Advanced SDN-based network security: an ensemble optimized deep learning-based framework for mitigating DDoS attacks with intrusion detection

Advanced SDN-based network security: an ensemble optimized deep learning-based framework for mitigating DDoS attacks with intrusion detection

연구 분야: Networking

학회: Cluster Computing

Software-defined networking (SDN) represents a paradigm shift in the management of networks, offering greater flexibility and centralized control. However, this centralized design presents distinct security issues. The centralized controller becomes a prominent target for intruders, exposing the network to a wide range of risks, including direct attacks, unauthorized entry and manipulation of information, Denial-of-Service (DoS) attacks, and switch problems. Furthermore, present DDoS detection approaches in SDN have drawbacks due to their reliance on network topology, insufficient attack type coverage, obsolete datasets, and high hardware costs. This reliance on outdated data reduces adaptability to new attacks and slows detection. Therefore, in this research, we introduce a novel optimized deep learning-based approach for effective attack detection. The MASNet model is employed for feature extraction, identifying complex patterns in network traffic. Feature selection is refined using the Binary Artificial Rabbit Optimizer Algorithm, focusing on the most critical attributes to enhance model accuracy. Attack detection is achieved through an ensemble of TaNet, and improved GhostNet termed the IGhostTaV2Net method, which work together to detect and categorize threats effectively. The hyperparameters of the ensemble approach are further optimized using the Satin Bowerbird Optimization (SBO) algorithm. Lastly, SDN’s dynamic capabilities are utilized to mitigate threats in real-time by rerouting traffic or blocking malicious connections, offering a robust and efficient solution for intrusion detection and response. This approach demonstrates high accuracy and effectiveness in managing network threats. Additionally, the outcomes highlight the efficacy of the suggested methodology by demonstrating exceptional accuracy of 99.82% in identifying and reducing these threats. The research makes a significant contribution to the current discussion on SDN environment security by putting forth a highly efficient and flexible DDoS identification and mitigation method. This strategy capitalizes on SDN’s inherent benefits in flexibility and central administration while addressing its inherent vulnerabilities.