Published: 9 October 2023| Version 1 | DOI: 10.17632/x6vr3sdm75.1


The dataset is made up of 12 features of normal and malicious UDP, ICMP, and TCP traffic from an SDN-emulated network. The features were extracted and computed from the Switch statistics. The dataset can be used for Traffic classification and DDOS attack detection in SDN using various machine learning, neural network, and statistical-based approaches.


Steps to reproduce

First, the Mininet was used to setup the SDN environment and create network topologies and the RYU Controller was connected to multiple switches. Three different topologies was utilized. After starting the network topologies, the next step is to Launch the traffic. The attack traffic using Hping3, while normal traffic is done using Iperf and the ping tool. TCP, UDP, and ICMP are the three types of traffic launched for both malicious and normal traffic, respectively. After the traffic is generated, a statistics request is sent to the switch via the SDN Controller using OFPFLOWSTATREQUEST handler, and a response is received using the OFPFLOWSTATREPLY handler. The OFPFLOWSTATREQUEST is a method used to request the switch statistics information such as Source address, destination address, flows, flow packets, flow duration and so on. In order to receive a response to this request, the OFPFLOWSTATREPLY handler is called to retrieved the flow statistics A Python-based script was developed to collect and compute the statistics from the switches within a predetermined time interval, which was saved in a CSV file.


Denial-of-Service Attack, Software Defined Network