A Robust, Lightweight Deep Learning Approach for Detection and Mitigation of DDoS Attacks in SDN

SDNs are considered as a new chance against malicious activities due to their better control and management capabilities. Despite this, SDNs suffer from a significant weakness. A central control plane in the SDN architecture is described as a single point of failure, and the controller can be a target of interest to attackers. Many defense frameworks have been introduced based on different methods to deal with DDoS attacks in SDNs, while deep learning models have shown good performance. However, there are two concerns about deep learning-based IDSs: speed of action and robustness against adversarial examples. It is essential that the IDS has a small processing overhead for the network and performs retrain and predict quickly. In this paper, we investigate two above discussed challenges. We consider two different scenarios; the IDS model training with a produced native dataset and the public CICIDS2018 dataset. For robustness, we first generated adversarial examples from the original dataset using white-box methods such as FGSM, FGSM-RS, Carlini-Wagner, and Black-Box methods such as WGANs. Then, we retrained the IDS model using this data. We considered a simple architecture for the IDS model for better performance. Furthermore, we consider a threshold that limits the algorithm running time according to the number of PACKET-IN messages. The results show that we have reached a good balance between speed of action, robustness, and accuracy.