Deep Learning Approach for Classifying DDoS Attack Traffic in SDN Environments

This paper introduces a novel, deep knowledge-based approach for classifying Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) environments. While SDN’s centralized architecture enhances programmability and control, it also increases vulnerability to advanced cyber-attacks. DDoS assaults, including SYN, UDP, and ICMP floods, pose significant risks by overloading network capacity and disrupting normal operations. The proposed method uses deep learning to distinguish legitimate traffic from malicious activities, leveraging key traffic flow features such as flow duration, packet size, protocol type, and byte counts. A neural network classifier analyzes this data to identify complex patterns and behaviors associated with DDoS attacks. The model’s performance was evaluated using the CICIDS 2024 dataset, which simulates real-world DDoS scenarios. Results demonstrate superior performance compared to traditional machine learning techniques, achieving high accuracy, precision, recall, and F1 scores. The model also exhibits robustness against imbalanced datasets, minimizing false positives and maximizing detection rates. This approach enhances the speed and accuracy of DDoS detection in SDN systems and provides a foundation for future research into advanced deep learning models for real-time network defense and mitigation strategies. By improving detection capabilities and resilience, the method supports the development of more secure SDN environments.