Özet:

Abstract Distributed-denial-of-service (DDoS) attacks can cause a great menace to numerous organizations and their stakeholders. On a successful launch of such attacks, the intended users of the network become deprived of its services, which eventually causes a loss of time and money. Not just the traditional networks were victims of DDoS attacks, even the modern networks based on software-defined networking (SDN) technology are susceptible to them. The objective of this research work is to take into account a DDoS afflicted SDN specific dataset and detect the malicious traffic by using various machine learning algorithms namely., K-Nearest Neighbours, Logistic Regression, Multilayer Perceptron, Iterative Dichotomiser 3, and Stochastic Gradient Descent. Additionally, the categories of malicious traffic based on the protocol as ICMP attack, TCP SYN attack and UDP flood attack are analyzed and compared. The experiment results suggested that some algorithms were able to detect malicious traffic with accuracies up to 99.993%. The models used in this paper are further evaluated and validated with Area Under the Curve of Receiver Operator Characteristic (AUC-ROC) curves. Therefore, through the methodologies presented in this paper, the most suitable techniques for DDoS detection are suggested and thus contribute towards the DDoS mitigation in network management of SDN environments.

Anahtar Kelimeler: