VISVESVARAYA TECHNOLOGICAL UNIVERSITY

“Jnana Sangama”, Belagavi-590018

Synopsis Report
on

“Detecting DDoS Attacks Through AI driven SDN Intrusion

Detection System”
Submitted in the partial fulfillment of the requirements for
the award of

BACHELOR OF ENGINEERING DEGREE

In
COMPUTER SCIENCE & ENGINEERING
Submitted by
PRIYADRASHAN H P 4AD21CS072
SUHAS P 4AD21CS099
VINAY M 4AD21CS113
VIVEK N P 4AD21CS115

Under the guidance of

Mr. Sandesh R
Assistant Professor
Department of CSE

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

ATME College of Engineering,

13th Kilometer, Mysore-Kanakapura-Bangalore Road
Mysore-570028
 ABSTRACT

Distributed Denial of Service (DDoS) attacks are one of the most persistent and disruptive
threats in modern network environments, often overwhelming systems with illegitimate traffic
and causing severe service outages. Traditional Intrusion Detection Systems (IDS) struggle to
cope with the evolving nature of these attacks, especially in dynamic and programmable network
architectures like Software-Defined Networking (SDN). To address this challenge, we present an
AI-driven SDN-based Intrusion Detection System designed to detect and mitigate DDoS attacks
in real-time.

Our approach leverages the Random Forest algorithm, Logistic Regression, Neural Network ,a
robust and widely-adopted ensemble learning technique, to analyze network traffic patterns and
identify potential DDoS attacks. By training the model on large datasets of normal and attack
traffic, the system learns to classify malicious traffic with high accuracy. The SDN controller
dynamically adjusts network configurations based on the detected threats, allowing for faster and
more efficient mitigation.

The proposed system’s performance is evaluated through key metrics, including accuracy,
precision, recall, and F1-score, demonstrating its effectiveness in minimizing false positives and
detecting attacks with high reliability. Additionally, the system offers insights into the key
features influencing detection, enhancing the transparency of the decision-making process.

By integrating AI techniques with the flexible architecture of SDN, this project aims to offer a
scalable and adaptive solution for safeguarding networks against DDoS attacks. Future work will
focus on optimizing the model’s performance and incorporating real-time feedback to
continuously improve the detection system.
 INTRODUCTION

PROBLEM STATEMENT:
Detecting DDoS Attacks Through AI driven SDN Intrusion Detection System

OBJECTIVE:
 To develop and compare the performance of three machine learning algorithms—
Random Forest, Logistic Regression, and Neural Networks—in detecting DDoS attacks
based on network traffic data.
 To select the algorithm with the highest detection accuracy and integrate it with the SDN
controller for real-time DDoS detection and mitigation.
 To ensure that the selected algorithm effectively balances detection accuracy, precision,
recall, and false positive rates, optimizing network security and reducing manual
intervention.
 To utilize the dynamic capabilities of SDN to adaptively respond to detected DDoS
attacks by reconfiguring the network traffic flow in real-time based on the selected AI
model.
 To provide detailed analysis on how each algorithm performs under different attack
scenarios, offering insights into their suitability for DDoS detection in SDN
environments.

AIM AND SCOPE

The primary aim of this project is to design and implement an AI-driven Intrusion Detection
System (IDS) that can accurately detect Distributed Denial of Service (DDoS) attacks within
Software-Defined Networking (SDN) environments. By leveraging machine learning
algorithms—Random Forest, Logistic Regression, and Neural Networks—the system will
identify malicious traffic patterns and provide real-time protection against DDoS attacks. The
algorithm with the highest accuracy will be integrated with the SDN controller to dynamically
mitigate detected threats, enhancing network security and reducing service disruptions.
SCOPE
Multi-Algorithm Evaluation: The project will develop and compare the effectiveness of three
machine learning algorithms—Random Forest, Logistic Regression, and Neural Networks—on
detecting DDoS attacks based on network traffic data. The comparison will focus on detection
accuracy, precision, recall, and false positive rates.
Integration with SDN: The algorithm with the best performance will be seamlessly integrated
with an SDN controller to enable real-time traffic monitoring and threat mitigation. This allows
the SDN to dynamically adjust network configurations in response to detected DDoS attacks,
improving network resilience.
Adaptability and Real-Time Detection: The project will utilize the flexibility and central
control features of SDN to ensure that the detection system can adapt to evolving DDoS attack
patterns, maintaining real-time detection capabilities under various attack scenarios.
Performance Evaluation: The system will be tested and evaluated under simulated and real-
world network conditions to ensure its reliability. Key performance metrics will include
accuracy, detection speed, and the system’s ability to handle high-traffic loads without
compromising detection quality.
Insights for Future Improvements: The project will provide insights into the most suitable
machine learning algorithms for DDoS detection in SDN environments, offering a foundation for
further research and system optimization. It will also explore the potential for extending the
system to detect other types of network attacks beyond DDoS.

