Hybrid Approach for Detection and Mitigation of DDoS Attacks Using Multi-feature Selection, Unsupervised Learning, and Game Theory
DOI:
https://doi.org/10.26636/jtit.2025.4.2261Keywords:
agglomerative clustering, DDoS attacks, game theory, SDN, unsupervised learningAbstract
Software-defined networking (SDN) is now widely used in modern network infrastructures, but its centralized control design makes it vulnerable to distributed denial of service (DDoS) attacks targeting the SDN controller. These attacks are capable of disrupting the operation of the network and reducing its availability for genuine users. Existing detection and mitigation methods often suffer from numerous drawbacks, such as high computational costs and frequent false alarms, especially with standard machine learning or basic unsupervised approaches. To address these issues, a new framework is proposed that relies on multistep feature selection methods, including SelectKBest, ANOVA-F, and random forest to select the most important network features, to detect anomalies in an unsupervised manner using agglomerative clustering in order identify suspicious hosts, and to mitigate adverse impacts by relying on posterior probability and game theory. An evaluation conducted using benchmark datasets and validated through Mininet emulation demonstrates that the approach achieves better performance with silhouette scores of 0.86 for InSDN and 0.95 for Mininet. The framework efficiently computes reputation scores to distinguish malicious hosts, thus enabling to rely on adaptive defense against evolving attack patterns while maintaining minimal computational overhead.
Downloads
References
[1] A.K. Jain, H. Shukla, and D. Goel, "A Comprehensive Survey on DDoS Detection, Mitigation, and Defense Strategies in Software-defined Networks", Cluster Computing, vol. 27, pp. 13129-13164, 2024. DOI: https://doi.org/10.1007/s10586-024-04596-z
View in Google Scholar
[2] A.A. Bahashwan et al., "A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-defined Networking", Sensors, vol. 23, art. no. 4441, 2023. DOI: https://doi.org/10.3390/s23094441
View in Google Scholar
[3] M. Shakil et al., "A Novel Dynamic Framework to Detect DDoS in SDN Using Metaheuristic Clustering", Transactions on Emerging Telecommunications Technologies, vol. 33, art. no. e3622, 2022. DOI: https://doi.org/10.1002/ett.3622
View in Google Scholar
[4] M.A. Aladaileh et al., "Effectiveness of an Entropy-based Approach for Detecting Low- and High-rate DDoS Attacks Against the SDN Controller: Experimental Analysis", Applied Sciences, vol. 13, art. no. 775, 2023. DOI: https://doi.org/10.3390/app13020775
View in Google Scholar
[5] M.N. Jasim and M.T. Gaata, "K-means Clustering-based Semi-supervised for DDoS Attacks Classification", Bulletin of Electrical Engineering and Informatics, vol. 11, pp. 3570-3576, 2022. DOI: https://doi.org/10.11591/eei.v11i6.4353
View in Google Scholar
[6] T. Chakraborty, S. Mitra, and S. Mittal, "CAPoW: Context-aware AI-assisted Proof of Work Based DDoS Defense", Proc. of the 20th International Conference on Security and Cryptography (SECRYPT), vol. 1, pp. 62-72, 2023. DOI: https://doi.org/10.5220/0012069000003555
View in Google Scholar
[7] T. Chakraborty, S. Mitra, and S. Mittal, and M. Young, "AI_Adaptive_POW: An AI Assisted Proof of Work (POW) Framework for DDoS Defense", Software Impacts, vol. 13, art. no. 100335, 2022. DOI: https://doi.org/10.1016/j.simpa.2022.100335
View in Google Scholar
[8] A. Chowdhary, S. Pisharody, A. Alshamrani, and D. Huang, "Dynamic Game-based Security Framework in SDN-enabled Cloud Networking Environments", Proc. of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 53-58, 2017. DOI: https://doi.org/10.1145/3040992.3040998
