Comparison of Feature Selection Methods for DDoS Attacks on Software Defined Networks using Filter-Based, Wrapper-Based and Embedded-Based

M.T. Kurniawan - Indonesia University, Depok Jawa Barat, 16424, Indonesia
Setiadi Yazid - Indonesia University, Depok Jawa Barat, 16424, Indonesia
Yudho Sucahyo - Indonesia University, Depok Jawa Barat, 16424, Indonesia

Citation Format:



The development of internet technology is growing very rapidly. Moreover, keeping internet users protected from cyberattacks is part of the security challenges. Distributed Denial of Service (DDoS) is a real attack that continues to grow. DDoS attacks have become one of the most difficult attacks to detect and mitigate appropriately. Software Defined Network (SDN) architecture is a novel network management and a new concept of the infrastructure network. A controller is a single point of failure in SDN, which is the most dangerous of various attacks because the attacker can take control of the controller so that it can control all network traffic. Various detection and mitigation methods have been offered, but not many consider the capacity of the SDN controller. In this research, we propose a feature selection method for DDoS attacks. This research aims to select the most important features of DDoS attacks on SDN so that the detection of DDoS on SDN can be lightweight and early. This research uses a dataset [1] generated by a Mininet emulator. The simulation runs for benign TCP, UDP, and ICMP traffic and malicious traffic, which is the collection of TCP SYN attacks, UDP Flood attacks, and ICMP attacks. A total of 23 features are available in the dataset, some are extracted from the switches, and others are calculated. By using three methods, filter-based, wrapper-based, and embedded-based, we get consistent results where the pktcount feature is the highest feature importance of DDoS attacks on SDN.


Software-defined networking; detection system; feature selection; filter based; wrapper based; embedded based distributed denial-of-service.

Full Text:



N. Ahuja, G. Singal, and D. Mukhopadhyay, “DLSDN: Deep learning for DDOS attack detection in software defined networking,” Proc. Conflu. 2021 11th Int. Conf. Cloud Comput. Data Sci. Eng., pp. 683–688, 2021, doi: 10.1109/Confluence51648.2021.9376879.

N. N. Tuan, P. H. Hung, N. D. Nghia, N. Van Tho, T. Van Phan, and N. H. Thanh, “A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN,” Electron., vol. 9, no. 3, pp. 1–19, 2020, doi: 10.3390/electronics9030413.

T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of distributed denial-of-service attack, prevention, and mitigation techniques,” Int. J. Distrib. Sens. Networks, vol. 13, no. 12, 2017, doi: 10.1177/1550147717741463.

Z. Shu, J. Wan, D. Li, J. Lin, A. V. Vasilakos, and M. Imran, “Security in Software-Defined Networking: Threats and Countermeasures,” Mob. Networks Appl., vol. 21, no. 5, pp. 764–776, 2016, doi: 10.1007/s11036-016-0676-x.

Ö. Tonkal, H. Polat, E. Başaran, Z. Cömert, and R. Kocaoğlu, “Machine learning approach equipped with neighbourhood component analysis for ddos attack detection in software-defined networking,” Electron., vol. 10, no. 11, 2021, doi: 10.3390/electronics10111227.

J. C. Correa Chica, J. C. Imbachi, and J. F. Botero Vega, “Security in SDN: A comprehensive survey,” J. Netw. Comput. Appl., vol. 159, no. December 2018, p. 102595, 2020, doi: 10.1016/j.jnca.2020.102595.

S. T. Zargar, J. Joshi, and D. Tipper, “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks,” IEEE Comput. Electr. Eng., vol. 15, no. 4, pp. 2046–2069, 2013, doi: 10.1016/j.compeleceng.2018.09.001.

S. Oshima, T. Nakashima, and T. Sueyoshi, “Early DoS/DDoS detection method using short-term statistics,” CISIS 2010 - 4th Int. Conf. Complex, Intell. Softw. Intensive Syst., pp. 168–173, 2010, doi: 10.1109/CISIS.2010.53.

S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” in 2015 International Conference on Computing, Networking and Communications, ICNC 2015, 2015, pp. 77–81, doi: 10.1109/ICCNC.2015.7069319.

R. Li and B. Wu, “Early detection of DDoS based on phi-entropy in SDN networks,” Proceedings of 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference, ITNEC 2020. pp. 731–735, 2020, doi: 10.1109/ITNEC48623.2020.9084885.

R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in Proceedings - Conference on Local Computer Networks, LCN, 2010, pp. 408–415, doi: 10.1109/LCN.2010.5735752.

K. S. Sahoo, D. Puthal, M. Tiwary, J. J. P. C. Rodrigues, B. Sahoo, and R. Dash, “An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics,” Futur. Gener. Comput. Syst., vol. 89, pp. 685–697, 2018, doi: 10.1016/j.future.2018.07.017.

K. Kalkan, L. Altay, G. Gür, and F. Alagöz, “JESS: Joint Entropy-Based DDoS Defense Scheme in SDN,” IEEE J. Sel. Areas Commun., vol. 36, no. 10, pp. 2358–2372, 2018, doi: 10.1109/JSAC.2018.2869997.

