ML-based TCP SYN Attack Detection and Mitigation in SDN Environment
Hussain Ali, University of Engineering and Technology, Taxila, Pakistan.
Farrukh Zeeshan Khan, University of Engineering and Technology, Taxila, Pakistan.
Ayesha Sabir, University of Engineering and Technology, Taxila, Pakistan.
Corresponding Author:
Hussain Ali (hussainkhushi601@gmail.com)
Abstract:
Software-Defined Networking (SDN) architecture has emerged in response to limitations of traditional networking architectures in satisfying today’s complex networking needs. Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today’s Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. TCP SYN flood attacks create problems in networking by exploiting the TCP handshake process to exhaust server resources, leading to service degradation or outage, network congestion, and negative business impacts. Machine learning approaches offer a powerful and flexible solution for detecting TCP SYN DDoS attacks by analyzing network traffic data, identifying anomalous patterns, and distinguishing between benign and malicious activity in real-time. In this work, we present a machine learning-based approach for TCP SYN attack detection and mitigation in SDN environment. Our methodology applies machine learning techniques to identify anomalous SYN packet behavior by examining network traffic patterns and using the Random Forest Classifier and Artificial Neural Network (ANN) algorithms. Through the integration of our detection system into the SDN controller Mininet VM, we enable prompt response and mitigation of detected risks through dynamic reconfiguration of network rules. We evaluate the effectiveness and accuracy of 99.43% & 99.66% of our algorithms using simulated experiments, and we demonstrate that it can efficiently detect and neutralize TCP SYN assaults while reducing false positives.
Keywords:
Machine Learning; TCP; Syn Attack Detection; Mitigation; Software Defined Networking (SDN).