Identification of attacks on Software defined network Using machine learning approach

Abstract

SDN is a communication technology defined by a software program that manages network newlinetraffic routing and configuration. In contrast, the current network architecture controls traffic newlineby configuring the various network elements remotely. The SDN architecture is centralized in newlinenature such that data plane and control plane within a networking device are segregated. The newlinecontrol plane can be thought of as the mind of the network whereas the data plane is adhering to newlinethe controller s decisions. Examples of SDN controllers include FloodLight, Ryu, Pox, Open- newlineDayLight, Nox, etc. which are open source and incorporate a set of APIs for building network newlineapplications. newlineMany researchers have worked on the detection of attacks and the categorizing of network newlinetraffic into benign and malicious categories. Existing DDOS attack detection research newlineis based on threshold-based detection on the count of incomplete connections made, the number newlineof queries made per user, traffic rate, and the total time of flow duration. Other techniques newlineinclude computing the feature tensors for the construction of benign and malicious vectors and newlinecomparing these vectors to a threshold parameter for attack detection. Other techniques include newlinethe use of a Markov model on a network graph, a tensor-based technique for calculating the newlineentropy of TCP layer attributes, randomness in different traffic features (such as Destination IP newlineaddress, Source IP address, Protocol type, TCP flags, Destination Port, Source Port, and Packet newlinesize) and Machine learning (ML) based approaches. The techniques discussed above detect attacks newlineby comparing a specific value as in threshold-based approach, which is impractical in a newlinelarge network. Some of them trained the deep learning model on a traditional dataset which newlineare not created in SDN environment. The detection method employed is computationally timeconsuming, newlineand the experimental setup is not adequately described. newline