Semi-supervised approach for detecting distributed denial of service in SD-honeypot network environment

Distributed Denial of Service (DDoS) attacks is the most common type ofcyber-attack. Therefore, an appropriate mechanism is needed to overcomethose problems. This paper proposed an integration method between thehoneypot sensor and software defined network (SDN) (SD-honeypotnetwork). In terms of the attack detection process, the honeypot serverutilized the Semi-supervised learning method in the attack classificationprocess by combining the Pseudo-labelling model (support vector machine(SVM) algorithm) and the subsequent classification with the AdaptiveBoosting method. The dataset used in this paper is monitoring data taken bythe Suricata sensor. The research experiment was conducted by examiningseveral variables, namely the accuracy, precision, and recall pointed at 99%,66%, and 66%, respectively. The central processing unit (CPU) usage duringclassification was relatively small, which was around 14%. The average timeof flow rule mitigation installation was 40s. In addition, thepacket/prediction loss occurred during the attack, which caused severalpackets in the attack not to be classified was pointed at 43%.