FloodDetector: Detecting Unknown DoS Flooding Attacks in SDN

By exposing the programmable interfaces, software-defined networking (SDN) facilitates the development of network applications, specifically, the machine-learningbased flooding attack detection systems. Despite their promising results in detecting the flooding attacks, their adoption into operational environments is limited. This is partially because of their incapability in detecting unknown flooding attacks. An unknown attack is an attack that is not comprised in the training dataset of the machine learning classifier. In this paper, we propose FloodDetector, an efficient framework for detecting the known and unknown flooding attacks in SDN. It is a controller independent SDN application that can detect both known and unknown flooding attacks by utilizing two machine learning classifiers: K-Nearest Neighbor (K-NN) and Artificial Neural Network (ANN). We have implemented the FloodDetector and evaluated its performance using different simulated SDN environments in terms of topology and scale. The experimental results show that the FloodDetector can effectively detect both known and unknown flooding attacks.