A DDoS defence framework in software defined network using ensemble classifier with rough set theory based feature selection

The network traffic is getting increased day by day with the increase in the usage of the internet and related technologies such as cloud computing, Internet of Things (IoT), and big data. However, the traditional Internet Protocol (IP) based network struggles with adopting the huge network traffic through scalability, controllability as well as manageability for which software defined network has become an alternative. It meets the requirements of modern technologies in which the control is centralized over the network. Due to the increased popularity and usage, the security of the Software Defined Networking (SDN) is often compromised. Distributed Denial of Service (DDoS) attack is a major threat that suppresses the service of the SDN network. This paper focuses on providing a defence framework for SDN against DDoS attacks with two main phases. The DDoS prevention phase implemented at the data plane is responsible for preventing attacks packets through simple flow analysis. The DDoS detection phase at the control plane extracts the features from the incoming packets on which the rough set theory-based entropy is applied to select the significant features. Later ensemble classifier categorizes the flow as normal or attack. The flow rules are updated based on the obtained results. The proposed model has experimented with two publicly available datasets and the analysis are made with the obtained results. The proposed model has better precision values in predicting the flow as benign or attack with the values 96.3% and 96.12% respectively. The result analysis proves that the proposed model outperforms various other existing models in classifying DDoS attacks.