DDoS attack detection against SDN controller using a single traffic feature

Abstract

The most widely used southbound API of the software-defined network is the Open Flow protocol. Each flow in Open Flow has a set of packet-forwarding rules, which are referred to as flow entries. The switch processes packets in the SDN operation that meet the flow entries. The Packet that doesn't match any entries is transmitted as a Packet_in message to the Controller. Therefore, sending a lot of Packet in messages in a short amount of time could bring down the controller, and as a result, the entire network consequently resulting in to distributed denial of Service Attacks ( DDOS). This study uses the rate of Packet_in as a single feature, monitor, extract and utilize it to identify DDOS attacks in SDN using Random Fores classifier. The result shows 99.8% Accuracy which is slightly better than the work of [24] with 99.7%.