A novel Distributed Denial of Service attack defense scheme for Software-Defined Networking using Packet-In message and domain

Software-Defined Networking (SDN) enhances network management by improving adaptability, flexibility, and scalability. However, its centralized controller is vulnerable to Distributed Denial of Service (DDoS) attacks that can disrupt network availability. This study introduces a novel real-time DDoS detection scheme integrated into the SDN controller. The scheme uses a twostep process to analyze Packet-In messages in both time and frequency domains. A time-series is generated by sampling the number of Packet-In messages at specific time intervals, which is compared against a predefined threshold. If exceeded, frequency domain analysis is applied to extract features, which are then used by Machine Learning (ML) algorithms to identify DDoS attacks. The scheme achieves 99.85% accuracy in distinguishing normal traffic from attack traffic, demonstrating its effectiveness in safeguarding SDN environments from DDoS threats.