Intelligent SDN-Driven Multi-Layer Deep Learning Framework for Real-Time DDoS Mitigation and Secure Flow Management in Financial Networks

Abstract

Today, digital financial infrastructures are facing critical security risks due to emergence of covert threat activities in the form of Distributed Denial of Services (DDoS) attacks by using adoptive Botnet infrastructures (network of hijacked devices that perform intense cyber-attacks on network clouds using adaptive application to continuously change the behavior as switch, router, IPS, and modifying attacks patterns to evade detection and have attack sustainability). The latest and intense DDoS attack toolkits for targeting Application Programming Interface (APIs), cloud services, and modern web applications by exploiting Hyper Text Transfer Protocol (HTTP-2) weakness are DDoSia and MantisBot. These DDoS attacks have volumetric, multi-vector, and low-rate features to target banking APIs working on the 7^th layer, which traditional machine learning algorithms cannot mitigate. This research proposes a multi-layer Software Define Networking (SDN)-Pox controller based structure installed on Mininet featuring an intelligent real time a hybrid deep learning framework for DDoS attacks mitigation based on three algorithms and Honeypot implementation: (1)Long Short Term Memory (LSTM)-Auto encoder (LSTM is a recurrent neural network performing sequential data analysis and Auto encoder reconstruct the input and flag anomalous flow when reconstruction error is high) and next algorithm in proposed framework is (2) The 25-featured based Optimized XG-Boost (XG-Boost 25) Classifier (gradient boost decision tree algorithm deploying 25 features to detect the flow flagged by LSTM-Auto encoder is benign or malicious) and last step in multi-layer framework is (3) Graphical Neural Network (GNN) algorithm (capture spatial relationship between hosts, switches and flows for detecting complex attack patterns having lateral coordinated movement across nodes). Upon detection of DDoS attacks, the flow is not just rejected; to have detailed attacker deception and forensic logging, the malicious flow is forwarded to an isolated Honeypot environment. With the proposed multi-layer framework, the accuracy of 98.9%, 160ms of detecting time,30ms of mitigation latency, 1.7% of packet loss efficiency and minimum value of J-index (explaining the overall degradation and risk to system performance under DDoS attacks combining multiple matrices to single scalar value) is achieved as compared to traditional mitigation framework based on Random Forest, signature-based Intrusion Detection System (IDS), etc.