An Ensemble-based Machine Learning Framework for Advanced Distributed Denial of Service Attack Detection in Software Defined Networks
DOI:
https://doi.org/10.21928/uhdjst.v9n2y2025.pp184-197Keywords:
Software Defined Networking, Distributed Denial of Service, Machine Learning, Ensemble Models, Traffic ClassificationAbstract
Distributed Denial of Service (DDoS) attacks pose a significant threat to modern network architectures, especially Software Defined Networking (SDN) due to its centralized controller. This study proposes an advanced framework for DDoS attack identification and prediction using state-of-the-art machine learning (ML) techniques in an SDN architecture. A comprehensive dataset was generated through a two-stage traffic generation procedure, simulating attack and normal scenarios over a 6-day period, from which fifteen were extracted to characterize network behavior. Multiple classifiers including Gradient Boosting Ensemble methods such as LightGBM, XGBoost, CatBoost, and Gradient Boosting Decision Trees, as well as additional ensemble methods such as AdaBoost and Bagging were evaluated alongside with One-Class SVM and Bayesian Networks. They were trained and evaluated using rigorous cross-validation. The results demonstrate near-perfect performance of ensemble models, achieving up to 99.98% accuracy with outstanding precision, recall, and area under curve metrics. To achieve efficient mitigation, the detection mechanism is deployed on local web servers, and a certificate authority-based secure communication channel transmits malicious IPs to the SDN controller, enabling low-latency, scalable, and real-time DDoS attack mitigation. This paper discusses the promise of applying cutting-edge ML models to enhance the robustness of SDN infrastructures against sophisticated cyber-attacks and offers a template for further research in dynamic network defense strategies.
References
M. Al-Fayoumi and Q. Abu Al-Haija. “Capturing low-rate DDoS attack based on MQTT protocol in software defined-IoT environment”. Array, vol. 19, p. 100316, 2023.
M. B. Anley, A. Genovese, D. Agostinello and V. Piuri. “Robust DDoS attack detection with adaptive transfer learning”. Computers and Security, vol. 144, p. 103962, 2024.
X. Etxezarreta, I. Garitano, M. Iturbe and U. Zurutuza. “Software-defined networking approaches for intrusion response in industrial control systems: A survey”. International Journal of Critical Infrastructure Protection, vol. 42, p. 100615, 2023.
N. N. Josbert, M. Wei, P. Wang and A. Rafiq. “A look into smart factory for industrial IoT driven by SDN technology: A comprehensive survey of taxonomy, architectures, issues and future research orientations”. Journal of King Saud University - Computer and Information Sciences, vol. 36, no. 5, p. 102069, 2024.
K. K. Karmakar, V. Varadharajan, M. Hitchens, U. Tupakula and P. Sariputra. “A trust-aware openflow switching framework for software defined networks (SDN)”. Computer Networks, vol. 237, p. 110109, 2023.
L. Mhamdi and M. M. Isa. “Securing SDN: Hybrid autoencoder-random forest for intrusion detection and attack mitigation”. Journal of Network and Computer Applications, vol. 225, p. 103868, 2024.
A. T. Phu, B. Li, F. Ullah, T. Ul Huque, R. Naha, M. A. Babar and H. Nguyen. “Defending SDN against packet injection attacks using deep learning”. Computer Networks, vol. 234, p. 109935, 2023.
X. Qin, F. Jiang, X. Qin, L. Ge, M. Lu and R. Doss. “Cgan-based cyber deception framework against reconnaissance attacks in ICS”. Computer Networks, vol. 251, p. 110655, 2024.
Z. Chen, M. Simsek, B. Kantarci, M. Bagheri and P. Djukic. “Machine learning-enabled hybrid intrusion detection system with host data transformation and an advanced two-stage classifier”. Computer Networks, vol. 250, p. 110576, 2024.
U. B. Clinton, N. Hoque and K. Robindro Singh. “Classification of DDoS attack traffic on SDN network environment using deep learning”. Cybersecurity, vol. 7, no. 1, p. 23, 2024.
