SCHOOL OF COMPUTING

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

WINTER SEMESTER 2024-2025

10214CS701 MAJOR PROJECT INHOUSE

“DETECTION OF DDOS ATTACK IN SOFTWARE DEFINED NETWORK

USING MACHINE LEARNING”
REVIEW-1

SUPERVISED BY PRESENTED BY
1. V.NAGALAKSHMAN (VTU 20442) (21UECS0667)
2. A.AKSHITH (VTU 20063)(21UECS0029)
Mrs.S.KIRUTKIGA/Assistant professor
3. G.GOPAL REDDY (VTU 20292)(21UECM0071)

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 CONTENT
• Introduction & Problem Statement

• Project Goals & Objectives

• Literature Review & Background

• Proposed System Architecture

• Methodology & Implementation Plan

• Technology Stack & Tools

• Expected Outcomes & Deliverables

• Publication Status

• Progress & Milestones Achieved (For Review-1)

• Future Work & Next Steps

• References
2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &
25 136 ENGINEERING
 Introduction & Problem Statement

• Introduction:
Distributed Denial of Service (DDoS) attacks represent one of the most significant
cybersecurity threats to modern networks. These attacks overwhelm network resources by sending a
flood of traffic from multiple sources, rendering services
unavailable to legitimate users. The impact of DDoS attacks can be devastating, causing service
downtime, financial loss, and reputational damage to organizations. With the increasing sophistication
and scale of these attacks, detecting and mitigating DDoS events in real time is becoming a critical
necessity.The detection of DDoS attacks in SDNs is an ongoing challenge because of the dynamic
nature of the traffic patterns in SDN environments. Traditional DDoS detection methods, which rely on
signature-based techniques, struggle to identify new, previously unseen attack patterns and adapt
to the constantly evolving landscape of network traffic. Machine learning (ML), with its ability to
analyze large volumes of traffic data and
identify patterns, offers an effective solution for detecting such attacks in real-time.

• Problem Statement:
Traditional DDoS detection methods struggle with the dynamic nature of SDN traffic and fail to
identify new attack patterns, compromising the security and stability of SDN environments..

• Project Goal:
To develop a hybrid AI model combining transformer architectures and neural networks for accurate,
2/21/20 NO :MA DEPARTMENT OF COMPUTER SCIENCE &
25 adaptive, and scalable DDoS BATCH
attack
136 detection in SDNs.
ENGINEERING
 Project Goals & Objectives
Overall Goal:
 Develop a Reliable and Accurate DDoS Attack Detection
System.
 Use Real-Time Traffic Monitoring for Attack Detection.
 Implement Feature Extraction and Preprocessing
Techniques.
 Enhance the Adaptability of the Detection System

•Specific Objectives:
 Data Collection and Traffic Monitoring: To gather real-time network traffic data from SDN
environments, focusing on flow- level information such as packet rates, flow sizes, and network
latency.
 Development and Training of Machine Learning Models: To build and train machine learning
models capable of detecting DDoS attacks based on traffic features.
 Real-Time DDoS Attack Detection: To implement a real-time detection system that monitors SDN
traffic and flags DDoS attacks as soon as they occur.
 Adaptability and Model Retraining: To ensure the detection system remains effective over time as
attack patterns evolve.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Literature Review &
Background
Existing Solutions: Existing solutions for DDoS detection in SDNs rely on traditional machine learning
and deep learning approaches, which often lack adaptability to dynamic traffic patterns and
emerging attack vectors. Techniques like SVMs, decision trees, and CNNs have shown moderate
success but struggle with scalability and real-time processing. Recent advancements using LSTMs
and GRUs address some temporal dependencies but fall short compared to transformer-based
methods.

