Nasrin Sultana,Naveen Chilamkurti,Wei Peng,Rabei Alhadad

DOI: https://doi.org/10.1007/s12083-017-0630-0

2018-01-12

Abstract:Software Defined Networking Technology (SDN) provides a prospect to effectively detect and monitor network security problems ascribing to the emergence of the programmable features. Recently, Machine Learning (ML) approaches have been implemented in the SDN-based Network Intrusion Detection Systems (NIDS) to protect computer networks and to overcome network security issues. A stream of advanced machine learning approaches – the deep learning technology (DL) commences to emerge in the SDN context. In this survey, we reviewed various recent works on machine learning (ML) methods that leverage SDN to implement NIDS. More specifically, we evaluated the techniques of deep learning in developing SDN-based NIDS. In the meantime, in this survey, we covered tools that can be used to develop NIDS models in SDN environment. This survey is concluded with a discussion of ongoing challenges in implementing NIDS using ML/DL and future works.

computer science, information systems,telecommunications

Md. Rayhan Ahmed,salekul Islam,Swakkhar Shatabda,A. K. M. Muzahidul Islam,Md. Towhidul Islam Robin

DOI: https://doi.org/10.36227/techrxiv.17153213

2021-12-10

Abstract:At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.

Naveed Ahmed,Asri Bin Ngadi,Johan Mohamad Sharif,Saddam Hussain,Mueen Uddin,Muhammad Siraj Rathore,Jawaid Iqbal,Maha Abdelhaq,Raed Alsaqour,Syed Sajid Ullah,Fatima Tul Zuhra

DOI: https://doi.org/10.3390/s22207896

2022-10-17

Abstract:A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network's security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and preserve the network's integrity, availability, and confidentiality. Much work has been done on NIDS but there are still improvements needed in reducing false alarms and increasing threat detection accuracy. Recently advanced approaches such as deep learning (DL) and machine learning (ML) have been implemented in SDN-based NIDS to overcome the security issues within a network. In the first part of this survey paper, we offer an introduction to the NIDS theory, as well as recent research that has been conducted on the topic. After that, we conduct a thorough analysis of the most recent ML- and DL-based NIDS approaches to ensure reliable identification of potential security risks. Finally, we focus on the opportunities and difficulties that lie ahead for future research on SDN-based ML and DL for NIDS.

Zeeshan Ahmad,Adnan Shahid Khan,Cheah Wai Shiang,Johari Abdullah,Farhan Ahmad

DOI: https://doi.org/10.1002/ett.4150

IF: 3.6

2020-10-16

Transactions on Emerging Telecommunications Technologies

Abstract:<p>The rapid advances in the internet and communication fields have resulted in a huge increase in the network size and the corresponding data. As a result, many novel attacks are being generated and have posed challenges for network security to accurately detect intrusions. Furthermore, the presence of the intruders with the aim to launch various attacks within the network cannot be ignored. An intrusion detection system (IDS) is one such tool that prevents the network from possible intrusions by inspecting the network traffic, to ensure its confidentiality, integrity, and availability. Despite enormous efforts by the researchers, IDS still faces challenges in improving detection accuracy while reducing false alarm rates and in detecting novel intrusions. Recently, machine learning (ML) and deep learning (DL)‐based IDS systems are being deployed as potential solutions to detect intrusions across the network in an efficient manner. This article first clarifies the concept of IDS and then provides the taxonomy based on the notable ML and DL techniques adopted in designing network‐based IDS (NIDS) systems. A comprehensive review of the recent NIDS‐based articles is provided by discussing the strengths and limitations of the proposed solutions. Then, recent trends and advancements of ML and DL‐based NIDS are provided in terms of the proposed methodology, evaluation metrics, and dataset selection. Using the shortcomings of the proposed methods, we highlighted various research challenges and provided the future scope for the research in improving ML and DL‐based NIDS.</p>

telecommunications

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.3390/fi13050111

2021-04-28

Future Internet

Abstract:Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

Muhammad Zawad Mahmud,Shahran Rahman Alve,Samiha Islam,Mohammad Monirujjaman Khan

