Distributed  Denial  of  Service  (DDoS)  attacks  are  the  most  common  type  of  cyber-attack. Therefore, an appropriate mechanism is needed to overcome those problems. This paper proposed an integration method between the Honeypot sensor and Software Defined Network (SD-Honeypot Network). In terms of the attack detection process, the Honeypot server utilized the Semi-supervised learning method in the attack classification process by combining the Pseudo-labelling model (SVM algorithm) and the subsequent classification with the Adaptive Boosting method. The dataset used in this paper is monitoring data taken by the Suricata sensor. The research experiment was conducted by examining several variables, namely the accuracy, precision, and recall pointed at 99%, 66%, and 66%, respectively. The CPU usage during classification was relatively small, which was around 14%. The average time of flow rule mitigation installation was 40 s. In addition, the packet/prediction loss occurred during the attack, which caused several packets in the attack not to be classified was pointed at 43%.

cyber security; DDoS; honeypot; SDN; semi-supervised;