View in Google Scholar
[9] Y. Zhou et al., "Cost-effective Dynamic Shuffling for Mitigating DDoS Attacks Using Moving Target Defense", Proc. of 6th ACM Workshop on Moving Target Defense (MTD’19), pp. 57-66, 2019. DOI: https://doi.org/10.1145/3338468.3356824
View in Google Scholar
[10] M.V.O. De Assis, A.H. Hamamoto, T. Abrão, and M.L. Proença Jr., "A Game Theoretical Based System Using Holt-winters and Genetic Algorithm With Fuzzy Logic for DoS/DDoS Mitigation on SDN Networks", IEEE Access, vol. 5, pp. 9485-9496, 2017. DOI: https://doi.org/10.1109/ACCESS.2017.2702341
View in Google Scholar
[11] Q. He et al., "A Game-theoretical Approach for Mitigating Edge DDoS Attacks", IEEE Transactions on Dependable and Secure Computing, vol. 19, pp. 2333-2348, 2022. DOI: https://doi.org/10.1109/TDSC.2021.3055559
View in Google Scholar
[12] M. Priyadarsini, P. Bera, S.K. Das, and M.A. Rahman, "A Security Enforcement Framework for SDN Controller Using Game Theoretic Approach", IEEE Transactions on Dependable and Secure Computing, vol. 20, pp. 1500-1515, 2023. DOI: https://doi.org/10.1109/TDSC.2022.3158690
View in Google Scholar
[13] P. Gulihar and B.B. Gupta, "Anomaly-based Mitigation of Volumetric DDoS Attack Using Client Puzzle as Proof-of-Work", 3rd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), Bangalore, India, 2018. DOI: https://doi.org/10.1109/RTEICT42901.2018.9012127
View in Google Scholar
[14] E. Okewu, S. Misra, U. Diala, and E.B. Fernandez, "Anti-DDoS Firewall: A Zero-sum Mitigation Game Model for Distributed Denial of Service Attack Using Linear Programming", 4th IEEE International Conference on Knowledge-Based Engineering and Innovation (KBEI), Tehran, Iran, 2017.
View in Google Scholar
[15] C. Guo, S. Wang, X. Rong, and X. Tao, "Game-theoretic Modeling of Hybrid Defense Strategies Against DRDoS Traffic in 5G Networks", IEEE International Conference on Communications (ICC), Denver, USA, 2024. DOI: https://doi.org/10.1109/ICC51166.2024.10622381
View in Google Scholar
[16] K.-Y. Sung and S.-W. Hsiao, "Mitigating DDoS with PoW and Game Theory", 2019 IEEE International Conference on Big Data (Big Data), Los Angeles, USA, 2019. DOI: https://doi.org/10.1109/BigData47090.2019.9006081
View in Google Scholar
[17] P. Cotae and R. Rabie, "On a Game Theoretic Approach to Detect the Low-rate Denial of Service Attacks", 2018 International Conference on Communications (COMM), Bucharest, Romania, 2019. DOI: https://doi.org/10.1109/ICComm.2018.8484775
View in Google Scholar
[18] Z. Li, B. Yang, X. Zhang, and C. Guo, "DDoS Defense Method in Software-defined Space-air-ground Network from Dynamic Bayesian Game Perspective", Security and Communication Networks, vol. 2022, art. no. 1886516, 2022. DOI: https://doi.org/10.1155/2022/1886516
View in Google Scholar
[19] I. Sharafaldin, A.H. Lashkari, and A.A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization", Proc. of the International Conference on Information Systems Security and Privacy (ICISSP), pp. 108-116, 2019. DOI: https://doi.org/10.5220/0006639801080116
View in Google Scholar
[20] M.S. Elsayed, N.-A. Le-Khac, and A.D. Jurcut, "InSDN: A Novel SDN Intrusion Dataset", IEEE Access, vol. 8, pp. 165263-165284 2020,. DOI: https://doi.org/10.1109/ACCESS.2020.3022633
View in Google Scholar
[21] E.C.P. Neto et al., "CICIoT2023: A Real-time Dataset and Benchmark for Large-scale Attacks in IoT Environment", Sensors, vol. 23, art. no. 5941, 2023. DOI: https://doi.org/10.3390/s23135941
View in Google Scholar
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Amit Kachavimath, Narayan D.G.
This work is licensed under a Creative Commons Attribution 4.0 International License.