2024-11-08

Abstract:Software-defined network (SDN) is a new approach that allows network control to become directly programmable, and the underlying infrastructure can be abstracted from applications and network services. Control plane). When it comes to security, the centralization that this demands is ripe for a variety of cyber threats that are not typically seen in other network architectures. The authors in this research developed a novel machine-learning method to capture infections in networks. We applied the classifier to the UNSW-NB 15 intrusion detection benchmark and trained a model with this data. Random Forest and Decision Tree are classifiers used to assess with Gradient Boosting and AdaBoost. Out of these best-performing models was Gradient Boosting with an accuracy, recall, and F1 score of 99.87%,100%, and 99.85%, respectively, which makes it reliable in the detection of intrusions for SDN networks. The second best-performing classifier was also a Random Forest with 99.38% of accuracy, followed by Ada Boost and Decision Tree. The research shows that the reason that Gradient Boosting is so effective in this task is that it combines weak learners and creates a strong ensemble model that can predict if traffic belongs to a normal or malicious one with high accuracy. This paper indicates that the GBDT-IDS model is able to improve network security significantly and has better features in terms of both real-time detection accuracy and low false positive rates. In future work, we will integrate this model into live SDN space to observe its application and scalability. This research serves as an initial base on which one can make further strides forward to enhance security in SDN using ML techniques and have more secure, resilient networks.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.1002/cpe.7438

2022-11-13

Concurrency and Computation: Practice and Experience

Abstract:Summary Software‐defined networking (SDN) has been developed to separate network control plane from forwarding plane which can decrease operational costs and the time it takes to deploy new services compared to traditional networks. Despite these advantages, this technology brings threats and vulnerabilities. Consequently, developing high‐performance real‐time intrusion detection systems (IDSs) to classify malicious activities is a vital part of SDN architecture. This article introduces two created datasets generated from SDN using Mininet and Ryu controller with different feature extraction tools that contain normal traffic and different types of attacks (Fin flood, UDP flood, ICMP flood, OS probe scan, port probe scan, TCP bandwidth flood, and TCP syn flood) that is used for training a number of supervised binary classification machine learning algorithms such as k‐nearest neighbor, AdaBoost, decision tree (DT), random forest, naive Bayes, multilayer perceptron, support vector machine, and XGBoost. The DT algorithm has achieved high scores to fit a real‐time application achieving F1 score on attack class of 0.9995, F1 score on normal class of 0.9983, and throughput score of 6,737,147.275 samples per second with a total number of three features. In addition, using data preprocessing to reduce the model complexity, thereby increasing the overall throughput to fit a real‐time system.

Nura Shifa Musa,Nada Masood Mirza,Saida Hafsa Rafique,Amira Mahamat Abdallah,Thangavel Murugan

DOI: https://doi.org/10.1109/access.2024.3360868

IF: 3.9

2024-02-10

IEEE Access

Abstract:This state-of-the-art review comprehensively examines the landscape of Distributed Denial of Service (DDoS) anomaly detection in Software Defined Networks (SDNs) through the lens of advanced Machine Learning (ML) and Deep Learning (DL) techniques. The application domain of this work is focused on addressing the inherent security vulnerabilities of SDN environments and developing an automated system for detecting and mitigating network attacks. The problem focused on in this review is the need for effective defensive mechanisms and detection methodologies to address these vulnerabilities. Conventional network measurement methodologies are limited in the context of SDNs, and the proposed ML and DL techniques aim to overcome these limitations by providing more accurate and efficient detection and mitigation of DDoS attacks. The objective of this work is to provide a comprehensive review of related works in the field of SDN anomaly detection recent advances, categorized into two groups via ML and DL techniques. The proposed systems utilize a variety of techniques, including Supervised Learning (SL), Unsupervised Learning (UL) Ensemble Learning (EL) and DL solutions, to process IP flows, profile network traffic, and identify attacks. The output comprises the mitigation policies learned by ML/DL techniques, and the proposed systems act as sophisticated gatekeepers, applying automated mitigation policies to curtail the extent of damage resulting from these attacks. The results obtained from the evaluation metrics, including accuracy, precision, and recall, confirm the marked effectiveness of the proposed systems in detecting and mitigating various types of attacks, including Distributed Denial of Service (DDoS) attacks. The proposed systems' foundational contributions are manifest in their efficacy for both DDoS attack detection and defense within the SDN environment. However, the review acknowledges certain inherent limitations and the pressing need for further validation within real-world scenarios to assess the proposed methods' practicality and effectiveness. In summary, this systematic review offers valuable perspectives on the present status of Distributed Denial-of-Service detection in Software-Defined Networks employing Machine Learning and Deep Learning methodologies, highlighting the strengths and limitations of various proposed systems and identifying areas for future research and development.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rohith Vallabhaneni, Srinivas A Vaddadi, Abhilash Maroju, Sravanthi Dontu

