DDoS Attack Detection in SDN-Assisted Federated Learning Environment Based on Contrastive Learning

Software-defined networking (SDN)-assisted federated learning (FL) is an emerging network computing environment. It can not only shorten the training time of federated learning while maintaining high learning performance, but also enhance the security of the FL network. However, compared with traditional FL networks, SDN-assisted FL technology introduces new security threats. Distributed denial of service(DDoS) attacks are an important security threat for the SDN service in FL. In the SDN-assisted FL environment, the FL network requires the interaction of model parameters among multiple participants. During this process, DDoS attacks may target the SDN control plane, disrupt its normal operation, and thus affect the transmission of model parameters in FL. Hence, this paper proposes a novel approach to detecting and identifying DDoS attacks based on contrastive learning (CL), an adversarial learning framework based on two-layer deep neural networks. The framework features a two-layer classification structure. In the first layer, we integrate Long Short-Term Memory (LSTM) and Support Vector Machine (SVM) to identify DDoS attacks. In the second layer, we enhance the classifier structure by combining Convolutional Neural Network (CNN) and Bidirectional Gated Recurrent Unit (BiGRU). This layer can be optimized based on the contrastive classification loss from the LSTM-SVM classifier in the first layer. We conducted experiments on a specific SDN dataset generated by the Mininet emulator. The results show that for the LSTM-SVM model, the detection accuracy reaches 99.75%, and the recall rate is 99.80%. For the CNN-BiGRU model, the detection accuracy rate is 99.36%, and the recall rate is 99.55%. Overall, the proposed CL model can effectively identify DDoS attack traffic in SDN-assisted FL environments, demonstrating high detection performance. However, the model may face challenges such as high computational resource requirements and insufficient adaptability to complex network environments when deployed in practice. Further optimization is needed to facilitate its broader application.