This section summarizes the existing works in the field of detecting DDoS attacks in SDN and different networks. Conti et al. [8] propose two simple and effective defenses against DDoS attacks using route spoofing and resource exhaustion in SDN networks. The first method is “periodic monitoring” which uses traffic analysis data to identify enemy nodes and second is “selective blocking” which stops opponents from purposely accessing other users’ active communication channels. The results of these tests demonstrate that there is a considerable rise in packet transmission rate and a sufficient reduction in bandwidth utilization and processing delay for new inquiries.
A detection approach by Zheng et al. [10] suggested the use of adaptive correlation analysis in the development of a real-time DDoS defense strategy. This method has the ability to protect networks against well-known DDoS attacks such as SYN flooding, UDP-based amplification and crossfire amplification.
Koay et al. [11] proposed a revolutionary multi classifier system to increase the flexibility and accuracy of recognizing low-intensity and high-intensity attacks. Approach uses entropy-based features to detect DDoS attacks with high reliability. The approach is able to acquire higher accuracy and recall statistics when comparing the suggested strategy to cutting-edge methods. Meti et al. [12] used SVM and neural networks (NN) to categorize different connections in the SDN. Barki et al. [13] proposed ML-based clustering techniques to detect DDoS attacks in SDN. They used a number of ML algorithms to detect anomalies in the traffic, including K-means, I Bayes, and K-nearest neighbor. The authors of [14] investigated a variety of ML techniques, including SVM, fuzzy logic, decision trees, neural networks, and Bayesian networks, to detect DDoS attacks in the network. However, their ideas lacked a DDoS mitigation method. Galeano-Brajones et al. [15], proposes an entropy-based solution for detecting and mitigating DoS and DDoS attacks in IoT scenarios. The results demonstrate that technique is effective against actual IoT data traffic. SDN is a promising paradigm that can assist in detecting and mitigating DoS and DDoS attacks.
Yang et al. [16] proposed a new anomaly network traffic detection approach for the cloud computing environment that uses SVM to normalize the values of network variables and to identify abnormal network behaviors. Technique employed six distinct network traffic characteristics, as well as a composite information entropy and SVM model.
Ravi et al. [17] explains how to defend IoT servers against DDoS attacks activated by fraudulent wireless IoT devices. Using a semi supervised ML algorithm, a novel mechanism dubbed learning-driven detection mitigation (LEDEM) was proposed to detect DDoS and mitigate it. It obtained a detection accuracy rate of 96.28% for DDoS attacks. And Wang et al. [18] the datasets utilized in both the training and testing stages of the evaluation of detection of DDoS attacks in cloud computing and SDN networks include a number of models with features. The DDoS attack detection model is the most accurate for SDN networks, with an accuracy rate of 89.30%.
A hybrid strategy for incremental learning-based DDoS attack detection is developed by Hosseini et al. [19]. It utilizes I Bayes, random forest, decision tree, multilayer perceptron (MLP), and k-nearest neighbors (K-NN), decision tree and multilayer perceptron to provide better results. The findings show that the random forest beats other algorithms in terms of performance. Houda et al.[20] proposed Co-IoT, a blockchain-based framework for collaborative DDoS mitigation that employs smart contracts (e.g., Ethereum's smart contracts) to facilitate collaboration between SDN-based domains and the decentralized transmission of attack information. The experimental results demonstrate that Co-IoT is flexible, efficient, secure, and cost-effective, making it a promising strategy for mitigating large-scale DDoS attacks.
Liang et al. [21] employed statistical tools combined with machine learning methods to detect DDoS attacks. In addition to distance measuring methods, preset distributions are often used in the statistical approach to normal and aberrant traffic behavior. In the machine learning stage, classifiers such as K-Means, SVM, decision trees, I Bayes, and AI are utilized. Balamurugan and Saravanan [22] created a detection method based on two algorithms: packet inspection and a hybrid approach combining recurrent NN with modeling clustering (NK-RNN).
Yang et al. [35] presented the ADAM (Adaptive DDoS Attack Mitigation) solution to combat DDoS attacks using information entropy and unsupervised anomaly detection techniques. During very severe DDoS attacks, the ADAM method achieves an average detection accuracy of 99.13% and considerably decreases the false positive rate by 35–59%.
Mahmoud et al. [36] used two common feature selection techniques: Information Gain (IG) and Random Forest (RF) to evaluate the complete aspects of DDoS attacks in SDN networks. They have used a Deep Learning (DL) solution that makes use of Long Short Term Memory (LSTM) and an auto encoder. According to the findings of their research, the DL technique is capable of successfully identifying DDoS attacks while having no influence on the controller’s performance. However, this technique has an over fitting problem.
Syed et al. [44] discussed a new way to find intrusions on the Internet of Things (IoT). It uses a modern IoT dataset and a feed-forward neural networks model with embedding layers to store high-dimensional category features for multi-class classification. Then, transfer learning is used to code high-dimensional category features so that a second feed-forward neural networks model can be used to build a binary classifier. The results show that both binary and multi-class classifiers are very good. But it not adaptable for high volume of traffic.