An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier

2020 ◽  
pp. 1-20
Author(s):  
K. Muthamil Sudar ◽  
P. Deepalakshmi
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Network Architecture ◽  
Detection System ◽  
Software Defined Networking ◽  
Control Plane ◽  
Control Logic ◽  
Data Plane

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

scholarly journals Effects of Machine Learning Approach in Flow-Based Anomaly Detection on Software-Defined Networking

Symmetry ◽  
2019 ◽  
Vol 12 (1) ◽  
pp. 7 ◽  
Author(s):  
Samrat Kumar Dey ◽  
Md. Mahbubur Rahman
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Single Point ◽  
Software Defined Networking ◽  
Recursive Feature Elimination

Recent advancements in software-defined networking (SDN) make it possible to overcome the management challenges of traditional networks by logically centralizing the control plane and decoupling it from the forwarding plane. Through a symmetric and centralized controller, SDN can prevent security breaches, but it can also bring in new threats and vulnerabilities. The central controller can be a single point of failure. Hence, flow-based anomaly detection system in OpenFlow Controller can secure SDN to a great extent. In this research, we investigated two different approaches of flow-based intrusion detection system in OpenFlow Controller. The first of which is based on machine-learning algorithm where NSL-KDD dataset with feature selection ensures the accuracy of 82% with random forest classifier using the gain ratio feature selection evaluator. In the later phase, the second approach is combined with a deep neural network (DNN)-based intrusion detection system based on gated recurrent unit-long short-term memory (GRU-LSTM) where we used a suitable ANOVA F-Test and recursive feature elimination selection method to boost classifier output and achieve an accuracy of 88%. Substantial experiments with comparative analysis clearly show that, deep learning would be a better choice for intrusion detection in OpenFlow Controller.

scholarly journals Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

2021 ◽  
Author(s):  
Md. Rayhan Ahmed ◽  
salekul Islam ◽  
Swakkhar Shatabda ◽  
A. K. M. Muzahidul Islam ◽  
Md. Towhidul Islam Robin
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Benchmark Datasets ◽  
Comprehensive Survey

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

scholarly journals Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

2021 ◽  
Author(s):  
Md. Rayhan Ahmed ◽  
salekul Islam ◽  
Swakkhar Shatabda ◽  
A. K. M. Muzahidul Islam ◽  
Md. Towhidul Islam Robin
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Software Defined Networks ◽  
Control Plane ◽  
Data Plane ◽  
Benchmark Datasets ◽  
Comprehensive Survey

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

scholarly journals Effects of Machine Learning Approach in Flow Based Anomaly Detection on Software Defined Networking

2019 ◽  
Author(s):  
Samrat Kumar Dey ◽  
Md. Mahbubur Rahman
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Learning Algorithm ◽  
Detection System ◽  
Single Point ◽  
Feature Selection Method ◽  
Software Defined Networking ◽  
Recursive Feature Elimination

Recent advancements in Software Defined Networking (SDN) makes it possible to overcome the management challenges of traditional network by logically centralizing control plane and decoupling it from forwarding plane. Through centralized controllers, SDN can prevent security breach, but it also brings in new threats and vulnerabilities. Central controller can be a single point of failure. Hence, flow-based anomaly detection system in OpenFlow Controller can secure SDN to a great extent. In this paper, we investigated two different approaches of flow-based intrusion detection system in OpenFlow Controller. The first of which is based on machine-learning algorithm where NSL-KDD dataset with feature selection ensures the accuracy of 82% with Random Forest classifier using Gain Ratio feature selection evaluator. In the later phase, the second approach is combined with Gated Recurrent Unit Long Short-Term Memory based intrusion detection model based on Deep Neural Network (DNN) where we applied an appropriate ANOVA F-Test and Recursive Feature Elimination feature selection method to improve the classifier performance and achieved an accuracy of 88%. Substantial experiments with comparative analysis clearly show that, deep learning would be a better choice for intrusion detection in OpenFlow Controller.

