An Evolutionary SVM Model for DDOS Attack Detection in Software Defined Networks

Software-Defined Network (SDN) has become a promising network architecture in current days that provide network operators more control over the network infrastructure. The controller, also called as the operating system of the SDN, is responsible for running various network applications and maintaining several network services and functionalities. Despite all its capabilities, the introduction of various architectural entities of SDN poses many security threats and potential targets. Distributed Denial of Services (DDoS) is a rapidly growing attack that poses a tremendous threat to the Internet. As the control layer is vulnerable to DDoS attacks, the goal of this paper is to detect the attack traffic, by taking the centralized control aspect of SDN. Nowadays, in the field of SDN, various machine learning (ML) techniques are being deployed for detecting malicious traffic. Despite these works, choosing the relevant features and accurate classifiers for attack detection is an open question. For better detection accuracy, in this work, Support Vector Machine (SVM) is assisted by kernel principal component analysis (KPCA) with genetic algorithm (GA). In the proposed SVM model, KPCA is used for reducing the dimension of feature vectors, and GA is used for optimizing different SVM parameters. In order to reduce the noise caused by feature differences, an improved kernel function (N-RBF) is proposed. The experimental results show that compared to single-SVM, the proposed model achieves more accurate classification with better generalization. Moreover, the proposed model can be embedded within the controller to define security rules to prevent possible attacks by the attackers.