Customizable DDoS attack data generation in SDN environments for enhanced machine learning detection models.

Abstract

Distributed Denial of Service (DDoS) attacks are a critical threat to the security and reliability of Software-Defined Networking (SDN) environments. Existing datasets for training machine learning (ML) models, such as KDDCup '99 and CICIDS 2017, are either outdated or fail to capture SDN-specific characteristics, limiting their effectiveness in detecting modern DDoS attacks. This paper proposes a framework for generating a comprehensive, SDN-specific dataset using a virtual environment that integrates Mininet, the Ryu controller, and Python-based automation. The dataset incorporates advanced flow-level metrics, including SYN counts, queue lengths, and real-time traffic dynamics, reflecting contemporary attack scenarios such as ICMP floods, TCP SYN floods, and UDP floods. By addressing the limitations of traditional datasets, this custom dataset enhances ML model training for DDoS detection in SDN environments, providing improved accuracy and adaptability. Contributions include a scalable SDN-based dataset generation framework, enriched feature sets for ML training, and a comprehensive approach to capturing both legitimate and malicious traffic dynamics. This study highlights the potential of SDN programmability in advancing security research and offers a robust tool for the development of reliable DDoS detection mechanisms.