Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model

Software Defined Networks (SDN) offer dynamic reconfigurability and scalability, revolutionizing traditional networking. However, countering Distributed Denial of Service (DDoS) attacks remains a formidable challenge for both traditional and SDN-based networks. The integration of Machine Learning (ML) into SDN holds promise for addressing these threats. While recent research demonstrates ML's accuracy in distinguishing legitimate from malicious traffic, it faces difficulties in handling emerging, low-rate, and zero-day DDoS attacks due to limited feature scope for training. The ever-evolving DDoS landscape, driven by new protocols, necessitates continuous ML model retraining. In response to these challenges, we propose an ensemble online machine-learning model designed to enhance DDoS detection and mitigation. This approach utilizes online learning to adapt the model with expected attack patterns. The model is trained and evaluated using SDN simulation (Mininet and Ryu). Its dynamic feature selection capability overcomes conventional limitations, resulting in improved accuracy across diverse DDoS attack types. Experimental results demonstrate a remarkable 99.2% detection rate, outperforming comparable models on our custom dataset as well as various benchmark datasets, including CICDDoS2019, InSDN, and slow-read-DDoS. Moreover, the proposed model undergoes comparison with industry-standard commercial solutions. This work establishes a strong foundation for proactive DDoS threat identification and mitigation in SDN environments, reinforcing network security against evolving cyber risks.