DDoS Attack Detection Based on RBFNN in SDN

  • Jingmei Li
  • Mengqi ZhangEmail author
  • Jiaxiang Wang
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 279)


SDN is a new network architecture with centralized control. By analyzing the traffic characteristics of DDoS attack, and using the SDN controller to collect the traffic in the network, the important characteristics such as the IP address entropy ratio and the port entropy ratio related to the attack are extracted. According to the analysis of relevant eigenvalues, the RBFNN algorithm is used to classify the training samples to detect DDoS attacks. Finally, the SDN environment and DDoS attacks are simulated under Ubuntu, and the RBFNN algorithm detection model is deployed in the SDN controller. Compared with BPNN algorithm and Naive Bayes algorithm, it is proved that the algorithm performs DDoS attack detection with high recognition rate in a short time.





This work was supported by National Key Research and Development Plan of China (No 2016YFB0801004).


  1. 1.
    Santanna, J.J., van Rijswijk-Deij, R., Hofstede, R., et al.: Booters—an analysis of DDoS-as-a-service attacks. In: IFIP/IEEE International Symposium on Integrated Network Management, pp. 243–251. IEEE (2017)Google Scholar
  2. 2.
    Dixit, A., Hao, F., Mukherjee, S., et al.: ElastiCon; an elastic distributed SDN controller. Comput. Commun. Rev. 43(4), 7–12 (2017)CrossRefGoogle Scholar
  3. 3.
    Cohen, R., Lewin-Eytan, L., Naor, J.S., Raz, D.: On the effect of forwarding table size on SDN network utilization. In: Proceedings of the 33rd IEEE International Conference on Computer Communications, pp.1734–1742 (2014)Google Scholar
  4. 4.
    Wang, X., Zhuang, L., Hu, Y., et al.: DDoS attack detection based on BPNN in software defined networks. J. Comput. Appl. (2018)Google Scholar
  5. 5.
    Fu, X., Junqing, M., Xunsong, H., et al.: DDoS attack detection based on KNN in software defined networks. J. Nanjing Univ. Posts Telecommun. (Nat. Sci. Ed.) 35(1), 84–88 (2015)Google Scholar
  6. 6.
    Shu, Y., Mei, M., Huang, W., et al.: Study on DDoS attack detection based on conditional entropy in SDN environment. Wirel. Internet Technol. 5, 75–76 (2016)Google Scholar
  7. 7.
    Han, Z.: An entropy-based detection of DDoS attacks in SDN. Inf. Technol. 1, 63–66 (2017)Google Scholar
  8. 8.
    Jia, W., Zhao, D., Ding, L.: An optimized RBF neural network algorithm based on partial least squares and genetic algorithm for classification of small sample. Appl. Soft Comput. 48, 373–384 (2016)CrossRefGoogle Scholar
  9. 9.
    Yan, Q., Yu, F.R., Gong, Q., et al.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016)CrossRefGoogle Scholar
  10. 10.
    Sahi, A., Lai, D., Li, Y., et al.: An efficient DDoS TCP flood attack detection and prevention system in a cloud environment. IEEE Access PP(99), 1 (2017)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  1. 1.Harbin Engineering UniversityNangtongChina

Personalised recommendations