Improving DDoS Detection in Software-Defined Networks Through a Hybrid Machine Learning Approach

Abstract

(DDoS) Attacks remain a significant concern for network security, utilizing flood-like traffic at the volume, protocol, and application levels to exploit vulnerabilities in today's infrastructure. To lessen these risks, Software-Defined Networking (SDN) offers programmability and centralized control. However, current machine learning (ML)-based detection techniques have a high false positive rate, are not very flexible against zero-day attacks, and are ineffective when handling high-dimensional flow data. To enhance the detection of DDoS attacks in software-defined networks, this paper proposes a hybrid machine-learning approach. Tapping into SDNs broad view of all network flows, the system studies traffic in real time by merging supervised deep learning- in this case, Long Short-Term Memory- with unsupervised anomaly detection called Isolation Forest. The LSTM sorts incoming packets and learns new normal behavior, while the Isolation Forest flags any stray patterns that don’t fit.