Submitted Successfully!
To reward your contribution, here is a gift for you: A free trial for our video production service.
Thank you for your contribution! You can also upload a video entry or images related to this topic.
Version Summary Created by Modification Content Size Created at Operation
1 -- 1672 2024-01-05 23:06:20 |
2 format correct Meta information modification 1672 2024-01-08 01:56:35 |

Video Upload Options

Do you have a full video?


Are you sure to Delete?
If you have any further questions, please contact Encyclopedia Editorial Office.
Elubeyd, H.; Yiltas-Kaplan, D. Automatic DoS/DDoS Attacks Detection in Software-Defined Networks. Encyclopedia. Available online: (accessed on 21 June 2024).
Elubeyd H, Yiltas-Kaplan D. Automatic DoS/DDoS Attacks Detection in Software-Defined Networks. Encyclopedia. Available at: Accessed June 21, 2024.
Elubeyd, Hani, Derya Yiltas-Kaplan. "Automatic DoS/DDoS Attacks Detection in Software-Defined Networks" Encyclopedia, (accessed June 21, 2024).
Elubeyd, H., & Yiltas-Kaplan, D. (2024, January 05). Automatic DoS/DDoS Attacks Detection in Software-Defined Networks. In Encyclopedia.
Elubeyd, Hani and Derya Yiltas-Kaplan. "Automatic DoS/DDoS Attacks Detection in Software-Defined Networks." Encyclopedia. Web. 05 January, 2024.
Automatic DoS/DDoS Attacks Detection in Software-Defined Networks

Software-defined networks (SDNs) are becoming increasingly popular due to their centralized control and flexibility, but this also makes them a target for cyberattacks. Detecting DoS/DDoS attacks in SDNs is a challenging task due to the complex nature of the network traffic.

hybrid deep learning DoS/DDoS attacks software-defined networks (SDNs) cyberattacks

1. Introduction

A precondition to examining DDoS attacks in software-defined networks (SDNs) is establishing a DDoS attack definition. The foundational level classified a denial of service (DoS) attack as an attack against a network structure that causes a server to be disabled from servicing its clients [1]. The researchers argue that DoS attacks can send a high volume of requests to a server to slow it down, with sizeable invalid data packets, or send spoofed or invalid IP address requests to ensure the flood server. Ref. [2] supported Tang and [1] by revealing that the main objective of launching a DoS attack is to disrupt the availability of network resources for legitimate users through one of several possible strategies. For instance, attackers send messages to exploit vulnerabilities leading to paralysis of the network systems, or attackers send a high volume of regular messages to a single node that exhausts the system resources and, as such, crashes the entire system [2]. The most recent DDoS attack was against Amazon Web Services (AWS) in 2020, but that attack was mitigated, although it involved up to 2.3 Tbps of data [3]. Another study [4] supported [3] by revealing that the DDoS attack involved hijacked Connectionless Lightweight Directory Access Protocol (CLDAP) servers, which amplified the attack by up to 70 times its size.
In recent years, software-defined networking (SDN) has emerged as a promising approach for improving network efficiency and flexibility. However, SDN-based networks have also been subject to DDoS attacks, which can disrupt the delivery of essential services to customers. DDoS attacks involve overwhelming a network with traffic from multiple sources, rendering it unavailable to legitimate users. This has serious consequences for organizations and businesses that rely on networked systems for their operations and highlights the need to design and implement effective security measures to detect the risk of DDoS attacks on SDN networks.

