Abstract

Software Defined Networks (SDN) provide rapid configuration, scalability, and management through a dynamic, programmable architecture that surpasses traditional network limitations. However, detecting Distributed Denial of Service (DDoS) attacks remains challenging, threatening both traditional and SDN-based networks. Machine Learning (ML) and Deep Learning (DL) technologies in conjunction with SDN have shown significant potential in effectively countering these threats. Prior studies primarily addressed high-rate DDoS attacks, neglecting low-rate DDoS attacks that resemble legitimate traffic, and often using outdated datasets. While researchers employ various offline learning algorithms to identify DDoS attacks, online learning classifiers remain underexplored. Our goal is to offer an intrusion detection model tailored to SDN networks, using the online passive-aggressive classifier. The proposed model achieves a 99.7% average detection rate for normal vs. DDoS network traffic, outperforming similar models on multiple datasets, including (CICDDoS2019, and InSDN. slow-read-DDoS), effectively detecting and mitigating DDoS attacks.