Abstract

Software-Defined Networking (SDN) offers flexibility, but introduces security challenges, particularly in detecting Distributed Denial of Service (DDoS) attacks. This study enhances DDoS anomaly detection in SDNs by integrating machine-learning (ML) algorithms. The efficacy of three models, namely, Support Vector Machine (SVM), Decision Tree (DT), and Knearest neighbor (KNN), was evaluated for classifying network traffic and predicting anomalies. A dataset of legitimate and illegitimate traffic patterns was created using Mininet, which is an SDN emulation tool. The models were trained on this dataset, leading to an improved accuracy. A comparative analysis reveals the strengths and weaknesses of each algorithm. The SVM model achieved 97.31% accuracy with a precision of 0.91, recall of 0.89, and F1-Score of 0.95. The DT model attained 99.28% accuracy with a precision of 0.97, recall of 0.96, and F1-Score of 0.97. The KNN model demonstrated 96.26% accuracy with a precision of 0.95, recall of 0.95, and F1-Score of 0.95. These findings highlight the effectiveness of ML for enhancing DDoS detection and improving SDN security.