OML-SDN: Detection of DDoS attacks in SDN using Optimized Machine Learning Methods


  • Konda Srikar Goud Department of CSE, GITAM School of Technology, GITAM University, Andhra Pradesh, INDIA
  • Srinivasa Rao Giduturi Department of CSE, GITAM School of Technology, GITAM University, Andhra Pradesh, INDIA


DDoS, Feature Selection, PSO, RBF Kernel, SDN, SVM


Software-Defined Networks (SDN) is a new technology that allows for future networks' dynamic and efficient design. It redefines the term "network" by allowing network components to be programmed. As a result, network operators can design and control the entire network using the centralized, programmable console architecture. Furthermore, SDN enables network engineers to monitor and control their networks centrally, detecting malicious traffic and link failures. Despite the network's resilience and global visibility, SDN's control plane remains vulnerable to a wide range of security threats, including Distributed Denial of Service (DDoS) attacks, which can render the entire network inaccessible. This study proposes a machine learning-based framework for detecting attack traffic in a centralized SDN environment to address these shortcomings. Kernel Principal Component Analysis (KPCA) is used in this study to reduce the dimensionality of the feature space and Particle Swarm Optimization (PSO) to optimize various SVM parameters. A simplified kernel (s-RBF) was introduced to reduce noise caused by feature differences and increases reliability. We used a weighted support vector machine (WSVM) with PSO. The proposed KPCA-WSVM-PSO model, when compared to other classifiers, achieves the highest attack detection rate, according to the experimental data. We can implement the proposed framework into the SDN control plane to reduce the attacks.


Download data is not yet available.


Cui, Yunhe, Qing Qian, Chun Guo, Guowei Shen, Youliang Tian, Huanlai Xing, and Lianshan Yan. "Towards DDoS detection mechanisms in software-defined networking."Journal of Network and Computer Applications 190 (2021): 103156.

Palmieri, Francesco. "Network anomaly detection based on logistic regression of nonlinear chaotic invariants."Journal of Network and Computer Applications 148 (2019): 102460.

da Silva, Anderson Santos, Juliano Araujo Wickboldt, Lisandro Zambenedetti Granville, and Alberto Schaeffer-Filho. "ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN." In NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, pp. 27-35. IEEE, 2016.

Niyaz, Quamar, Weiqing Sun, and Ahmad Y. Javaid. "A deep learning based DDoS detection system in software-defined networking (SDN)."arXiv preprint arXiv:1611.07400 (2016).

Santos, Reneilson, Danilo Souza, Walter Santo, Admilson Ribeiro, and Edward Moreno. "Machine learning algorithms to detect DDoS attacks in SDN."Concurrency and Computation: Practice and Experience 32, no. 16 (2020): e5402.

Myint Oo, Myo, Sinchai Kamolphiwong, Thossaporn Kamolphiwong, and Sangsuree Vasupongayya. "Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN)."Journal of Computer Networks and Communications 2019 (2019).

Cui, Yunhe, Lianshan Yan, Saifei Li, Huanlai Xing, Wei Pan, Jian Zhu, and Xiaoyang Zheng. "SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks."Journal of Network and Computer Applications 68 (2016): 65-79.

Octopress, Mininet emulation Software, 2018. (Accessed 19 July 2008).

Goud, Konda Srikar, and Srinivasa Rao Gidituri. "Security Challenges and Related Solutions in Software Defined Networks: A Survey."

Wang, Bing, Yao Zheng, Wenjing Lou, and Y. Thomas Hou. "DDoS attack protection in the era of cloud computing and software-defined networking."Computer Networks 81 (2015): 308-319.

Latah, Majd, and Levent Toker. "Towards an efficient anomaly‐based intrusion detection for software‐defined networks."IET networks 7, no. 6 (2018): 453-459.

Buragohain, Chaitanya, and Nabajyoti Medhi. "FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers." In 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519-524. IEEE, 2016.

Xie, Junfeng, F. Richard Yu, Tao Huang, Renchao Xie, Jiang Liu, Chenmeng Wang, and Yunjie Liu. "A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges."IEEE Communications Surveys & Tutorials 21, no. 1 (2018): 393-430.

