Enhanced DDoS Detection using Hybrid Genetic Algorithm and Decision Tree for SDN

This research has investigated the probable integration of a hybrid classification model into a Distributed Denial of Service (DDoS) detection scheme for Software-Defined Network (SDN). There are four key modules in our framework: 1) Traffic Generator, 2) SDN Controller, 3. Mininet (Openflow enabled switch), and 4) Alert. To enhance the DDoS detection precision, we also propose the use of Genetic Algorithm (GA) with a combination of Decision Tree (DT), called GA-DT. The implementation is based on Mininet as SDN emulator. To confirm our superiority, we practically used the real-trace of the four recent DDoSs, i.e., TCP SYN Flood, UDP Flooding, ICMP Flooding, and TCPKill, captured from Wireshark, with our hybrid classification against the existing ones including DT, Logistic Regression (LR), Neural network (NN), Self-organizing map (SOM), $k$ -nearest neighbors (kNN), Support Vector Machine (SVM), and Random forests (RF). The results show that GA-DT outperforms the others in terms of higher accuracy.