Detection and mitigation of botnet based DDoS attacks using catboost machine learning algorithm in SDN environment

Software-defined networking (SDN) is an emerging new technology in the field of networks that facilitates comprehensive network programmability, which makes them prone to network attacks. One of the primitive yet highly effective network attacks is the Distributed Denial-of-Service (DDoS). DDoS attacks are launched from the compromised hosts called botnets acquired by the attacker host called the botmaster, all being connected to switches present in the same environment. Despite the large number of traditional mitigation solutions that exist today, DDoS attacks continue to grow severely. Numerous solutions have been proposed to counter these attacks and prevent service disruptions which have cost many companies a fortune. An extensive literature survey of existing solutions to these security challenges in an SDN environment, that employed machine learning techniques like XGBoost, Support Vector Machine (SVM), etc., has addressed the detection of DDoS attacks. But still showed the scope of improvement in detection speeds which could significantly reduce the service unavailability time from a server i.e., the victim of the DDoS attack. Thus, this paper addresses these requirements to build an optimal, reliable, and quick DDoS detection and mitigation application. This application leverages the controller's functionalities, continuously monitors the network traffic at a particular host interface (potential victim) to detect abnormal traffic. When the traffic is identified as a potential DDoS attack, its mitigation is initiated. The DDoS attack traffic is mitigated by deploying flow rules onto the switches such that it blocks the attack traffic from entering the network. The application uses CatBoost classifier, the boosting algorithm which has very less prediction time and is comparatively 8× faster than XGBoost, because of its symmetric tree structure. It is tested to be proven reliable and efficient in detecting botnet-based DDoS attacks on the SDN environment with an accuracy of 98% and far less training time. Thus, proving that the proposed solution employing the state-of-the-art machine learning model can be more effective in quickly detecting and mitigating a DDoS attack.