Design a Robust DDoS Attack Detection and Mitigation Scheme in SDN-Edge-IoT by Leveraging Machine Learning

The Internet of Things (IoT) has rapidly expanded, providing significant benefits across various fields. However, the complexity of IoT networks, with their resource-constrained devices, presents substantial security challenges, particularly Distributed Denial of Service (DDoS) attacks. Integrating Software Defined Networking (SDN) with IoT has emerged as a promising solution to enhance security. Despite this, DDoS attacks through IoT botnets remain a significant threat. Existing studies on DDoS detection in SDN-IoT networks often suffer from inefficient detection accuracy due to poor algorithm design and latency issues arising from deploying models in the control plane. This study aims to improve DDoS detection accuracy by training a robust Machine Learning (ML) model using effective hyper-parameter tuning and Cross-Validation (CV) techniques. To mitigate latency issues, we deploy the model at the edge of the SDN-IoT network, enforcing mitigation rules through the SDN controller. We evaluated four popular classifiers (K-Nearest Neighbor (K-NN), Random Forest (RF), eXtreme Gradient Boosting (XGBoost), and FeedForward Neural Network (FFNN)) on benchmark datasets CICIDS2017 and Edge-IIoTset, conducting both binary and multi-class classifications. Our implementation using the Mininet-WiFi emulation tool revealed that XGBoost outperformed others in binary DDoS detection, achieving accuracy, precision, recall, and F1-score all above 99.997%, with a testing time of 3.559 seconds on the Edge-IIoTset dataset. Compared to recent studies, the proposed approach demonstrates XGBoost’s clear superiority. Consequently, XGBoost was deployed at the edge of the SDN-IoT for live traffic classification, showing improved performance by classifying live traffic within 3.946 ms and using only 8.80% of memory with a 0.5-second window size.