scholarly journals Routing Attacs pada Internet Of Things Berbasis Smart Intrution Detecion System

2020 ◽  
Vol 7 (2) ◽  
pp. 329
Author(s):  
Eka Lailatus Sofa ◽  
Subiyanto Subiyanto
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Machine Learning Algorithm ◽  
Routing Attacks

<p class="Abstrak"><em>Internet of Things</em> (IoT) telah memasuki berbagai aspek kehidupan manusia, diantaranya <em>smart city, smart home, smart street, </em>dan<em> smart industry </em>yang memanfaatkan internet untuk memantau informasi yang dibutuhkan<em>.</em> Meskipun sudah dienkripsi dan diautentikasi, protokol jaringan <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) yang dapat menghubungkan benda-benda yang terbatas sumber daya di IoT masih belum dapat diandalkan. Hal ini dikarenakan benda-benda tersebut masih dapat terpapar oleh <em>routing attacks</em> yang berasal dari jaringan 6LoWPAN dan internet. Makalah ini menyajikan kinerja <em>Smart Intrusion Detection System</em> berdasarkan <em>Compression Header Analyzer</em> untuk menganalisis model <em>routing attacks</em> lainnya pada jaringan IoT. IDS menggunakan <em>compression header</em> 6LoWPAN sebagai fitur untuk <em>machine learning algorithm</em> dalam mempelajari jenis <em>routing attacks</em>. Skenario simulasi dikembangkan untuk mendeteksi <em>routing attacks</em> berupa <em>selective forwarding attack</em> dan <em>sinkhole attack</em>. Pengujian dilakukan menggunakan <em>feature selection</em> dan <em>machine learning algorithm</em>. <em>Feature selection</em> digunakan untuk menentukan fitur signifikan yang dapat membedakan antara aktivitas normal dan abnormal. Sementara <em>machine learning algorithm</em> digunakan untuk mengklasifikasikan <em>routing attacks</em> pada jaringan IoT. Ada tujuh <em>machine learning algorithm</em> yang digunakan dalam klasifikasi antara lain <em>Random Forest, Random Tree, J48, Bayes Net, JRip, SMO,</em> dan <em>Naive Bayes</em>. Hasil percobaan disajikan untuk menunjukkan kinerja <em>Smart Intrusion Detection System</em> berdasarkan <em>Compression Header Analyzer</em> dalam menganalisis <em>routing attacks</em>. Hasil evaluasi menunjukkan bahwa IDS ini dapat mendeteksi antara serangan dan <em>non-</em>serangan.</p><p class="Abstrak"> </p><p class="Abstrak"><em><strong>Abstract</strong></em></p><p class="Abstract"><em>Internet of Things (IoT) has entered various aspects of human life including smart city, smart home, smart street, and smart industries that use the internet to get the information they need. Even though it's encrypted and authenticated, Internet protocol  <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) networks that can connect limited resources to IoT are still unreliable. This is because these objects can still be exposed to attacks from 6LoWPAN and the internet. This paper presents the performance of an Smart Intrusion Detection System based on Compression Header Analyzer to analyze other routing attack models on IoT networks. IDS uses a 6LoWPAN compression header as a feature for machine learning algorithms in learning the types of routing attacks. Simulation scenario was developed to detect routing attacks in the form of selective forwarding and sinkhole. Testing is done using the feature selection and machine learning algorithm. Feature selection is used to determine significant features that can distinguish between normal and abnormal activities. While machine learning algorithm is used to classify attacks on IoT networks. There were seven machine learning algorithms used in the classification including Random Forests, Random Trees, J48, Bayes Net, JRip, SMO, and Naive Bayes. Experiment Results to show the results of the Smart Intrusion Detection System based on Compression Header Analyzer in analyzing routing attacks. The evaluation results show that this IDS can protect between attacks and non-attacks.</em><strong></strong></p><p class="Abstrak"><em><strong><br /></strong></em></p>

Sign in / Sign up

Export Citation Format

Share Document