Shin, Seungwon, and Guofei Gu. "Attacking software-defined networks: A first feasibility study." In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 165-166. 2013.

Perez-Diaz, Jesus Arturo, Ismael Amezcua Valdovinos, Kim-Kwang Raymond Choo, and Dakai Zhu. "A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning."IEEE Access 8 (2020): 155859-155872.

Sahoo, Kshira Sagar, Bata Krishna Tripathy, Kshirasagar Naik, Somula Ramasubbareddy, Balamurugan Balusamy, Manju Khari, and Daniel Burgos. "An evolutionary SVM model for DDOS attack detection in software defined networks."IEEE Access 8 (2020): 132502-132513.

Kyaw, Aye Thandar, May Zin Oo, and Chit Su Khin. "Machine-Learning Based DDOS Attack Classifier in Software Defined Network." In 2020 17th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), pp. 431-434. IEEE, 2020.

Janarthanam, S., N. Prakash, and M. Shanthakumar. "Adaptive learning method for DDoS attacks on software defined network function virtualization."EAI Endorsed Transactions on Cloud Systems 6, no. 18 (2020).

Tan, Liang, Yue Pan, Jing Wu, Jianguo Zhou, Hao Jiang, and Yuchuan Deng. "A new framework for DDoS attack detection and defense in SDN environment."IEEE Access 8 (2020): 161908-161919.

Wang, Lu, and Ying Liu. "A DDoS attack detection method based on information entropy and deep learning in SDN." In 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp. 1084-1088. IEEE, 2020.

Deepa, V., K. Muthamil Sudar, and P. Deepalakshmi. "Design of ensemble learning methods for DDoS detection in SDN environment." In 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN), pp. 1-6. IEEE, 2019.

Karan, B.V.; Narayan, D.G.; Hiremath, P.S. Detection of DDoS Attacks in Software Defined Networks. In Proceedings of the 2018 3rd International Conference on Computational Systems and Information Technology for Sustainable Solutions (CSITSS), Bengaluru, India, 20–22 December 2018; pp. 265–270.

Cil, Abdullah Emir, Kazim Yildiz, and Ali Buldu. "Detection of DDoS attacks with feed forward based deep neural network model."Expert Systems with Applications 169 (2021): 114520.

Nam, Tran Manh, Phan Hai Phong, Tran Dinh Khoa, Truong Thu Huong, Pham Ngoc Nam, Nguyen Huu Thanh, Luong Xuan Thang, Pham Anh Tuan, and Vu Duy Loi. "Self-organizing map-based approaches in DDoS flooding detection using SDN." In 2018 International Conference on Information Networking (ICOIN), pp. 249-254. IEEE, 2018.

Adhikary, Kaushik, Shashi Bhushan, Sunil Kumar, and Kamlesh Dutta. "Hybrid algorithm to detect DDoS attacks in VANETs."Wireless Personal Communications 114, no. 4 (2020): 3613-3634.

Hosseini, Soodeh, and Mehrdad Azizi. "The hybrid technique for DDoS detection with supervised learning algorithms."Computer Networks 158 (2019): 35-45.

Ujjan, Raja Majid Ali, Zeeshan Pervez, Keshav Dahal, Ali Kashif Bashir, Rao Mumtaz, and Jonathan González. "Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN."Future Generation Computer Systems 111 (2020): 763-779.

Ravi, Nagarathna, and S. Mercy Shalinie. "Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud architecture."IEEE Internet of Things Journal 7, no. 4 (2020): 3559-3570.

Yong, Binbin, Wei Wei, Kuan‐Ching Li, Jun Shen, Qingguo Zhou, Marcin Wozniak, Dawid Połap, and Robertas Damaševičius. "Ensemble machine learning approaches for webshell detection in Internet of things environments."Transactions on Emerging Telecommunications Technologies (2020): e4085.

Kushwah, Gopal Singh, and Virender Ranga. "Optimized extreme learning machine for detecting DDoS attacks in cloud computing."Computers & Security 105 (2021): 102260.