2. Individual Deep Learning Algorithms Implementation

Other researchers have focused on comparing how different deep learning algorithms performed in DDoS attack detection in SDNs. A case in point was [5]. They reached the simple neural network, CNN, and RNN in DDoS attack detection in the CSE-CIC-IDS2018 dataset, which simulated diverse attack scenarios, including brute-force, DoS, infiltration, DDoS, Heartbleed, and botnet attacks. Findings from the study revealed that simple neural networks outperformed CNN and RNN, attributed to the detection of malware by generating an accuracy of 82% and a precision of 42%. The authors argued that the more popular RNN and CNN could have performed better due to the challenges of overfitting, which led to high false positives and negative rates [5]. In another study, Ref. [6] also compared the performance of several algorithms to facilitate the detection of DDoS attacks in SDN environments. In particular, it was also considering the Support Vector Machine (SVM), Naïve Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbor (KNN) classification models. In addition, the researchers adopted feature selection techniques to simplify the models used in the experiments to ensure model simplification, enhance their interpretation, and facilitate a shorter training time [6]. Findings reported showed that wrapper feature selection combined with the KNN classifier generated the highest score of 98.3% accuracy in DDoS-attack detection. Analytically, the results underscored the performance improvement associated with combining deep learning with feature selection techniques when detecting DDoS attacks to facilitate reduced load processing times [6]. Furthermore, there has been critical research [7]; the authors proposed an approach against DDoS attacks by adopting the Gated Recurrent Units (GRU) method and compared it with other deep learning algorithms by explaining how their approach outperforms.
Findings from the study showed that the GRU-RNN did not adversely affect network performance and led to high accuracy performances of 99% and 89% for the CICIDS2017 and NSL-KDD datasets (Tang et al., 2019). In previous research, Ref. [8] reported an accuracy of 99.63% for the CNN-RF model and 99.58% for the RF-MLP using the same dataset—CICIDS2017. Analytically, the comparison of [1][8] revealed, using the same dataset, different hybrid deep learning algorithms that generated similar performances—99% for both the CNN-RF and GRU-RNN in both cases. Such insights are essential in the current study, as they reveal that differences in implementation of the hybrid deep learning algorithms did not vary significantly despite using different deep learning algorithms.

3. Hybrid Deep Learning Techniques

Efficient Hybridization Technique for Intrusion Detection Systems has become a critical technology to safeguard against malicious threats in cyberspace. Many soft computing approaches have been employed to enhance the effectiveness of Intrusion Detection Systems (IDS). However, the high dimensionality of network traffic data, dynamic attack patterns, and the need for multiple classifiers to detect various forms of attacks remain significant challenges [9][10][11]. To address these challenges, this research proposes a hybridization technique that combines supervised and unsupervised learning techniques. K-means clustering is used to classify the data into normal and attack classes, and wrapper feature selection with a genetic algorithm is employed to address the high dimensionality of the data. The input data are then classified with a support vector machine (SVM) [9]. Another proposed technique for feature selection involves the use of the metaheuristic Bat algorithm and PCA [10]. Lastly, a combination of blockchain technology and machine learning techniques was used to manage datasets and detect network communications for intrusion detection systems [11]. The proposed techniques were shown to achieve high accuracy and low false alarm rate, with promising benefits of robustness, low computational cost, and generalization by reducing possible overfitting.
