Skip to content

SDN-DDoS-Monitor: A simple machine learning tool for detecting botnet attacks

Notifications You must be signed in to change notification settings

felipealencar/sdn-ddos-monitor

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The SDN-DDoS-Monitor

SDN-DDoS-Monitor is an application developed by Felipe A. Lopes (fal3@cin.ufpe.br) in the scope of the P4Sec project, which is carried out as a joint collaboration between UC San Diego, CAIDA, and Texas A&M University (USA), and INF/UFRGS, UnB, and UFPE (Brazil). This application uses the K-means algorithm to perform the detection of DDoS attacks in an SDN network.

K-means algorithm and DDoS detection

The k-means clustering algorithm is a method of vector quantization, originally from signal processing, that is popular for cluster analysis in data mining. It aims to partition n observations into k clusters in which each observation belongs to the cluster with the nearest mean, serving as a prototype of the cluster.

We use such an approach to detect abnormal traffic generated by the BoNeSi - the DDoS Botnet Simulator (https://github.com/Markus-Go/bonesi).

Repository

In this repository, you will find the scripts, topologies, and Ryu applications used to generate synthetic traffic and to obtain an input dataset used in a K-means algorithm.

Dataset

The generated data is present at the dataset folder. We generated two synthetic data:

TODO.

Installation

TODO.

Requirements

TODO.

About

SDN-DDoS-Monitor: A simple machine learning tool for detecting botnet attacks

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published