Limitations: Existing solutions struggle with adaptability to evolving attack patterns, limited
scalability
novel attack forvectors
real-time, high- volume SDN traffic, and inadequate temporal pattern recognition.
and are Lorem ipsum dolor
Additionally,
computati o nmany
L o re m
a llymethods
i n e ff iclacki errobustness
ip s u m d o loamet,
nstconsectetur
it
. against sitamet, consectetur
Our Approach: This project integrateadips trisacninsgfoerlitm. Neurllsamfor advancedatdeipmispciongraellipt.
aNuttlleamrn recognition with neural networks for high-level feature extraction, ensuring
egestas elit a, consequat egestas elit a,
evolving
slauoattack
preeertiopatterns, surpassing
risruascfrincu graillac,y and
consequat the adaptab laiolirteye.t Irtisausdfdrirnegsillase, s scalability, real-time

laimugiutae.tPiohansseollufsexisting solution mi,processing,

su.gue.
sollicitudin afelis Phasellus
and
sollicitudin felis mi,
quis quis
egestas ex ornare egestas ex ornare
sed. sed.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Literature Review &
Background
AUTHOR METHODOLOGY MAJOR FINDINGS RESEARCH GAP
Dong Li& Using SVM to This paper While SVM shows
Junqing Yu Detect DDoS demonstrates the promising results,
(2018) 1] Attacks in SDN application of the study
Network Support Vector emphasizes the
Machines (SVM) for need for
detecting DDoS improving feature
attacks in SDN selection and
environments adapting the
Lorem ipsum dolor sit Lorem ipsum dolor sit model to new
amet, consectetur amet, consectetur attack types.
adipiscing elit. adipiscing elit.
Boyi Liu, Shang DDoS Attack Nullam The authors extract
Nullam A limitation
Zhai,& Mingrui Detection Method
laoreet risus fringilla, high- level features
laoreet risus fringilla, identified was the
egestas elit a, egestas elit a,
Chen.(2019) 2] Based on Feature
consequat
from network traffic
consequat
computational
Extraction of Deep
egestas
augue.exPhasellus
ornare data and use DBNs.
egestas
augue.exPhasellus
ornare complexity of deep
sed. sed.
Belief Networks.
sollicitudin felis mi, sollicitudin felis mi, learning models
quis quis
like DBNs,
especially in real-
time applications.
2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &
25 Wenyu Qu, Detecting
136 DDoS ENGINEERINGThis paper focuses . The research
 Proposed System Architecture
Concept In Business

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Methodology & Implementation Plan

Methodology:
• Data Collection:
Gather real-time network traffic data in SDN environments, which includes both normal traffic and
DDoS attack traffic. This will be used to train machine learning models.
.
• Feature Engineering and Preprocessing:
Extract relevant features from the raw data and prepare it for machine learning.

• Model Selection and Training:

Choose and train machine learning models to detect DDoS attacks in SDN environments.

• Model Evaluation and Tuning:

Evaluate the performance of the trained models and optimize for better real-time detection.

• Real-time Detection and Deployment:

Implement the trained model into the SDN system to provide real-time detection and mitigation.

• Continuous Improvement and Retraining:

Ensure that the system adapts to new attack patterns and remains effective over time.
2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &
25 136 ENGINEERING
 Implementation
Plan:
PHASE TIMELINE TASKS

Data Collection 2 weeks Set up SDN environment, collect traffic

data, prepare datasets.
Feature 3 weeks Extract relevant features, preprocess
Engineering data, handle imbalanced data.
Model Training 4weeks Train models using supervised and
unsupervised learning techniques.
Model Evaluation 2weeks Lorem ipsum dolor
sit
Tune Lorem
models, ipsum dolor
sit
evaluate accuracy, and
amet, consectetur minimize false positives.
amet, consectetur
adipiscing
laoreet elit.
risus fringilla, adipiscing
laoreet elit.
risus fringilla,
Real-time 3weeks Nullam
egestas elit a,
Integrate model
Nullam
egestas elit a,
with SDN controller, set up
Detection consequat augue. real-time
consequat monitoring.
augue.
sollicitudin felis mi,
Phasellus sollicitudin felis mi,
Phasellus
Mitigatio 2weeks quis Develop
quis mitigation strategies, test
n egestas ex ornare
sed.
system
egestas
sed.
under
ex ornareattack scenarios.

