A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

Abstract

Software-Defined Networking (SDN) is an emerging networking paradigm that provides an advanced programming capability and moves the control functionality to a centralized controller. This paper proposes a two-stage novel intelligent approach that takes advantage of the SDN approach to detect Denial of Service (DoS) flooding attacks based on calculation of packet rate as the first step and followed by Support Vector Machine (SVM) classification as the second step. Flow concept is an essential idea in OpenFlow protocol, which represents a common interface between an SDN switch and an SDN controller. Therefore, our system calculates the packet rate of each flow based on flow statistics obtained by SDN controller. Once the packet rate exceeds a predefined threshold, the system will activate the packet inspection unit, which, in turn, will use the (SVM) algorithm to classify the previously collected packets. The experimental results showed that our system was able to detect DoS flooding attacks with 96.25% accuracy and 0.26% false alarm rate.