Software-defined networking (SDN) is a network architecture that enables the separation of the control plane and data plane, facilitating centralized management of the network. While centralized control offers numerous benefits, it also comes with certain drawbacks. Flooding distributed denial of service (DDoS) attacks pose a significant threat in SDN environments. These attacks involve overwhelming a target system with a large volume of packets, aiming to disrupt its functionality. In this paper, we propose a new approach for detecting DDoS attacks based on multiple k-means models and the naive Bayes algorithm. Our methodology involves training multiple k-means models to cluster each data point within every column of the dataset, where each column represents a feature. This process results in a new dataset with the same shape, containing only clusters, except the column containing the target variable (labels). These clusters are then used as input by naïve Bayes to perform binary classification. We assessed our approach using the InSDN and CIC-DDoS2017 datasets. The results underscore the impressive accuracy of our model, achieving 99.9839% on the InSDN dataset and 99.7030% on the CIC-DDoS2017 dataset. This performance was achieved by optimizing the desired number of clusters.

Flooding distributed denial of service attacks; K-means; Naïve Bayes; SDN datasets; Software-defined networking