SDN-DDoS-Monitor is an application developed by Felipe A. Lopes (fal3@cin.ufpe.br) in the scope of the P4Sec project, which is carried out as a joint collaboration between UC San Diego, CAIDA, and Texas A&M University (USA), and INF/UFRGS, UnB, and UFPE (Brazil). This application uses the K-means algorithm to perform the detection of DDoS attacks in an SDN network.
The k-means clustering algorithm is a method of vector quantization, originally from signal processing, that is popular for cluster analysis in data mining. It aims to partition n observations into k clusters in which each observation belongs to the cluster with the nearest mean, serving as a prototype of the cluster.
We use such an approach to detect abnormal traffic generated by the BoNeSi - the DDoS Botnet Simulator (https://github.com/Markus-Go/bonesi).
In this repository, you will find the scripts, topologies, and Ryu applications used to generate synthetic traffic and to obtain an input dataset used in a K-means algorithm.
The generated data is present at the dataset folder. We generated two synthetic data:
TODO.
TODO.
TODO.