DoS detection using machine learning and software defined networks

  • 1 Faculty of Informatics and Information Technologies - University of Technology in Bratislava


Software Defined Networks (SDN), which are new paradigm for building networks, provide a possibility to increase network performance and security. SDN centralize network intelligence in one network node called controller and underlying infrastructure which transport data across the network consists of switches which are orchestrated via appropriate protocol by the controller. Switches are cheaper because all the protocols needed to perform routing and other services in the network are centralized in the controller. Next advantage of the centralized SDN architecture is that information about the state and the behavior of the network are available in the controller. We can use this information to make critical decisions to better utilize network resources and improve network security. At the controller we perform network traffic monitoring, analysis and management. In this work we propose to use extended measurement vector and Machine Learning (ML) model to detect Denial of Service (DoS) attacks. Controller then take actions based on the ML model output to stop or counter the attack.



  1. M. Nagy, I. Kotuliak, J. Skalny, M. Kalcok and T. Hirjak, “Integrating mobile openflow based network architecture with legacy infrastructure,” in Inform. and Commun. Technology. Lecture Notes in Comput. Sci., vol 9357. Springer, Cham pp. 40-49.
  2. Open Networking Found. (2012, April 13). "Software-defined networking: the new norm for networks", [Online]. Available:
  3. T. D. Nadeau, K. Gray, "Centralized and distributed control and data planes", in SDN: Software Defined Networks, Sebastopol: O’Reilly Media, 2013, pp. 9-46.
  4. Open Networking Found. (2014, June). "SDN architecture" [Online]. Available:
  5. Open Networking Found. (2015, March 26). Openflow switch specification version 1.5.1 (Protocol version 0x06) [Online]. Available:
  6. D. K. Bhattacharyya, J. K. Kalita, "Anomalies in a Network" in Network Anomaly Detection: A Machine Learning Perspective, Taylor & Francis Group, LLC, 2014, 336p.
  7. D. Kreutz et al., "Software-Defined Networking: A Comprehensive Survey, " Proc. IEEE, vol. 103, vol. 1, pp. 14–76.
  8. S. Shin et al., "Enhancing Network Security through Software Defined Networking (SDN)," 25th International Conference on Computer Communication and Networks, 2016, pp. 1-9.
  9. S. Bian, P. Zhang, Z. Yan, "A Survey on Software-Defined Networking Security," in Proceedings of the 9th EAI International Conference on Mobile Multimedia Communications, 2016, pp. 190- 198.
  10. J. Boite et al., "StateSec: Stateful Monitoring for DDoS Protection in Software Defined Networks," IEEE Conference on Network Softwarization, 2017, 9p.
  11. A. Akhunzada et al., "Securing Software Defined Networks: Taxonomy, requirements, and Open Issues," IEEE Communications Magazine, 2015 63p.
  12. R. Grežo, M. Nagy, "Network traffic measurement and management in software defined networks", in Proceedings of the 3rd IEEE International Conference on Computer and Communications (ICCC), 2017, pp. 541 – 546.
  13. M. E. Ahmed, H. Kim, "DDoS Attack Mitigation in Internet of Things Using Software Defined Networking, " IEEE Third International Conference on Big Data Computing Service and Applications, 2017, pp. 1-6.
  14. D. Jankowski, M. Amanowicz, "Intrusion Detection in Software Defined Networks with Self-organized Maps," Journal of Telecommunications & Information Technology, 2015, pp. 3-9.
  15. R. Sahay et al., "Adaptive Policy-driven Attack Mitigation in SDN," in Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, 2017, pp. 1-6.
  16. P. Bull et al., "Flow Based Security for IoT Devices using an SDN Gateway," IEEE 4th International Conference on Future Internet of Things and Cloud, 2016, pp. 157-163.
  17. T. Tuan A et al., "Deep learning approach for network intrusion detection in software defined networking", In Proceeding of the International Conference on Wireless Networks and Mobile Communications (WINCOM), 2016, pp. 258-263.
  18. T. Tuan A et al., " Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks", In Proceeding of the 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), 2018, pp. 202-206.
  19. "KDD Cup 1999", [online] Available:
  20. S. REVATHI, A. MALATHI, "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection.", in International Journal of Engineering Research and Technology (IJERT), 2013, pp. 1848-1853.
  21. "Ryu", [online] Available: http://
  22. M. Nour, S. Jill. "UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set).", in Proceeding of the Military Communications and Information Systems Conference (MilCIS), 2015, pp. 1-6.

Article full text

Download PDF