In terms of hybrid deep learning, two main ideas addressed include the integration of more than one deep learning algorithm to detect attack traffic and the combination of the algorithms with other network security solutions such as IDS and IPS devices. To begin with, Ref. [12] argued that deep learning techniques are essential in detecting DDoS attacks within SDNs to identify the attacks as anomalies within legitimate traffic. Therefore, in discussing the importance of deep learning in securing SDNs, there is a need to view the attacks as anomalies that result in traffic generation. The study by [12] proposed a deep learning approach that regarded the implementation of Convolution Neural Network (CNN) and Long Short-Term Memory (LSTM) algorithms to detect slow DDoS attacks in SDNs. In the research, datasets to emulate the slow DDoS attack traffic flow were generated and leveraged the ability of SDN switches to detect traffic flow statistics. The training was performed for the CNN-LSTM model and was validated while also undertaking hyperparameter tuning. The performance of the CNN-LSTM was compared against a MultiLayer Perceptron (MLP) and 1-Class Support Vector Machine (1-SVM). The generated results revealed that the CNN-LSTM outperformed the MLP and 1-SVM in terms of accuracy, precision, recall, and specificity [12].
Another study [8] supported [13] by revealing that combining several deep learning algorithms such as RF, CNN, and MLP methods improved DDoS attack detection in IoT networks and devices. In the research, Ref. [8] reported a higher accuracy of 99.63% for the hybrid model combining the Random Forests and Convolutional Neural Networks compared to 99.58% accuracy obtained from the combination of Random Forests and the Multilayer Perceptron. Such insights underscored the value of CNN-RF hybrid models in outperforming other variants in DDoS detection in SDN networks.
Other researchers, such as [14], combined the CNN deep learning algorithm with information entropy to detect DDoS attacks in SDNs to distinguish between legitimate and attack traffic. The outcomes from the research indicated that the hybrid model generated high performance in detecting traffic anomalies. In the study, Ref. [14] argued that combining CNN and information entropy was essential to leverage their advantages in DDoS attack detection. The low-complexity advantages of information entropy were combined with the high accuracy of the CNN algorithms, thereby facilitating DDoS attack detection in the SDN controller and guaranteeing the security of the SDN network. Ref. [15] also conducted a similar study to [14], whereby information entropy was combined with a CNN algorithm to detect DDoS attacks. In their study, Ref. [15] used information entropy to see suspicious ports and components in coarse granularity, whereas CNN was adopted to distinguish legitimate and attack traffic. Findings from the research revealed high accuracy in detecting the anomaly traffic at 98.98%, which underscored the robustness of combining information entropy and CNN techniques in detecting attack traffic. Therefore, a similarity between [14][15] emerged from the fact that both studies advocated combining information entropy with CNNs to detect attack traffic within SDNs. As a result, there was better performance and accuracy regarding mitigating DDoS attacks. Further analysis, however, indicated that the shortcoming of reliance on deep learning algorithms on their own arose from high training costs and low efficiency despite their high accuracy. Analytically, such findings indicate a need to identify more alternative solutions to reduce the disadvantages of deep learning algorithms.
Ref. [16] reiterated [17] by demonstrating that integrating a deep learning algorithm enhanced IDS systems. Ref. [18] further demonstrated the effectiveness of the Stacked Autoencoders (SAE) deep learning algorithm combined with a Snort IDS in optimizing the detection accuracy of DDoS attack detection within SDN environments. By implementing the hybrid algorithm, the study observed a high accuracy of 95%.
Additionally, hybrid deep learning algorithms have shown promising results in detecting low-rate DDoS attacks in software-defined networks (SDNs). These attacks are characterized by a low volume of traffic but a high frequency, making them difficult to detect using traditional approaches such as threshold-based systems [3]. Another hybrid deep learning method is the integration of a CNN with a deep belief network (DBN), as presented by [19]. This approach achieved a detection rate of 96.7% and a false positive rate of 1.2% on a simulated SDN dataset.
Finally, the analysis also indicated that deep learning algorithms could better detect DDoS attacks in SDN environments [5][6][7][8][9][10][11][12][13][14][20][21][22]. The research emerged that deep learning techniques outperformed classical machine learning algorithms, as they did not involve human interaction to improve their performance but instead relied on artificial neural networks [23]. The evaluation also demonstrated that hybrid deep learning techniques outperformed single algorithms even in scenarios where the models comprised deep learning algorithms.


