Federated Learning-Based Solution for DDoS Detection in SDN

One major threat to Software Defined Network (SDN) environments and other computing systems is Distributed Denial of Service (DDoS) attacks. For the longest time, conventional Machine Learning (ML) techniques have been used for DDoS detection, but they have limitations because of their centralised training requirements, which can lead to excessive bandwidth utilization, increased latency, and server overhead. Moreover, end-user data privacy and confidentiality are jeopardised by transferring the data to a central server. We present Federated Learning (FL) as a way to counteract DDoS attacks in SDN. FL reduces the need for centralised servers and lessens the limitations of conventional ML techniques by enabling decentralised training of ML models on distributed devices. FL lowers the possibility of data breaches and protects the privacy of sensitive data by training models locally on devices. We used FL to train three classifiers: Deep Neural Networks (DNN), Convolutional Neural Networks (CNN), and Long Short-Term Memory (LSTM) to classify three classes of DDoS attacks, namely: UDP Flood, TCP SYN, and DNS Flood. The results demonstrate how well our FL models perform and how they can replace centralized and conventional methods for identifying DDoS attacks in SDN environments while protecting the privacy of users.