DOI: https://doi.org/10.17762/ijritcc.v11i9s.9491

2023-08-31

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:The process of analysing and improving network traffic is of tremendous relevance to network management and multimedia data mining techniques. Security in Software Defined Networks (SDNs), which rely on a programmable controller in the middle, has recently emerged as the most challenging aspect of SDNs. Network traffic monitoring is critical for detecting and exposing intrusion anomalies in an SDN context. Thus, this study offers a thorough assessment of the NSL-KDD dataset using five separate clustering algorithms: K-means, Farthest First, Canopy, Density-based method, and Exception-maximization (EM). The software used to conduct the comparisons is the Waikato Environment for Knowledge Analysis (WEKA). In addition, the article introduces a knowledge discovery in databases (KDD)–based deep learning (DL) model for intrusion detection that is SDN-based. Initially, the dataset that is being used is clustered into four main attack types and one normal category. We will next go over the steps necessary to build a deep learning intrusion detection system that is based on SDN. The results provide an objective assessment of the several attack types present in the KDD dataset. Just like other methods, the results demonstrate that the proposed deep learning strategy provides better intrusion detection performance. As an illustration, the tested dataset demonstrates a detection accuracy of 94.21% when using the suggested approach.

Jiaqi Li,Zhifeng Zhao,Rongpeng Li

DOI: https://doi.org/10.48550/arxiv.1708.04571

2017-01-01

Abstract:As an inevitable trend of future 5G networks, Software Defined architecture has many advantages in providing central- ized control and flexible resource management. But it is also confronted with various security challenges and potential threats with emerging services and technologies. As the focus of network security, Intrusion Detection Systems (IDS) are usually deployed separately without collaboration. They are also unable to detect novel attacks with limited intelligent abilities, which are hard to meet the needs of software defined 5G. In this paper, we propose an intelligent intrusion system taking the advances of software defined technology and artificial intelligence based on Software Defined 5G architecture. It flexibly combines security function mod- ules which are adaptively invoked under centralized management and control with a globle view. It can also deal with unknown intrusions by using machine learning algorithms. Evaluation results prove that the intelligent intrusion detection system achieves a better performance.

Jiaqi Li,Zhifeng Zhao,Rongpeng Li

DOI: https://doi.org/10.1049/iet-net.2017.0212

2018-01-01

IET Networks

Abstract:As an inevitable trend of future fifth generation (5G) networks, software-defined architecture has many advantages in providing centralised control and flexible resource management. However, it is also confronted with various security challenges and potential threats with emerging services and technologies. As the focus of network security, intrusion detection systems (IDSs) are usually deployed separately without collaboration. They are also unable to detect novel attacks with limited intelligent abilities, which are hard to meet the needs of software-defined 5G. In this study, the authors propose an intelligent IDS taking the advances in software-defined technology and artificial intelligence based on software-defined 5G architecture. It flexibly integrates security function modules which are adaptively invoked under centralised management and control with a global view. It can also deal with unknown intrusions by using machine learning algorithms. Evaluation results prove that the intelligent IDS achieves better performance with lower overhead. It is also verified that the selected machine learning algorithms show better accuracy and reduced false alarm rate in flow-based classification.

Talha Naqash,Sajjad Hussain Shah,Muhammad Najam Ul Islam

DOI: https://doi.org/10.1007/s10766-021-00715-0

2021-08-09

International Journal of Parallel Programming

Abstract:Internet users and internet services are increasing day by day, which increases the internet traffic from zeta-bytes to petabytes with ultra-high-speed. Different types of architecture are implemented to handle high-speed data traffic. The two layers approach of the Software-Defined Network (SDN) architecture converts classical network architecture to consistent, centralized controllable network architecture with programming ability. On the other hand, network security is still the main concern for the network administrator and detection of malicious internet packets in ultra-high-speed traffic of the programmable network. Therefore, in this paper, we proposed a Statistical Analysis Based Intrusion Detection System (SABIDS) by using Machine Learning (ML) approach. The key idea is to implement the SABIDS inside the (RYU) controller that will statistically analyse the high-speed internet traffic flows and block the identified packet generator IP automatically. The SABIDS scheme consists of 3 modules, (1) fetch the runtime flow statistics, (2) Identify the nature of the flow by statistical and pattern match techniques, (3) Block the malicious flow's source IP. Different types of ML classifiers are used to evaluate the performance of the scheme. This scheme enables the SDN controller to detect malicious traffic and avoid potential losses like system failure or risk of being an attack.

computer science, theory & methods

Mouhammad Alkasassbeh,Mohammad Almseidin

DOI: https://doi.org/10.48550/arXiv.1809.02610

2018-09-02

Abstract:Network security engineers work to keep services available all the time by handling intruder attacks. Intrusion Detection System (IDS) is one of the obtainable mechanisms that is used to sense and classify any abnormal actions. Therefore, the IDS must be always up to date with the latest intruder attacks signatures to preserve confidentiality, integrity, and availability of the services. The speed of the IDS is a very important issue as well learning the new attacks. This research work illustrates how the Knowledge Discovery and Data Mining (or Knowledge Discovery in Databases) KDD dataset is very handy for testing and evaluating different Machine Learning Techniques. It mainly focuses on the KDD preprocess part in order to prepare a decent and fair experimental data set. The J48, MLP, and Bayes Network classifiers have been chosen for this study. It has been proven that the J48 classifier has achieved the highest accuracy rate for detecting and classifying all KDD dataset attacks, which are of type DOS, R2L, U2R, and PROBE.

