Support vector machine (SVM) based detection for volumetric bandwidth distributed denial of service (DVB-DDOS) attack within gigabit passive optical network

The dynamic bandwidth allocation (DBA) algorithm is highly impactful in improving the network performance of gigabit passive optical networks (GPON). Network security is an important component of today’s networks to combat security attacks, including GPON. However, the literature contains reports highlighting its vulnerability to specific attacks, thereby raising concerns. In this work, we argue that the impact of a volumetric bandwidth distributed denial of service (DVB-DDOS) attack can be mitigated by improving the dynamic bandwidth assignment (DBA) scheme, which is used in PON to manage the US bandwidth at the optical line terminal (OLT). Thus, this study uses a support vector machine (SVM), a machine learning approach, to learn the optical network unit (ONU) traffic demand patterns and presents a hybrid security-aware DBA (HSA-DBA) scheme that is capable of distinguishing malicious ONUs from normal ONUs. In this article, we consider the deployment of the HSA-DBA scheme in OMNET++ to acquire the monitoring data samples used to train the ML technique for the effective classification of ONUs. The simulation findings revealed a mean upstream delay improvement of up to 63% due to the security feature offered by the mechanism. Moreover, significant reductions in upstream delay performance, including 63% for TCONT2, 65% for TCONT3, and 95% for TCONT4, along with a reduction in frame loss rates for normal ONU traffic, were observed. This research provides a significant stride towards secure GPONs, ensuring reliable defense mechanisms are in place, which paves the way for more resilient future broadband network infrastructures.