Integrati
on
Continuous Ongoing Implement feedback loop, plan for model
2/21/20
25 Improvem BATCH NO :MA
136 ENGINEERING retraining.
DEPARTMENT OF COMPUTER SCIENCE &
 Technology Stack & Tools
 Hardware:
 Servers/Workstations
 Network Devices
 Monitoring/Traffic Capture Devices

 Software:
 SDN Controllers
 Machine Learning Libraries
 Data Preprocessing and Feature
Engineering Tools
 Real-time Monitoring Tools
 Flow Data Collection and Analysis

 Tools:
 Cloud Deployment
 Real-Time Data Ingestion
 Performance Evaluation
 Security Tools

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Expected Outcomes & Deliverables
• Expected Outcomes:
 Real-time Detection of DDoS Attacks: The system should be able to detect DDoS attacks in
real-time, with minimal
latency, using flow-level data from SDN controllers.
 Accurate Classification of DDoS vs. Normal Traffic: The machine learning model should
accurately classify incoming traffic as either normal or DDoS based on pre-trained datasets.
 Automated Mitigation Actions: Once a DDoS attack is detected, the system should automatically
trigger mitigation actions (e.g., traffic filtering, rate limiting, or traffic redirection) to minimize the
attack’s impact on the network.
 Low Latency and Scalable Solution: The detection system should have low computational
overhead and be scalable to
handle increasing network traffic without significant performance degradation.
 Continuous Learning and Adaptation: The machine learning model should have the capability
for incremental learning, allowing the system to adapt to new attack patterns over time.
 Comprehensive Security Insights: The system should provide detailed reports and alerts about
detected attacks, including information on attack source, type, and impact,
allowing network administrators to analyze and improve the
security
posture of the network.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Deliverables:

 DDoS Detection System Prototype: A fully functioning prototype of the DDoS detection
system integrated with an SDN controller (e.g., OpenDaylight or Ryu). The system will detect
and classify DDoS traffic and trigger mitigation actions automatically.
 Machine Learning Model: A trained machine learning model capable of classifying network
traffic as either normal or DDoS. The model will be validated and evaluated based on several
performance metrics (accuracy, precision, recall, F1- score).
 Real-time Traffic Monitoring Interface: A dashboard or interface (e.g., using Grafana and
Prometheus) to visualize traffic
flow, real-time attack detection, and mitigation actions.
 Automated Mitigation Module: A set of scripts or tools that automatically trigger actions (e.g.,
filtering malicious traffic or rate-limiting attackers) once a DDoS attack is detected.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Progress & Milestones Achieved (For Review-1)
• Completed Tasks:
 will provide the methodologies of the project and do literature survey which will be helpful for
 development of our
Will maintain the project.
plan of action to train the model and will reduce the errors that we trainin
detected during the of the model. g
 Will finally develop and test the model to achieve better performance and accurate
result.
• Milestones Reached:
 Data Collection and Preprocessing: To collect network traffic data, label it for normal and DDoS
attack traffic, and prepare the dataset for machine learning model training.
 Machine Learning Model Development: To develop and train machine learning models that can
classify network traffic as either normal or DDoS attacks
 SDN Controller Integration: To integrate the trained machine learning model with an SDN
controller for real-time traffic classification and response.
 Real-time Monitoring Interface and Dashboard: To develop a user interface that allows network
administrators to monitor
the status of the SDN network, view detected attacks, and track mitigation actions in real-time.
• Current Status:
 Ongoing Testing and Evaluation
 Performance Optimization
 Documentation and Final Reporting
2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &
25 136 ENGINEERING
 Implementation
Plan:
•Planned Activities:
 Enhancing Model Accuracy and Robustness: Improve the accuracy and robustness of
machine learning models to handle diverse types of DDoS attacks.
 Real-time Adaptive Mitigation: Enhance the system’s ability to
adapt to varying attack patterns and dynamically adjust mitigation
strategies.

 Scalability and Distributed Detection: Ensure that the system can scale to handle
large networks and high
• Timeline
volumes for
of traffic while maintaining
next step: low latency. Lorem ipsum dolor
Lorem ipsum dolor
sitamet, consectetur sitamet, consectetur
TIMELINE DURATION adipiscing elit. adipiscing elit. STEPS
Nullam laoreet risus Nullam laoreet risus
fringilla,
egestas elit a, fringilla,
egestas elit a,
Month 1 4 weeks consequat Complete Testing with Real-world Traffic.
consequat
augue. Phasellus augue. Phasellus
Month 2–3 5 weeks sollicitudin
quis
felis mi,
Improve Automated Mitigation Module
sollicitudin
quis
felis mi,

