Genetic Algorithm based Intrusion Detection System for Software-Defined Network Architecture

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

Download Full-text

A Novel Deep Learning Based Intrusion Detection System : Software Defined Network

10.1109/3ict53449.2021.9581404 ◽

2021 ◽

Author(s):

Jamal Hussain ◽

Vanlalruata Hnamte

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Software Defined Network ◽

System Software

Download Full-text

An Online Intrusion Detection System to Cloud Computing Based on Neucube Algorithms

Cognitive Analytics ◽

10.4018/978-1-7998-2460-2.ch053 ◽

2020 ◽

pp. 1042-1059 ◽

Cited By ~ 1

Author(s):

Ammar Almomani ◽

Mohammad Alauthman ◽

Firas Albalas ◽

O. Dorgham ◽

Atef Obeidat

Keyword(s):

Cloud Computing ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Network Architecture ◽

Detection System ◽

Machine Learning Techniques ◽

Malicious Attack ◽

Online Mode ◽

Learning Techniques ◽

Network Operations

This article describes how as network traffic grows, attacks on traffic become more complicated and harder to detect. Recently, researchers have begun to explore machine learning techniques with cloud computing technologies to classify network threats. So, new and creative ways are needed to enhance intrusion detection system. This article addresses the source of the above issues through detecting an intrusion in cloud computing before it further disrupts normal network operations, because the complexity of malicious attack techniques have evolved from traditional malicious attack technologies (direct malicious attack), which include different malicious attack classes, such as DoS, Probe, R2L, and U2R malicious attacks, especially the zero-day attack in online mode. The proposed online intrusion detection cloud system (OIDCS) adopts the principles of the new spiking neural network architecture called NeuCube algorithm. It is proposed that this system is the first filtering system approach that utilizes the NeuCube algorithm. The OIDCS inherits the hybrid (supervised/unsupervised) learning feature of the NeuCube algorithm and uses this algorithm in an online system with lifelong learning to classify input while learning the system. The system is accurate, especially when working with a zero-day attack, reaching approximately 97% accuracy based on the to-be-remembered (TBR) encoding algorithm.

Download Full-text

A Feature Selection Model for Network Intrusion Detection System Based on PSO, GWO, FFA and GA Algorithms

Symmetry ◽

10.3390/sym12061046 ◽

2020 ◽

Vol 12 (6) ◽

pp. 1046 ◽

Cited By ~ 3

Author(s):

Omar Almomani

Keyword(s):

Genetic Algorithm ◽

Feature Selection ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Selection Model ◽

Network Intrusion Detection ◽

Network Intrusion ◽

Proposed Model ◽

Positive Rate

The network intrusion detection system (NIDS) aims to identify virulent action in a network. It aims to do that through investigating the traffic network behavior. The approaches of data mining and machine learning (ML) are extensively used in the NIDS to discover anomalies. Regarding feature selection, it plays a significant role in improving the performance of NIDSs. That is because anomaly detection employs a great number of features that require much time. Therefore, the feature selection approach affects the time needed to investigate the traffic behavior and improve the accuracy level. The researcher of the present study aimed to propose a feature selection model for NIDSs. This model is based on the particle swarm optimization (PSO), grey wolf optimizer (GWO), firefly optimization (FFA) and genetic algorithm (GA). The proposed model aims at improving the performance of NIDSs. The proposed model deploys wrapper-based methods with the GA, PSO, GWO and FFA algorithms for selecting features using Anaconda Python Open Source, and deploys filtering-based methods for the mutual information (MI) of the GA, PSO, GWO and FFA algorithms that produced 13 sets of rules. The features derived from the proposed model are evaluated based on the support vector machine (SVM) and J48 ML classifiers and the UNSW-NB15 dataset. Based on the experiment, Rule 13 (R13) reduces the features into 30 features. Rule 12 (R12) reduces the features into 13 features. Rule 13 and Rule 12 offer the best results in terms of F-measure, accuracy and sensitivity. The genetic algorithm (GA) shows good results in terms of True Positive Rate (TPR) and False Negative Rate (FNR). As for Rules 11, 9 and 8, they show good results in terms of False Positive Rate (FPR), while PSO shows good results in terms of precision and True Negative Rate (TNR). It was found that the intrusion detection system with fewer features will increase accuracy. The proposed feature selection model for NIDS is rule-based pattern recognition to discover computer network attack which is in the scope of Symmetry journal.

Download Full-text