Damasevicius, Robertas, Algimantas Venckauskas, Sarunas Grigaliunas, Jevgenijus Toldinas, Nerijus Morkevicius, Tautvydas Aleliunas, and Paulius Smuikys. "LITNET-2020: An annotated real-world network flow dataset for network intrusion detection."Electronics 9, no. 5 (2020): 800.

Erhan, Derya, and Emin Anarım. "Boğaziçi University distributed denial of service dataset."Data in brief 32 (2020).

Rasool, Raihan Ur, Usman Ashraf, Khandakar Ahmed, Hua Wang, Wajid Rafique, and Zahid Anwar. "Cyberpulse: a machine learning based link flooding attack mitigation system for software defined networks."IEEE Access 7 (2019): 34885.

Ambrosin, Moreno, Mauro Conti, Fabio De Gaspari, and Radha Poovendran. "LineSwitch: Tackling control plane saturation attacks in software-defined networking."IEEE/ACM Transactions on Networking 25, no. 2 (2016): 1206-1219.

P. Illavarason and B. Kamachi Sundaram, "A Study of Intrusion Detection System using Machine Learning Classification Algorithm based on different feature selection approach," 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), 2019, pp. 295-299.

Tamilarasan, Ashwin, Srinivas Mukkamala, Andrew H. Sung, and Krishna Yendrapalli. "Feature ranking and selection for intrusion detection using artificial neural networks and statistical methods." In The 2006 IEEE International Joint Conference on Neural Network Proceedings, pp. 4754-4761. IEEE, 2006.

Stein, Gary, Bing Chen, Annie S. Wu, and Kien A. Hua. "Decision tree classifier for network intrusion detection with GA-based feature selection." In Proceedings of the 43rd annual Southeast regional conference-Volume 2, pp. 136-141. 2005.

Kuang, Fangjun, Weihong Xu, and Siyang Zhang. "A novel hybrid KPCA and SVM with GA model for intrusion detection." Applied Soft Computing 18 (2014): 178-184.

Li, Yinhui, Jingbo Xia, Silan Zhang, Jiakai Yan, Xiaochuan Ai, and Kuobin Dai. "An efficient intrusion detection system based on support vector machines and gradually feature removal method." Expert systems with applications 39, no. 1 (2012): 424-430.

Pascoal, Cláudia, M. Rosário Oliveira, António Pacheco, and Rui Valadas. "Theoretical evaluation of feature selection methods based on mutual information." Neurocomputing 226 (2017): 168-181.

Koc, Levent, Thomas A. Mazzuchi, and Shahram Sarkani. "A network intrusion detection system based on a Hidden Naïve Bayes multiclass classifier." Expert Systems with Applications 39, no. 18 (2012): 13492-13500.

Kennedy, James, and Russell Eberhart. "Particle swarm optimization." In Proceedings of ICNN'95-international conference on neural networks, vol. 4, pp. 1942-1948. IEEE, 1995.

Ahuja, Nisha, Gaurav Singal, and Debajyoti Mukhopadhyay. "DDOS attack SDN dataset."Mendeley Data 1 (2020).

Yang, L. ., & Daimin, G. . (2023). Children’s Perspective on Digital Picure Book: A Brief Analysis . International Journal on Recent and Innovation Trends in Computing and Communication, 11(3), 166–177.

Mohammad Hassan, Machine Learning Techniques for Credit Scoring in Financial Institutions , Machine Learning Applications Conference Proceedings, Vol 3 2023.

Raghavendra, S., Dhabliya, D., Mondal, D., Omarov, B., Sankaran, K.S., Dhablia, A., Chaudhury, S., Shabaz, M. Retracted: Development of intrusion detection system using machine learning for the analytics of Internet of Things enabled enterprises (2023) IET Communications, 17 (13), pp. 1619-1625.




How to Cite

Goud, K. S. ., & Giduturi, S. R. . (2023). OML-SDN: Detection of DDoS attacks in SDN using Optimized Machine Learning Methods. International Journal of Intelligent Systems and Applications in Engineering, 11(4), 197–208. Retrieved from



Research Article