A novel approach for real-time DDoS detection in SDN using dimensionality reduction and ensemble learning

Abstract

This paper presents an innovative approach to detecting Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) environments by integrating dimensionality reduction, feature engineering, and ensemble learning techniques. The proposed method leverages a two-stage dimensionality reduction process utilizing Principal Component Analysis (PCA) and t-Distributed Stochastic Neighbor Embedding (t-SNE), which effectively captures both linear and non-linear patterns in network traffic. Feature augmentation is further achieved through K-Means clustering, which enhances the feature set by providing valuable cluster-based insights, thereby improving model performance. Evaluated on a comprehensive SDN dataset, the approach achieves a highest observed detection accuracy of 99.93% using an ensemble model, highlighting its effectiveness in distinguishing between malicious and benign traffic. Notably, machine learning models such as Random Forest and XGBoost demonstrate exceptional performance, with XGBoost providing outstanding computational efficiency by processing predictions in just 0.187 s. This highlights its suitability for real-time DDoS detection and significantly outpaces traditional methods in both detection accuracy and processing speed. The ensemble learning technique applied further improves classification robustness, making the method highly reliable in dynamic SDN environments. These findings underscore the efficacy of combining dimensionality reduction, feature engineering, and advanced machine learning methods to address critical security challenges in SDN environments, providing a scalable and efficient solution for mitigating DDoS attacks.