Wavelet against random forest for anomaly mitigation in software-defined networking

Security and availability of computer networks remain critical issues even with the constant evolution of communication technologies. In this core, traffic anomaly detection mechanisms need to be flexible to detect the growing spectrum of anomalies that may hinder proper network operation. In this paper, we argue that Software-defined Networking (SDN) provides a suitable environment for the design and implementation of more robust and comprehensive anomaly detection approaches. Aiming towards automated management to detect and prevent potential problems, we present an anomaly identification mechanism based on Discrete Wavelet Transform (DWT) and compare it with another detection model based on Random Forest. These methods generate a normal traffic profile, which is compared with actual real network traffic to recognize abnormal events. After a threat is detected, mitigation measures are activated so that the harmful effects of the malicious event are contained. We assess the effectiveness of the proposed anomaly detection methods and mitigation schemes using Distributed Denial of Service (DDoS) and port scan attacks. Our results confirm the effectiveness of both methods as well as the mitigation routines. In particular, the correspondence between the detection rates confirms that both methods enhance the detection of anomalous behavior by maintaining a satisfactory false-alarm rate.