  1. Tang, D.; Kuang, X. Distributed denial of service attacks and defense mechanisms. IOP Conf. Ser. Mater. Sci. Eng. 2019, 612, 052046.
  2. Kumar, G. Denial of service attacks—An updated perspective. Syst. Sci. Control. Eng. 2016, 4, 285–294.
  3. Zhang, C. Impact of defending strategy decision on DDoS attack. Complexity 2021, 2021, 6694383.
  4. Cimpanu, C. AWS Said It Mitigated a 2.3 Tbps DDoS Attack, the Largest Ever. ZDNet. Available online: (accessed on 17 June 2020).
  5. Ruiz, L.; Chamon, L.; Ribeiro, A. Graphon neural networks and the transferability of graph neural networks. Adv. Neural Inf. Process. Syst. 2020, 33, 1702–1712.
  6. Polat, H.; Polat, O.; Cetin, A. Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 2020, 12, 1035.
  7. Assis, M.V.; Carvalho, L.F.; Lloret, J.; Proença, M.L., Jr. A GRU deep learning system against attacks in software defined networks. J. Netw. Comput. Appl. 2021, 177, 102942.
  8. Farukee, M.B.; Shabit, M.S.; Haque, M.; Sattar, A.H.M. Ddos attack detection in IoT networks using deep learning models combined with random forest as feature selector. In International Conference on Advances in Cyber Security; Springer: Singapore, 2021; pp. 118–134.
  9. Saheed, Y.K.; Arowolo, M.O.; Tosho, A.U. An Efficient Hybridization of K-Means and Genetic Algorithm Based on Support Vector Machine for Cyber Intrusion Detection System. Int. J. Electr. Eng. Inform. 2022, 14, 426–442.
  10. Balogun, B.F.; Gbolagade, K.A.; Arowolo, M.O.; Saheed, Y.K. A Hybrid Metaheuristic Algorithm for Features Dimensionality Reduction in Network Intrusion Detection System. In Proceedings of the Computational Science and Its Applications–ICCSA 2021: 21st International Conference, Cagliari, Italy, 13–16 September 2021; Proceedings, Part IX 21. Springer International Publishing: Cham, Switzerland, 2021; pp. 101–114.
  11. Ogundokun, R.O.; Arowolo, M.O.; Misra, S.; Awotunde, J.B. Machine learning, IoT, and blockchain integration for improving process management application security. In Blockchain Applications in the Smart Era; Springer International Publishing: Cham, Switzerland, 2022; pp. 237–252.
  12. Nugraha, B.; Murthy, R.N. Deep learning-based slow DDoS attack detection in SDN-based networks. In Proceedings of the 2020 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Leganes, Spain, 10–12 November 2020; IEEE: New York, NY, USA, 2020; pp. 51–56.
  13. Makuvaza, A.; Jat, D.S.; Gamundani, A.M. Hybrid deep learning model for real-time detection of distributed denial of service attacks in software defined networks. In Emerging Trends in Data Driven Computing and Communications; Mathur, R., Gupta, C., Katewa, V., Jat, D., Eds.; Springer: New York, NY, USA, 2021; pp. 1–13.
  14. Xu, P.; Wang, L.; Liu, Y.; Chen, W.; Huang, P. The record-breaking heat wave of June 2019 in Central Europe. Atmos. Sci. Lett. 2020, 21, e964.
  15. Liu, Y.; Zhi, T.; Shen, M.; Wang, L.; Li, Y.; Wan, M. Software-defined DDoS detection with information entropy analysis and optimized deep learning. Future Gener. Comput. Syst. 2021, 129, 99–114.
  16. Al-Mi’ani, N.; Anbar, M.; Sanjalawe, Y.; Karuppayah, S. Securing software defined networking using intrusion detection system-A review. In International Conference on Advances in Cyber Security; Springer: Singapore, 2021; pp. 417–446.
  17. Elsayed, M.S.; Jahromi, H.Z.; Nazir, M.M.; Jurcut, A.D. The role of CNN for intrusion detection systems: An improved CNN learning approach for SDNs. In Proceedings of the International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, Virtual Event, 6–7 May 2021; Springer: Cham, Switzerland, 2021; pp. 91–104.
  18. Ujjan, R.M.A.; Pervez, Z.; Dahal, K.; Bashir, A.K.; Mumtaz, R.; González, J. Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Future Gener. Comput. Syst. 2020, 111, 763–779.
  19. GSR, E.S.; Azees, M.; Vinodkumar, C.R.; Parthasarathy, G. Hybrid optimization enabled deep learning technique for multi-level intrusion detection. Adv. Eng. Softw. 2022, 173, 103197.
  20. Dharma, N.G.; Muthohar, M.F.; Prayuda, J.A.; Priagung, K.; Choi, D. Time-based DDoS detection and mitigation for SDN controller. In Proceedings of the 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), Busan, Republic of Korea, 19–21 August 2015; IEEE: New York, NY, USA, 2015; pp. 550–553.
  21. Iranmanesh, A.; Reza Naji, H. A protocol for cluster confirmations of SDN controllers against DDoS attacks. Comput. Electr. Eng. 2021, 93, 107265.
  22. Sun, W.; Li, Y.; Guan, S. An improved method of DDoS attack detection for controller of SDN. In Proceedings of the 2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology (CCET), Beijing, China, 16–18 August 2019; IEEE: New York, NY, USA, 2019; pp. 249–253.
  23. Castiglioni, I.; Rundo, L.; Codari, M.; Di Leo, G.; Salvatore, C.; Interlenghi, M.; Gallivanone, F.; Cozzi, A.; D’Amico, N.C.; Sardanelli, F. AI applications to medical images: From machine learning to deep learning. Phys. Med. 2021, 83, 9–24.
Contributors MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to : ,
View Times: 139
Revisions: 2 times (View History)
Update Date: 08 Jan 2024
Video Production Service