Can Machine Learning Techniques Be Effectively Used in Real Networks against DDoS Attacks?

Abstract

The threat of distributed denial of service (DDoS) attacks has worsened recently with the proliferation of unsecured Internet of Things (IoT) devices. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are decentralised. We study the effectiveness of using machine learning (ML) to detect DDoS attacks, facilitated by Software-Defined Networking (SDN), a recent paradigm that aims to improve network management by centralising network information and control. In this study, ML algorithms are implemented on nmeta2, an SDN-based traffic classification architecture, and evaluated on a physical network testbed to demonstrate their efficacy during a DDoS attack scenario, especially in accurately classifying non-malicious traffic. This is unlike most approaches that aim to identify/classify malicious traffic but also misclassify non-malicious traffic, inadvertently leading to degraded performance for legitimate network traffic. Furthermore, there is potentially considerable data loss during DDoS attacks that can further degrade classification performance. We examine these issues that arise when using ML to detect DDoS attacks in live network scenarios.