EXISTING SYSTEM

In current network environments, traditional Intrusion Detection Systems (IDS) are widely
employed to detect and mitigate various types of cyberattacks, including Distributed Denial of
Service (DDoS) attacks. These systems primarily rely on signature-based detection methods,
which identify known attack patterns, or anomaly-based detection, which flags unusual traffic
behavior. However, existing systems exhibit several limitations:
 Static Nature: Traditional IDS are often static, lacking the ability to adapt to evolving
attack strategies. As DDoS attacks become more sophisticated, these systems may
struggle to recognize new patterns, leading to increased false negatives.
 Limited Scalability: Many existing systems are not designed to handle the scalability
demands of modern networks, especially in environments where traffic volumes can
surge dramatically during an attack. This limitation can result in performance bottlenecks
and delayed responses.
  High False Positive Rates: Many traditional IDS have high false positive rates,
triggering alerts for legitimate traffic fluctuations. This results in unnecessary alerts and
increased manual intervention from network administrators, diverting resources from
other critical tasks.
 Inadequate Real-Time Response: Existing systems often lack the capability for real-
time response and mitigation. When a DDoS attack is detected, the response may be
delayed, leading to extended downtime and service disruption for affected users.
 Insufficient Integration with SDN: While SDN technology offers advanced capabilities
for network management and control, most existing IDS solutions do not leverage SDN’s
dynamic nature. They fail to utilize SDN’s centralized control to automatically adjust
network configurations in response to detected threats.
 Limited Machine Learning Application: While some systems have begun
incorporating machine learning techniques, many do so without fully exploiting the
benefits of ensemble learning methods, which can provide more accurate and reliable
detection of complex attack patterns.

PROPOSED SYSTEM
The proposed system aims to develop an advanced AI-driven Intrusion Detection System (IDS)
tailored for detecting DDoS attacks in Software-Defined Networking (SDN) environments. This
system will leverage three machine learning algorithms Random Forest, Logistic Regression, and
Neural Networks—to enhance detection capabilities and mitigate the limitations of existing
systems. The key components and functionalities of the proposed system are outlined below:
 Multi-Algorithm Approach:
The system will implement and compare the performance of three distinct machine
learning algorithms: Random Forest, Logistic Regression, and Neural Networks. By
evaluating their detection capabilities based on network traffic data, the system aims to
identify the algorithm that offers the highest accuracy and reliability in detecting DDoS
attacks.
 Real-Time Detection and Mitigation:
The algorithm with the highest detection accuracy will be integrated with the SDN
controller. This integration will enable real-time monitoring and rapid response to
detected DDoS attacks. The system will automatically adjust network configurations,
 rerouting traffic or implementing filters to mitigate the effects of an ongoing attack, thus
minimizing service disruption.
 Dynamic Adaptability:
Utilizing the dynamic capabilities of SDN, the proposed system will continuously adapt
to changing network conditions and attack patterns. The AI model will analyze incoming
traffic in real time, allowing for quick adjustments to detection thresholds and mitigation
strategies based on the current threat landscape.
 Comprehensive Performance Evaluation:
The system will incorporate a robust evaluation framework to assess the performance of
each algorithm. Key performance metrics, including accuracy, precision, recall, and F1-
score, will be utilized to measure the effectiveness of the detection methods under various
attack scenarios. This evaluation will provide valuable insights into the strengths and
weaknesses of each algorithm.
 Feature Importance Analysis:
The proposed system will also include a feature importance analysis component, which
will identify the most relevant features contributing to DDoS detection. This analysis will
help network administrators understand critical traffic patterns and enhance their overall
security posture.
 User-Friendly Interface:
To facilitate ease of use, the system will feature a user-friendly interface that provides
visualizations of network traffic, detection alerts, and system performance metrics. This
interface will enable network administrators to monitor system operations effectively and
respond to threats as needed.
 Scalability and Future Enhancements:
The proposed system will be designed with scalability in mind, ensuring that it can
handle increasing network traffic loads as well as a growing number of devices in SDN
environments.
 LITERATURE SURVEY

