DDOS ATTACK DETECTION IN SOFTWARE DEFINED INTERNET OF THINGS USING UNSUPERVISED LEARNING APPROACH
Keywords:SD-IoT, IDS, Controller, Ryu, DDoS Attack.
Both the area of software-defined networking (SDN) and that of the Internet of Things (IoT) are on the rise because of the convenience they provide to device management via simplified data access. In the same way that software-defined networking (SDN) makes it possible to employ a wide variety of devices for network management, the Internet of Things (IoT) makes it possible to collect data in a wide variety of real-time settings. When users put the two together, they have a setup where a number of devices may be utilised remotely and controlled from one location. Consequently, several attacks on the SD-IoT controller have arisen since its introduction. One such attack is a distributed denial-of-service (DDoS) attack, which prevents the server from responding to valid requests. To counteract DDoS attacks, this study provides a comprehensive strategy for creating datasets, training models, and deploying them to the controller of SD-IoT. Several popular unsupervised classifiers have been trained on the newly created dataset. These include KMeans, MeanShift, Density-Based Spatial Clustering of Applications with Noise (DBSCAN), AgglomerativeClustering, Balanced Iterative Reducing and Clustering using Hierarchies (BIRCH), MiniBatchKMeans, Ordering Points To Identify Cluster Structure (OPTICS), and SpectralClustering. Silhouette Score (SS), Calinski Harabasz Index (CHI), and Davies Bouldin Index (DBI) have been used to assess their effectiveness. The OPTICS classifier has been implemented in the SD-IoT controller because of its superior performance. It is found that OPTICS classifier is outperforming other classifiers, so it has been deployed in the controller of the SD-IoT