Month 3 3 weeks egestas ex ornare

sed.
Address Ethical and Privacy Considerations
egestas ex ornare
sed.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 Publication Status

The publication process for the project is currently ongoing. The research findings, methodology,
and results are being compiled into a manuscript for submission to a reputed peer-reviewed
journal/conference. Initial drafting of the paper is ongoing, and the team is in the process of
refining the content, validating experimental results, and ensuring compliance with IEEE
publication standards. Potential target journals and conferences are being shortlisted to
align with the research scope and impact. The final submission is expected to be completed
within the next phase of the project timeline.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 References(as per IEEE format only)
• [1]Dong Li,Chang Yu, Qizhao Zhou and Junqing Yu .”Using SVM to Detect DDoS Attacks
in SDN Network.” 2018 IOP Conf. Ser.: Mater. Sci. Eng. 466 012003,2018 .

• [2] Yijie Li, Boyi Liu, Shang Zhai and Mingrui Chen ,”DDoS attack detection method based
on feature extraction of deep belief networks.”IOP Conference Series: Earth
and Environmental Science, Vol. 252, Issue 3,2019.

• [3] Peng Xiao,Wenyu Qu,Heng Qi ,Zhiyang Li.”Detecting DDoS attacks against datacenters
using correlation analysis.” Computer Communications, 67,2015,

• [4] Fatima Khashab, Joanna Moubarak, Antoine Feghali , and Carole Bassil.”DDoS Attack
Detection and Mitigation in SDN using Machine Learning”,IEEE 7th International
Conference on Network Softwarization (NetSoft),2021.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 References(as per IEEE format only)
• [5] Bawany NZ, Shamsi JA, Salah K. DDoS attack detection and mitigation using SDN:
methods, practices, and solutions. Arabian Journal of Science and Engineering. 2017
Feb;42(2):425-41.

• [6] Dharma, N.G., Muthohar, M.F., Prayuda, J.A., Priagung, K. and Choi, D., 2015, August.
Time-based DDoS detection and mitigation for SDN controller. In 2015, the 17th Asia-Pacific
Network Operations and Management Symposium (APNOMS) (pp. 550-553). IEEE.

• [7] da Silveira Ilha, A., Lapolli, A.C., Marques, J.A. and Gaspary, L.P., 2020. Euclid: A fully in-
network, P4-based approach for real-time DDoS attack detection and mitigation. IEEE
Transactions on Network and Service Management, 18(3), pp.3121-3139.

• [8] Singh, J. and Behal, S., 2020. Detection and mitigation of DDoS attacks in SDN: a
comprehensive review, research challeng es, and future directions. Computer Science Review
37, p.100279.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 References(as per IEEE format only)
• [9] Mihoub A, Fredj OB, Cheikhrouhou O, Derhab A, Krichen M. Denial of service attack
detection and mitigation for internet of things using looking-back-enabled machine learning
techniques. Computers and Electrical Engineering. 2022 Mar 1;98:107716.

• [10] Miao, R., Yu, M. and Jain, N., 2014. Nimbus: cloud-scale attack detection and mitigation.
Acm Sigcomm Computer Communication Review, 44(4), pp.121-122.

• [11] "Securing the Software-Defined Network Control Layer" , Phillip Porras, Steven Cheung,
Martin Fong, Keith Skinner, and Vinod Yegneswara.

• [12] Towards Secure and Dependable SDN, Diego Kreutz , Fernando M.V. Ramos , Paulo
Verissimo.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 References(as per IEEE format only)
• [13] Languages for Software-Defined Networks, Nate Foster; Arjun Guha; Mark Reitblatt; Alec
Story, 2019.

• [14] Denial-of-Service Attacks in OpenFlow SDN Networks, Rajat Kandoi; Markku

Antikainen, 2015.

• [15] Role-Based Multiple Controllers for Load Balancing and Security in SDN, Dharmendra
Chourishi; Ali Miri; Mihailo Milić; Salam Ismaeel, IEEE, 2015.

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING
 THANK YOU!

2/21/20 BATCH NO :MA DEPARTMENT OF COMPUTER SCIENCE &

25 136 ENGINEERING