DDoS Attacks Detection in SDN Using Multi-feature Selection Approach and LLMs
摘要
Software-defined networking (SDN) revolutionizes network management by decoupling control and data planes, enabling centralized control and dynamic policy enforcement. However, this centralized architecture introduces security vulnerabilities, making SDN controllers a prime target for Distributed Denial-of-Service (DDoS) attacks. These attacks flood the controller with malicious traffic, exhausting resources and causing network disruptions. To improve the accuracy of DDoS detection, the research work employed three distinct feature selection approaches: SelectKBest, ANOVA (Analysis of Variance) F-value scoring, and feature significance evaluation using RFC (Random Forest Classifier). These methods were utilized to determine the 10 most significant features from an initial set of 83. This refinement process enhances model performance by minimizing computational overhead while ensuring that critical attack-related features are preserved. This model proposes an LLM-based (Large Language Model) approach for DDoS detection in SDN, utilizing BERT (Bidirectional Encoder Representations from Transformers), RoBERTa (Robustly Optimized BERT Pretraining Approach), and F-Net (Fourier Transform-based Neural Network). These models leverage contextual learning and adaptive reasoning to detect threats with minimal training data. The effectiveness of the proposed approach was analyzed using the InSDN dataset and a network-emulated dataset from Mininet. Experimental results demonstrate that F-Net outperforms BERT and RoBERTa, achieving 99% accuracy on the InSDN dataset and 99.33% on real-time emulated traffic using Mininet. These findings underscore the effectiveness of LLMs in fortifying SDN security, offering a robust and scalable solution to mitigate evolving cyber threats.