Developing Tunable Machine Learning Workflow for Traffic Analysis in SDN

Traffic monitoring is a critical issue in networking in general, especially in SDN due to its layered architecture in which the control plane represents a single point of failure. Therefore, this paper is tailored to mitigate the control and mitigate the effect od the DDoS attacks in SDN networks. It presents a complete machine learning (ML) workflow that begins with data ingestion and end with a trained model that is capable of analyzing packets in a production network. Three ML pipelines are part of this workflow, where the training process is carried out on a distributed framework, i.e., Spark, to accomplish a near real time analysis for each flow of packets. To evaluate the performance of the suggested workflow, the LRHR DDoS 2024 dataset is employed. The decision tree model outperforms the remaining models with 99% of accuracy and 4 min 33 s of training time.