Title: A DDoS attack detection method based on SVM and K-nearest neighbour in SDN environment

Authors: Zhaohui Ma; Bohong Li

Addresses: School of Computer Science, South China Normal University, Guangzhou 510006, China; School of Information Science and Technology, Guangdong University of Foreign Studies, Guangzhou 510420, China ' Volgenau School of Engineering, George Mason University, 4400 University Dr, Fairfax, VA 22030, USA

Abstract: This paper presents a detection method for DDoS attack in SDN based on K-nearest neighbour (KNN) algorithm and support vector machine (SVM) algorithm. This method makes use of the characteristics of SDN centralised control, collects flow characteristic information efficiently, classifies the flow, screens out the attack flow, and determines whether the system is attacked or not. Experiments show that the resource consumption rate of this model is only 11% when detecting DDOS attack. Meanwhile, the accuracy rate exceeded 99%.

Keywords: software defined network; SDN; controller; detecting method; DDoS attack; K-nearest neighbour; KNN; support vector machine; SVM.

DOI: 10.1504/IJCSE.2020.111431

International Journal of Computational Science and Engineering, 2020 Vol.23 No.3, pp.224 - 234

Received: 15 Feb 2020
Accepted: 21 Apr 2020
Published online: 26 Nov 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article