Detecting and Mitigating Botnet Attacks in Software-Defined Networks Using Deep Learning Techniques

Software-Defined Networking (SDN) is an emerging architecture that enables flexible and easy management and communication of large-scale networks. It offers programmable and centralized interfaces for making complex network decisions dynamically and seamlessly. However, SDN provides opportunities for businesses and individuals to build network applications based on their demands and improve their services. In contrast, it started to face a new array of security and privacy challenges and simultaneously introduced the threats of a single point of failure. Usually, attackers launch malicious attacks such as botnets and Distributed Denial of Service (DDoS) to the controller through OpenFlow switches. Deep learning (DL)-based security applications are trending, effectively detecting and mitigating potential threats with fast response. In this article, we analyze and show the performance of the DL methods to detect botnet-based DDoS attacks in an SDN-supported environment. A newly self-generated dataset is used for the evaluation. We also used feature weighting and tuning methods to select the best subset of features. We verify the measurements and simulation outcomes over a self-generated dataset and real testbed settings. The main aim of this study is to find a lightweight DL method with baseline hyper-parameters to detect botnet-based DDoS attacks with features and data that can be easily acquired. We observed that the best subset of features influences the performance of the DL method, and the prediction accuracy of the same method could be variated with a different set of features. Finally, based on empirical results, we found that the CNN method outperforms the dataset and real testbed settings. The detection rate of CNN reaches 99% for normal flows and 97% for attack flows.