Published: 5 March 2024| Version 1 | DOI: 10.17632/8rngxmn7dz.1


The study "DDoS-SDN-Tree-MultiClass" embarks on an advanced exploration into the realm of Distributed Denial of Service (DDoS) attack detection and categorization within Software-Defined Networking (SDN) landscapes, honing in on Tree topology structures. This investigation elevates the analytical depth by not merely differentiating between normal and malicious traffic but by further discerning the intensity of DDoS attacks, classifying them as either "weak" or "strong." The classification schema is meticulously designed, with traffic categorized into three distinct labels: Normal (Label = 0), DDoS Attack Weak (Label = 1), and DDoS Attack Strong (Label = 2), thereby enabling a nuanced understanding of attack dynamics and their implications. The research framework is adeptly aligned with the operational nuances of the Mininet emulator, tailored for SDN scenarios, and encompasses comprehensive descriptors of network behavior including packet rates, sizes, and types, alongside flow quantities and protocol specifics. This structured approach not only facilitates the application of supervised learning methodologies but also underscores the study's commitment to a detailed investigational analysis. Significantly, this work shines a spotlight on 35 pivotal network vulnerabilities, establishing a robust foundation for the identification of DDoS threats, thus serving as an invaluable resource for cybersecurity professionals and researchers striving to reinforce SDN configurations against such vulnerabilities.


Steps to reproduce

HPING3 ping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It is useful to script network tests. Here's how you can install it in a Mininet environment. Since Mininet typically runs on a Ubuntu-based system, you'd use the apt package manager. 1. First, you'll want to update the package lists for upgrades and new package installations: sudo apt-get update 2. Then, you can install hping3: sudo apt-get install hping3 This should install hping3 for you to use within your Mininet environment. Once installed, you can use hping3 within your network. For example, you can use hping3 to perform a simple ping of one host to another. Assuming you have two hosts, h1 and h2, with h2 having an IP address of, you could use the following command in Mininet: Attack code: ICMP (ping )flood h3x2 hping3 h3x1 -1 -V -d 120 -w 64 --flood -c 500 This command instructs hping3 within Mininet to send packets from host h3x2 to host h3x1. Here's the breakdown: • h3x2 hping3 h3x1: This command is running hping3 from host h3x2 to host h3x1. • -1: This flag specifies the use of ICMP (Internet Control Message Protocol) packets. The -1 in hping3 sets the protocol to ICMP. • -V: This enables verbose mode, providing additional information about the packets being sent and received. • -d 120: This sets the data size of the packets to 120 bytes. Each packet will contain 120 bytes of data. • -w 64: This flag is intended to set the TCP window size to 64. However, as the packets being sent are ICMP, which doesn't use window sizes for flow control, this option will not have any effect. • --flood: This flag is used to send packets as quickly as possible, flooding the target. The --flood option in hping3 will send packets as fast as the system allows, not waiting for responses. • -c 500: This will send a total of 500 packets. Once 500 packets have been sent, hping3 will stop sending more packets...


University of Kufa


Machine Learning, Support Vector Machine, Database Security, Decision Tree, Naive Theory, Multinomial Logistic Regression, Deep Learning, Random Decision Forest, Software-Defined Networking, k-Nearest Neighbors Algorithm, Extreme Gradient Boosting