G. Srinivasa Rao, P. Santosh Kumar Patra, V. A. Narayana, A. Raji Reddy, G. N. V. Vibhav Reddy and D. Eshwar. “DDoSnet: Detection and prediction of DDoS attacks from realistic multidimensional dataset in IoT network environment”. Egyptian Informatics Journal, vol. 27, p. 100526, 2024.
J. Bhayo, S. A. Shah, S. Hameed, A. Ahmed, J. Nasir and D. Draheim. “Towards a machine learning-based framework for DDoS attack detection in software-defined IoT (SD-IoT) networks”. Engineering Applications of Artificial Intelligence, vol. 123, p. 106432, 2023.
U. H. Garba, A. N. Toosi, M. F. Pasha and S. Khan. “SDN-based detection and mitigation of DDoS attacks on smart homes”. Computer Communications, vol. 221, pp. 29-41, 2024.
R. Swami, M. Dave and V. Ranga. “IQR-based approach for DDoS detection and mitigation in SDN”. Defence Technology, vol. 25, pp. 76-87, 2023.
A. Hirsi, L. Audah, A. Salh, M. A. Alhartomi and S. Ahmed. “Detecting DDoS threats using supervised machine learning for traffic classification in software defined networking”. IEEE Access, vol. 12, pp. 166675-166702, 2024.
A. A. Alashhab, M. S. Zahid, B. Isyaku, A. A. Elnour, W. Nagmeldin, A. Abdelmaboud, T. A. A. Abdullah and U. D. Maiwada. “Enhancing DDoS attack detection and mitigation in SDN using an ensemble online machine learning model”. IEEE Access, vol. 12, pp. 51630- 51649, 2024.
H. M. Belachew, M. Y. Beyene, A. B. Desta, B. T. Alemu, S. S. Musa and A. J. Muhammed. “Design a robust DDoS attack detection and mitigation scheme in SDN-edge-IoT by leveraging machine learning”. IEEE Access, vol. 13, pp. 10194-10214, 2025.
Y. S. N. Fotse, V. K. Tchendji and M. Velempini. “Federated learning based DDoS attacks detection in large scale software-defined network”. IEEE Transactions on Computers, vol. 74, no. 1, pp. 101-115, 2025.
A. V. Songa and G. R. Karri. “An integrated SDN framework for early detection of DDoS attacks in cloud computing”. Journal of Cloud Computing, vol. 13, p. 64, 2024.
R. Abu Bakar, L. De Marinis, F. Cugini and F. Paolucci. “FTG-net-E: A hierarchical ensemble graph neural network for DDoS attack detection”. Computer Networks, vol. 250, p. 110508, 2024.
A. Ghorbanali and M. K. Sohrabi. “A comprehensive survey on deep learning-based approaches for multimodal sentiment analysis”. Artificial Intelligence Review, vol. 56, no. Suppl 1, pp. 1479-1512, 2023.
F. Nawshin, R. Gad, D. Unal, A. K. Al-Ali and P. N. Suganthan. “Malware detection for mobile computing using secure and privacy-preserving machine learning approaches: A comprehensive survey”. Computers and Electrical Engineering, vol. 117, p. 109233, 2024.
D. Han, H. Li and X. Fu. “Reflective distributed denial of service detection: A Novel Model utilizing binary particle swarm optimization—Simulated annealing for feature selection and gray wolf optimization-optimized LightGBM algorithm”. Sensors, vol. 24, no. 19, p. 6179, 2024.
R. Vaishali and S. M. Naik. “A Novel LightGBM-Bayesian Approach for DDoS Detection in SDN Environments”. In: 2024 Moratuwa Engineering Research Conference (MERCon). pp. 7-12. 2024.
N. Rozam and M. Riasetiawan. “XGBoost Classifier for DDoS attack detection in software defined network using sFlow protocol”. International Journal on Advanced Science, Engineering and Information Technology, vol. 13, pp. 718-725, 2023.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Aram Saleem, Hakem Beitollahi

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.