A Deep Learning Approach Combining Autoencoder with One-class SVM for DDoS Attack Detection in SDNs

Software Defined Networking (SDN) provides us with the capability of collecting network traffic information and managing networks proactively. Therefore, SDN facilitates the promotion of more robust and secure networks. Recently, several Machine Learning (ML)/Deep Learning (DL) intrusion detection approaches have been proposed to secure SDN networks. Currently, most of the proposed ML/DL intrusion detection approaches are based on supervised learning approach that required labelled and well-balanced datasets for training. However, this is time intensive and require significant human expertise to curate these datasets. These approaches cannot deal well with imbalanced and unlabeled datasets. In this paper, we propose a hybrid unsupervised DL approach using the stack autoencoder and One-class Support Vector Machine (SAE-1SVM) for Distributed Denial of Service (DDoS) attack detection. The experimental results show that the proposed algorithm can achieve an average accuracy of 99.35 % with a small set of flow features. The SAE-1SVM shows that it can reduce the processing time significantly while maintaining a high detection rate. In summary, the SAE-1SVM can work well with imbalanced and unlabeled datasets and yield a high detection accuracy.