Networking and Internet Architecture,Cryptography and Security

Abbas Jasem Altamemi,Aladdin Abdulhassan,Nawfal Turki Obeis

DOI: https://doi.org/10.11591/eei.v11i5.4155

2022-10-01

Bulletin of Electrical Engineering and Informatics

Abstract:The term software defined networking (SDN) is a network model that contributes to redefining the network characteristics by making the components of this network programmable, monitoring the network faster and larger, operating with the networks from a central location, as well as the possibility of detecting fraudulent traffic and detecting special malfunctions in a simple and effective way. In addition, it is the land of many security threats that lead to the complete suspension of this network. To mitigate this attack this paper based on the use of machine learning techniques contribute to the rapid detection of these attacks and methods were evaluated detecting DDoS attacks and choosing the optimum accuracy for classifying these types within the SDN, the results showed that the proposed system provides the better results of accuracy to detect the DDos attack in SDN network as 99.90% accuracy of Decision Tree (DT) algorithm.

Geeta Singh,Neelu Khare

DOI: https://doi.org/10.1080/1206212X.2021.1885150

2021-02-15

International Journal of Computers and Applications

Abstract:The evolution in the attack scenarios has been such that finding efficient and optimal Network Intrusion Detection Systems (NIDS) with frequent updates has become a big challenge. NIDS implementation using machine learning (ML) techniques and updated intrusion datasets is one of the solutions for effective modeling of NIDS. This article presents a brief description of publicly available labeled intrusion datasets and ML techniques. Later a brief explanation of the literary works is given in which machine learning techniques are applied for NIDS implementation in different networking scenarios, such as traditional networks, cloud networks, Ad-Hoc, WSNs, and IoT networks. Hence, this article brings together publicly available intrusion datasets and machine learning techniques utilized in recent intrusion detection systems to reveal present-day challenges and future directions. This article also explains problems associated with NIDS. This will help researchers to enhance the existing NIDS models as well as to develop new effective models.

Muhammad U. Ilyas,Soltan Abed Alharbi

DOI: https://doi.org/10.1007/s00607-021-01050-5

2022-01-04

Computing

Abstract:All organizations, be they businesses, governments, infrastructure or utility providers, depend on the availability and functioning of their computers, computer networks and data centers for all or part of their operations. Network intrusion detection systems are the first line of defense that protect computing infrastructure from external attacks. In this study we develop five different Machine Learning classifiers for a number of attacks. We used the CSE-CIC-IDS2018 dataset, developed in a collaborative effort between the Communications Security Establishment and the Canadian Institute for Cybersecurity. It is an extensive network traffic trace dataset that captures multiple attacks and has become available relatively recently. The previous major dataset used for the development of network intrusion detection systems is the KDD Cup’99 dataset, now going on 22 years, which predates mobile computing, Web 2.0/3.0, social media, streaming video and widespread use of SSL. These significant Internet trends of the last two decades demand a reevaluation and redevelopment of intrusion detectors. Prior studies that designed Machine Learning classifiers using the CSE-CIC-IDS2018 dataset use a large and rich set of features, of which at least one is not dataset-invariant. Almost none have explored the appropriateness of using all available features with datasets containing only a few hundred attack class samples. The classifiers developed in this study rely on a justifiable number of features and their performance is reviewed for stability and generalization by reporting not just average performance over 10 fold cross-validation but also the degree of variation from one fold to the next.

computer science, theory & methods

N Maheswaran,S Bose,Buvaneswari Natarajan

DOI: https://doi.org/10.1080/00051144.2024.2372749

IF: 1.79

2024-07-13

Automatika

Abstract:The advancements made in Software-Defined Networking (SDN) technology seem quite promising, with potential wide application in managing and controlling the latest network infrastructures. SDN technology decouples the control plane from the data plane, enabling effective and flexible network management. However, this dynamic phenomenon brings new security challenges. With the increasing dynamism and programmable nature of networks, conventional security protocols may not sufficient to protect against advanced and sophisticated attacks. Although Intrusion Detection Systems (IDSs) have been extensively applied for identifying and preventing security threats in traditional network environments, IDS models designed specifically for traditional network requirements may not be adequate for SDN environments. These issues may stem from the static nature of conventional networks, contrasting with the dynamicity of advanced SDN networks, and the traditional IDS's inability to adapt to the dynamic nature of SDN. To address these challenges, the current research proposes a novel Deep Hybrid IDS model to enhance network security in SDN environments and prevent attacks using Scapy. The proposed model detects signature-based attacks by integrating Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) for real-time simulated datasets, achieving an accuracy of 97.8%, which is comparatively better than existing models.