M. Yue, H. Wang, L. Liu, and Z. Wu, “Detecting DoS Attacks Based on Multi-Features in SDN,” IEEE Access, vol. 8, pp. 104688–104700, 2020, doi: 10.1109/ACCESS.2020.2999668.

D. B. Rawat and S. R. Reddy, “Software Defined Networking Architecture, Security and Energy Efficiency: A Survey,” IEEE Commun. Surv. Tutorials, vol. 19, no. 1, pp. 325–346, 2017, doi: 10.1109/COMST.2016.2618874.

L. F. Eliyan and R. Di Pietro, “DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research challenges,” Futur. Gener. Comput. Syst., vol. 122, pp. 149–171, 2021, doi: 10.1016/j.future.2021.03.011.

M. Malik and Y. Singh, “A Review: DoS and DDoS Attacks,” Int. J. Comput. Sci. Mob. Comput., vol. 4, no. 6, pp. 260–265, 2015.

N. Ahuja and G. Singal, “DDOS Attack Detection Prevention in SDN using OpenFlow Statistics,” Proc. 2019 IEEE 9th Int. Conf. Adv. Comput. IACC 2019, pp. 147–152, 2019, doi: 10.1109/IACC48062.2019.8971596.

N. Ahuja, G. Singal, and D. Mukhopadhyay, “DDOS attack SDN Dataset,” vol. 1, no. September, p. 17632, 2020, doi: 10.17632/jxpfjc64kr.1.

B. B. Zarpelão, R. S. Miani, C. T. Kawakani, and S. C. de Alvarenga, “A survey of intrusion detection in Internet of Things,” J. Netw. Comput. Appl., vol. 84, pp. 25–37, 2017, doi: 10.1016/j.jnca.2017.02.009.

R. J. Alzahrani and A. Alzahrani, “Security analysis of ddos attacks using machine learning algorithms in networks traffic,” Electron., vol. 10, no. 23, 2021, doi: 10.3390/electronics10232919.

R. Kumar, P. Kumar, R. Tripathi, G. P. Gupta, N. Kumar, and M. M. Hassan, “A Privacy-Preserving-Based Secure Framework,” IEEE Trans. Intell. Transp. Syst., vol. 23, no. 9, pp. 1–12, 2022.

M. Keshk, B. Turnbull, N. Moustafa, D. Vatsalan, and K. K. R. Choo, “A Privacy-Preserving-Framework-Based Blockchain and Deep Learning for Protecting Smart Power Networks,” IEEE Trans. Ind. Informatics, vol. 16, no. 8, pp. 5110–5118, 2020, doi: 10.1109/TII.2019.2957140.

E. Balkanli, A. Nur Zincir-Heywood, and M. I. Heywood, “Feature selection for robust backscatter DDoS detection,” Proc. - Conf. Local Comput. Networks, LCN, vol. 2015-Decem, pp. 611–618, 2015, doi: 10.1109/LCNW.2015.7365905.

L. S. Matsa, G. A. Zodi-Lusilao, and F. Bhunu-Shava, “Forward Feature Selection for DDoS Detection on Cross-Plane of Software Defined Network Using Hybrid Deep Learning.,” 2021 3rd Int. Multidiscip. Inf. Technol. Eng. Conf. IMITEC 2021, 2021, doi: 10.1109/IMITEC52926.2021.9714561.

N. Abbas, Y. Nasser, M. Shehab, and S. Sharafeddine, “Attack-Specific Feature Selection for Anomaly Detection in Software-Defined Networks,” in 2021 3rd IEEE Middle East and North Africa COMMunications Conference, MENACOMM 2021, 2021, pp. 142–146, doi: 10.1109/MENACOMM50742.2021.9678279.

H. Polat, O. Polat, and A. Cetin, “Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models,” Sustainability, vol. 12, p. 1035, 2020, doi: 10.3390/su12031035.

Z. M. Hira and D. F. Gillies, “A Review of Feature Selection and Feature Extraction Methods Applied on Microarray Data,” Adv. Bioinformatics, vol. 2015, no. 1, pp. 2–4, 2015.

B. Venkatesh and J. Anuradha, “A review of Feature Selection and its methods,” Cybern. Inf. Technol., vol. 19, no. 1, pp. 3–26, 2019, doi: 10.2478/CAIT-2019-0001.

M. De Donno, A. Giaretta, N. Dragoni, and A. Spognardi, “A taxonomy of distributed denial of service attacks,” Int. Conf. Inf. Soc. i-Society 2017, vol. 2018-Janua, pp. 100–107, 2018, doi: 10.23919/i-Society.2017.8354681.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

JOIV : International Journal on Informatics Visualization
ISSN 2549-9610  (print) | 2549-9904 (online)
Organized by Department of Information Technology - Politeknik Negeri Padang, and Institute of Visual Informatics - UKM and Soft Computing and Data Mining Centre - UTHM
W :
E :,,

View JOIV Stats

Creative Commons License is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.