DDoS Attack Detection Based on One-Class SVM in SDN

Software Defined Networking (SDN) is a new type of network architecture, which provides an important way to implement automated network deployment and flexible management. However, security problems in SDN are also inevitable. DDoS attack belongs to one of the most serious attack types, which is fairly common for today’s Internet. In SDN security fields, DDoS attack detection research has been received more and more attention. In this paper, a DDoS attack detection method based on one-class SVM in SDN is proposed, which provides a better detection accuracy. Furthermore, two new feature vectors, including middle value of flow table item’s duration and protocol data traffic percentage, are extracted to integrate into the item of 11 feature vectors. Additionally, basing on selection and construction method of the 11 feature vectors, a DDoS attack behavior model is established by using one-class SVM algorithm, and the self-adaptation genetic algorithm is designed to optimize the corresponding parameters of the Gaussian kernel of one-class SVM. The experimental results in SDN show that, the proposed new feature vectors are shown to more better detection accuracy, and the proposed method is more feasible by comparing with the BP neural network and RBF neural network algorithms under the same 11 features vectors.