The Design of SDN Based Detection for Distributed Denial of Service (DDoS) Attack

Software Defined Networking (SDN) is the network architecture where the network control is decoupled and separated from forwarding mechanism. It is more popular in enterprise network for simplicity, scalability and traffic flow optimization. SDN can give an attractive solution for network security. However, Distributed Denial of Service (DDoS) attacks are the challenges in SDN environments. Despite a large number of DDoS detection and mitigation techniques exist in today, DDoS attacks continue to grow in attacks frequency, attacks volume and they are threatening the network security. There are two kinds of DDoS detection techniques; signature based and anomaly based detection. When the signature based detection technique uses network behaviors, the anomaly based detection uses machine learning techniques. In this paper, we propose the design of SDN based detection for DDoS attack. In this propose system design, we use Advanced Support Vector Machine (ASVM) algorithm in order to detect DDoS attack. With the advantage of ASVM, it can significantly reduce the testing time as well as training time compared with SVM algorithm. We validate the propose system by using Hierarchical Task Analysis (HTA) technique in order to validate the human errors to achieve certain goal.