Detection and Mitigation of DDOS Attack in SDN Environment Using Hybrid CNN-LSTM

Abstract

DDoS attacks, powered by botnets to flood network resources, pose a significant threat to traditional network setups. Software-Defined Networking (SDN) boosts network adaptability and programmability by separating the control and data planes. However, the centralized control in SDN can be a vulnerability, allowing attackers to exploit security flaws and launch DDoS attacks. These attacks overwhelm network controllers and switches, consuming bandwidth and server resources, and disrupting regular user access. In response to the threat, we've implemented an online SDN defence system designed to detect and counter such attacks. This system includes modules for both spotting anomalies and handling them. The anomaly detection model combines Convolutional Neural Network and Long Short-Term Memory (CNN-LSTM) techniques to effectively spot irregular traffic patterns. For mitigation, the model identifies abnormal traffic by implementing flow rule orders from the controller and traces back to the attacker via IP tracing. To measure our approach's effectiveness, we used various evaluation metrics like Accuracy, F-measure, Precision, Recall, ROC Curve, and Precision-Recall Curve. Our methodology displayed impressive results, achieving a 99.83% accuracy in multiclass classification and 99.17% accuracy in binary classification. In comparison with existing DDoS detection systems, our AI-driven mitigation techniques demonstrated their superiority. Overall, our research aims to streamline the detection and mitigation of DDoS attacks.