sdn-ddos-monitor
sdn-ddos-monitor copied to clipboard
SDN-DDoS-Monitor: A simple machine learning tool for detecting botnet attacks
The SDN-DDoS-Monitor
SDN-DDoS-Monitor is an application developed by Felipe A. Lopes ([email protected]) in the scope of the P4Sec project, which is carried out as a joint collaboration between UC San Diego, CAIDA, and Texas A&M University (USA), and INF/UFRGS, UnB, and UFPE (Brazil). This application uses the K-means algorithm to perform the detection of DDoS attacks in an SDN network.
K-means algorithm and DDoS detection
The k-means clustering algorithm is a method of vector quantization, originally from signal processing, that is popular for cluster analysis in data mining. It aims to partition n observations into k clusters in which each observation belongs to the cluster with the nearest mean, serving as a prototype of the cluster.
We use such an approach to detect abnormal traffic generated by the BoNeSi - the DDoS Botnet Simulator (https://github.com/Markus-Go/bonesi).
Repository
In this repository, you will find the scripts, topologies, and Ryu applications used to generate synthetic traffic and to obtain an input dataset used in a K-means algorithm.
Dataset
The generated data is present at the dataset folder. We generated two synthetic data:
TODO.
Installation
TODO.
Requirements
TODO.