automation & control systems,engineering, electrical & electronic

Ahmad Hamarshe,Huthaifa I. Ashqar,Mohammad Hamarsheh

DOI: https://doi.org/10.48550/arXiv.2303.06513

IF: 5.414

2023-03-11

Machine Learning

Abstract:The concept of Software Defined Networking (SDN) represents a modern approach to networking that separates the control plane from the data plane through network abstraction, resulting in a flexible, programmable and dynamic architecture compared to traditional networks. The separation of control and data planes has led to a high degree of network resilience, but has also given rise to new security risks, including the threat of distributed denial-of-service (DDoS) attacks, which pose a new challenge in the SDN environment. In this paper, the effectiveness of using machine learning algorithms to detect distributed denial-of-service (DDoS) attacks in software-defined networking (SDN) environments is investigated. Four algorithms, including Random Forest, Decision Tree, Support Vector Machine, and XGBoost, were tested on the CICDDoS2019 dataset, with the timestamp feature dropped among others. Performance was assessed by measures of accuracy, recall, accuracy, and F1 score, with the Random Forest algorithm having the highest accuracy, at 68.9%. The results indicate that ML-based detection is a more accurate and effective method for identifying DDoS attacks in SDN, despite the computational requirements of non-parametric algorithms.

Abdullah H Alqahtani

2024-04-01

Abstract:Network attacks have became increasingly more sophisticated and stealthy due to the advances in technologies and the growing sophistication of attackers. Advanced Persistent Threats (APTs) are a type of attack that implement a wide range of strategies to evade detection and be under the defence radar. Software Defined Network (SDN) is a network paradigm that implements dynamic configuration by separating the control plane from the network plane. This approach improves security aspects by facilitating the employment of network intrusion detection systems. Implementing Machine Learning (ML) techniques in Intrusion Detection Systems (IDSs) is widely used to detect such attacks but has a challenge when the data distribution changes. Concept drift is a term that describes the change in the relationship between the input data and the target value (label or class). The model is expected to degrade as certain forms of change occur. In this paper, the primary form of change will be in user behaviour (particularly changes in attacker behaviour). It is essential for a model to adapt itself to deviations in data distribution. SDN can help in monitoring changes in data distribution. This paper discusses changes in stealth attacker behaviour. The work described here investigates various concept drift detection algorithms. An incremental hybrid adaptive Network Intrusion Detection System (NIDS) is proposed to tackle the issue of concept drift in SDN. It can detect known and unknown attacks. The model is evaluated over different datasets showing promising results.

Cryptography and Security,Artificial Intelligence

G. Logeswari,S. Bose,T. Anitha

DOI: https://doi.org/10.32604/iasc.2023.026769

2023-01-01

Intelligent Automation & Soft Computing

Abstract:Software Defined Networking (SDN) has emerged as a promising and exciting option for the future growth of the internet. SDN has increased the flexibility and transparency of the managed, centralized, and controlled network. On the other hand, these advantages create a more vulnerable environment with substantial risks, culminating in network difficulties, system paralysis, online banking frauds, and robberies. These issues have a significant detrimental impact on organizations, enterprises, and even economies. Accuracy, high performance, and real-time systems are necessary to achieve this goal. Using a SDN to extend intelligent machine learning methodologies in an Intrusion Detection System (IDS) has stimulated the interest of numerous research investigators over the last decade. In this paper, a novel HFS-LGBM IDS is proposed for SDN. First, the Hybrid Feature Selection algorithm consisting of two phases is applied to reduce the data dimension and to obtain an optimal feature subset. In the first phase, the Correlation based Feature Selection (CFS) algorithm is used to obtain the feature subset. The optimal feature set is obtained by applying the Random Forest Recursive Feature Elimination (RF-RFE) in the second phase. A LightGBM algorithm is then used to detect and classify different types of attacks. The experimental results based on NSL-KDD dataset show that the proposed system produces outstanding results compared to the existing methods in terms of accuracy, precision, recall and f-measure.

automation & control systems,computer science, artificial intelligence