Distributed denial of service attacks detection for software defined networks based on evolutionary decision tree model

Hasan Kamel, Mahmood Zaki Abdullah


The software defined networks (SDN) system has modern techniques in networking, it separates the forwarding plane from the control plane and works to collect control functions in a central unit (controller), and this separation process leads to many advantages, such as cost reduction and programming ability. Concurrently, because of its centralized architecture, it is prone to a variety of attacks. Distributed denial of service (DDoS) attack has a significant impact on SDN, it is characterized by its ability to consume network resources as well as its ability to turn off the entire network. The work in this study aims to improve and increase the security and robustness of SDN systems against the attack or intrusion, by using a machine learning model to detect attack traffic and classify traffic of SDN as (attack or normal), and optimization algorithm (genetic algorithm) for improving the accuracy of the classification. After preparing and preprocessing the dataset, we used the genetic algorithm (GA) to optimize the hyperparameters of the decision tree (DT) model, and the proposed evolutionary decision tree (EDT) model was used to classify traffic into normal and attack traffic. The results indicate that the suggested model achieved a high classification accuracy of 99.46.


Distributed denial of service attacks; Evolutionary decision tree; Genetic algorithm; Machine learning; Software defined networks

Full Text:


DOI: https://doi.org/10.11591/eei.v11i4.3835


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Bulletin of EEI Stats