Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN

Raja Majid Ali Ujjan, Zeeshan Pervez*, Keshav Dahal, Ali Kashif Bashi, Rao Mumtaz, J. González

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

120 Citations (Scopus)
511 Downloads (Pure)


Distributed Denial of Service (DDoS) is one of the most rampant attacks in the modern Internet of Things (IoT) network infrastructures. Security plays a very vital role for an ever-growing heterogeneous network of IoT nodes, which are directly connected to each other. Due to the preliminary stage of Software Defined Networking (SDN), in the IoT network, sampling based measurement approaches currently results in low-accuracy, higher memory consumption, higher-overhead in processing and network, and low attack-detection. To deal with these aforementioned issues, this paper proposes sFlow and adaptive polling based sampling with Snort Intrusion Detection System (IDS)and deep learning based model, which helps to lower down the various types of prevalent DDoS attacks inside the IoT network. The flexible decoupling property of SDN enables us to program network devices for required parameters without utilizing third-party propriety based hardware or software. Firstly, in data-plane, to lower down processing and network overhead of switches, we deployed sFlow and adaptive polling based sampling individually. Secondly, in control-plane, to optimize detection accuracy, we deployed Snort IDS collaboratively with Stacked Autoencoders (SAE) deep learning model. Furthermore, after applying performance metrics on collected traffic streams, we quantitatively investigate trade\- off among attack detection accuracy and resources overhead. The evaluation of the proposed system demonstrates higher detection accuracy with 95\% of True Positive rate with less than 4\% of False Positive rate within sFlow based implementation compared to adaptive polling.
Original languageEnglish
Pages (from-to)763-779
Number of pages17
JournalFuture Generation Computer Systems
Early online date1 Nov 2019
Publication statusPublished - 31 Oct 2020


  • DDoS
  • IoT
  • SDN
  • Snort
  • Sampling


Dive into the research topics of 'Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN'. Together they form a unique fingerprint.

Cite this