DDoS detection method based on Gini impurity and random forest in SDN environment

• Published in: 2021 International Conference on Security, Pattern Analysis, and Cybernetics（SPAC pp. 601 - 606
• Main Authors: Tan, Junyuan, Jing, Shan, Guo, Lei, Xiao, Bin
• Format: Conference Proceeding
• Language: English
• Published: IEEE 18.06.2021
• Subjects: attack detection; Classification algorithms; Denial-of-service attack; distributed denial of service attack; gini impurity; Impurities; IP networks; Machine learning algorithms; random forest; Security; Software algorithms; software defined network
• DOI: 10.1109/SPAC53836.2021.9539920

The software-defined network architecture separates the control layer from the data layer in the network and improves the degree of network resource pooling. However, this centralized management and control also brings security risks to the SDN architecture. Distributed denial of service (DDoS) attacks are one of the most dangerous attacks faced by the SDN architecture. Aiming at the detection of DDoS attacks under the SDN architecture, this paper proposes a DDoS attack detection method combining the trigger module based on Gini impurity and the detection module based on random forest. First, the Gini impurity of the source IP and destination IP of the data packets are analyzed. Identify anomalies and trigger detection, and then use the random forest algorithm to further classify the flow. The experimental data shows that the trigger module of this method has good detection effect, and the detection rate, accuracy and false alarm rate of the detection module for DDoS attacks are better than the support vector machine algorithm and decision tree algorithm.