a machine learning-based detection model that was trained on traffic logs-extracted features. Six supervised models were compared, with XGBoost having the best accuracy (98.2%), then Random Forest and Neural Networks. Inter-arrival time, flag count, and bytes per second were discovered to be the key indicators of malicious behavior. The results identify the need for embedding smart, real-time detection systems into SDN frameworks in order to achieve network robustness and lay the foundation for active DDoS mitigation techniques.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Khaliq Ahmed, Khalid bin Muhammad, Ali Ahmad Siddiqui, Abdul Khaliq
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
How to Cite
