CFP last date
20 June 2024
Reseach Article

Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model

by Abdul-wadud Alhasan, Sonjie Wei
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 175 - Number 39
Year of Publication: 2020
Authors: Abdul-wadud Alhasan, Sonjie Wei

Abdul-wadud Alhasan, Sonjie Wei . Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model. International Journal of Computer Applications. 175, 39 ( Dec 2020), 33-41. DOI=10.5120/ijca2020920961

@article{ 10.5120/ijca2020920961,
author = { Abdul-wadud Alhasan, Sonjie Wei },
title = { Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2020 },
volume = { 175 },
number = { 39 },
month = { Dec },
year = { 2020 },
issn = { 0975-8887 },
pages = { 33-41 },
numpages = {9},
url = { },
doi = { 10.5120/ijca2020920961 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
%0 Journal Article
%1 2024-02-07T00:40:42.977771+05:30
%A Abdul-wadud Alhasan
%A Sonjie Wei
%T Predicting DDoS Anomaly Patterns in SDN Controller using Hidden Markov Model
%J International Journal of Computer Applications
%@ 0975-8887
%V 175
%N 39
%P 33-41
%D 2020
%I Foundation of Computer Science (FCS), NY, USA

The introduction of Software Defined Networking (SDN) as a panacea to the global demand for a more secure and highly dependable internet infrastructure has also brought along security issues. The adoption of OpenFlow Protocol (OFP) by SDN as the way of communication between controllers and switches, has not only brought about easy and direct manipulation of data for enhanced packet forwarding policies, but also renders the network vulnerable to security issues (DDoS attacks) since the OpenFlow (OF) switch has to ask the controller to install new rules for any new incoming packet. In this work, the capability of SDN in handling security threats that arise from the above vulnerability is proven. This work seeks to design and implement a DDoS detection model that uses Hidden Markov Model (HMM) for detecting abnormal traffic (OpenFlow flooding attacks) directed towards the SDN controller aimed at destabilizing the flow of normal network traffic among users in a software-defined networking environment. The experiment achieved an accuracy of 94.3% in classifying network traffic with 5.7% false positive rate. The feasibility of this approach is proven by building a test scenario to simulate the approach with POX controller and OpenFlow switches.

  1. F. Mattern and C. Floerkemeier, “From the internet of computers to the internet of things,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2010, vol. 6462 LNCS, pp. 242–259, doi: 10.1007/978-3-642-17226-7_15.
  2. Z. Wan, “Cloud Computing infrastructure for latency sensitive applications,” in International Conference on Communication Technology Proceedings, ICCT, 2010, pp. 1399–1402, doi: 10.1109/ICCT.2010.5689022.
  3. D. K. Bhattacharyya and J. K. Kalita, Network Anomaly Detection. 2013.
  4. Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys and Tutorials, vol. 18, no. 1. Institute of Electrical and Electronics Engineers Inc., pp. 602–622, Jan. 01, 2016, doi: 10.1109/COMST.2015.2487361.
  5. M. Suh, S. H. Park, B. Lee, and S. Yang, “Building firewall over the software-defined network controller,” in International Conference on Advanced Communication Technology, ICACT, 2014, pp. 744–748, doi: 10.1109/ICACT.2014.6779061.
  6. D. Kreutz, F. M. V. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in HotSDN 2013 - Proceedings of the 2013 ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 55–60, doi: 10.1145/2491185.2491199.
  7. R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proceedings - Conference on Local Computer Networks, LCN, 2010, pp. 408–415, doi: 10.1109/LCN.2010.5735752.
  8. S. Shin, S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks,” Accessed: Apr. 20, 2020. [Online]. Available:
  9. S. Shin et al., “Rosemary: A Robust, Secure, and High-Performance Network Operating System,” Accessed: Apr. 20, 2020. [Online]. Available:
  10. Z. Fan, Y. Xiao, A. Nayak, and C. Tan, “An improved network security situation assessment approach in software defined networks,” Peer-to-Peer Netw. Appl., vol. 12, no. 2, pp. 295–309, Mar. 2019, doi: 10.1007/s12083-017-0604-2.
  11. R. Mohammadi, R. Javidan, and M. Conti, “SLICOTS: An SDN-based lightweight countermeasure for TCP SYN flooding attacks,” IEEE Trans. Netw. Serv. Manag., vol. 14, no. 2, pp. 487–497, Jun. 2017, doi: 10.1109/TNSM.2017.2701549.
  12. L. R. Rabiner, “A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition,” Proc. IEEE, vol. 77, no. 2, pp. 257–286, 1989, doi: 10.1109/5.18626.
  13. “Weka tutorial: machine learning & data mining.” (accessed May 17, 2020).
  14. R. Swami, M. Dave, and V. Ranga, “Software-defined Networking-based DDoS Defense Mechanisms,” ACM Comput. Surv., vol. 52, no. 2, pp. 1–36, May 2019, doi: 10.1145/3301614.
  15. D. K. Bhattacharyya, Network anomaly detection?: a machine learning perspective. 2013.
Index Terms

Computer Science
Information Sciences


OpenFlow Mininet OpenFlow (OF) SDN Hidden Markov Model (HMM)