1. Title: A Survey on DDoS Attack Detection Techniques in Cloud Computing

Author: A. A. Rahman et al.
Date: 2021
Summary: This paper provides a comprehensive survey of DDoS attack detection
techniques specifically within cloud computing environments. It categorizes detection
methods into signature-based, anomaly-based, and hybrid approaches. The authors
highlight the challenges posed by cloud architectures and emphasize the need for
scalable, efficient, and adaptive detection mechanisms. The study underscores the
potential of machine learning algorithms for enhancing detection accuracy and real-time
response to DDoS attacks.

2. Title: Machine Learning Approaches for DDoS Attack Detection: A Survey

Author: V. K. Jain and S. K. Sharma
Date: 2020
Summary: This survey reviews various machine learning techniques employed in the
detection of DDoS attacks. It discusses the advantages and limitations of different
algorithms, including Random Forest, Support Vector Machines, and Neural Networks.
The authors emphasize the importance of feature selection and dataset quality in
improving detection rates. The paper also outlines future research directions to enhance
the robustness of DDoS detection systems.

3. Title: A Survey on Intrusion Detection Systems in Software-Defined Networks

Author: F. F. Al-Habsi et al.
Date: 2020
Summary: This paper presents a survey of intrusion detection systems designed for
Software-Defined Networks (SDN). It discusses the unique security challenges posed by
the SDN architecture, including the centralization of control and the potential for new
attack vectors. The authors explore various detection techniques, including rule-based
and machine learning approaches, highlighting their effectiveness in real-time threat
detection and mitigation within SDN environments.
 4. Title: DDoS Detection and Mitigation in SDN: A Survey
Author: M. M. Khattak et al.
Date: 2020
Summary: This survey focuses specifically on DDoS detection and mitigation strategies
within Software-Defined Networking. The authors categorize existing methods into
traffic analysis, behavior-based detection, and hybrid approaches. They highlight the
advantages of using SDN's programmable features for rapid response to DDoS attacks.
The paper also reviews various machine learning models and their application in
enhancing DDoS detection rates within SDN.

5. Title: An Overview of Machine Learning Techniques for Network Intrusion Detection

Author: D. S. Dhanraj and R. K. Singh
Date: 2019
Summary: This paper provides an overview of machine learning techniques applied to
network intrusion detection, including DDoS attacks. It discusses the evolution of
traditional methods to contemporary machine learning approaches. The authors also
explore the integration of deep learning methods and their potential to improve detection
accuracy, suggesting that future systems should adopt a combination of multiple
algorithms for optimal performance.

SOFTWARE REQUIREMENTS:

• Jupyter Notebook
• PyCharm 2024.2.3
• Anaconda v2.4.0
• Mange Engine
• CISCO ACI Monitoring Tool

HARDWARE REQUIREMENTS:
 Windows 7 or higher
 I3 processor system or higher
 4 GB RAM or higher
 100 GB ROM or higher
 REFERENCES

1. IEEE Paper - P.-C. Tsou, J.-M. Chang, H.-C. Chao, and J.-L. Chen, “CBDS: A
cooperative bait detection scheme to prevent malicious node for MANET based on
hybrid defense architecture,” in Proc. 2nd Intl. Conf. Wireless Commun.,
VITAE, Chennai, India, Feb. 28–Mar., 03, 2011, pp. 1–5.
2. IEEE Paper - Cloud Storage and Retrieval - A user perspective ,Abhishek V Student,
dept. of MCA R.V. College of Engineering Bangalore, INDIA. Megha S N Student,
dept. of MCA R.R. College of Engineering Bangalore, INDIA
3. https://journals.sagepub.com/doi/full/10.1177/1550147717741463
4. https://onlinelibrary.wiley.com/doi/full/10.1002/eng2.12697?msockid=289fcc2ed0ef6185
349dd8a4d1426054
5. https://www.mdpi.com/2076-3417/13/5/3183
6. https://www.researchgate.net/publication/331240347_Systematic_literature_review_and_
taxonomy_for_DDoS_attack_detection_and_prediction

Signature of Guide Signature of Coordinator

Guide Name Name of Coordinator
Designation Designation