Rohith Vallabhaneni, Srinivas A Vaddadi, Abhilash Maroju, Sravanthi Dontu

DOI: https://doi.org/10.17762/ijritcc.v11i9s.9491

2023-08-31

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:The process of analysing and improving network traffic is of tremendous relevance to network management and multimedia data mining techniques. Security in Software Defined Networks (SDNs), which rely on a programmable controller in the middle, has recently emerged as the most challenging aspect of SDNs. Network traffic monitoring is critical for detecting and exposing intrusion anomalies in an SDN context. Thus, this study offers a thorough assessment of the NSL-KDD dataset using five separate clustering algorithms: K-means, Farthest First, Canopy, Density-based method, and Exception-maximization (EM). The software used to conduct the comparisons is the Waikato Environment for Knowledge Analysis (WEKA). In addition, the article introduces a knowledge discovery in databases (KDD)–based deep learning (DL) model for intrusion detection that is SDN-based. Initially, the dataset that is being used is clustered into four main attack types and one normal category. We will next go over the steps necessary to build a deep learning intrusion detection system that is based on SDN. The results provide an objective assessment of the several attack types present in the KDD dataset. Just like other methods, the results demonstrate that the proposed deep learning strategy provides better intrusion detection performance. As an illustration, the tested dataset demonstrates a detection accuracy of 94.21% when using the suggested approach.

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.1002/cpe.7438

2022-11-13

Concurrency and Computation: Practice and Experience

Abstract:Summary Software‐defined networking (SDN) has been developed to separate network control plane from forwarding plane which can decrease operational costs and the time it takes to deploy new services compared to traditional networks. Despite these advantages, this technology brings threats and vulnerabilities. Consequently, developing high‐performance real‐time intrusion detection systems (IDSs) to classify malicious activities is a vital part of SDN architecture. This article introduces two created datasets generated from SDN using Mininet and Ryu controller with different feature extraction tools that contain normal traffic and different types of attacks (Fin flood, UDP flood, ICMP flood, OS probe scan, port probe scan, TCP bandwidth flood, and TCP syn flood) that is used for training a number of supervised binary classification machine learning algorithms such as k‐nearest neighbor, AdaBoost, decision tree (DT), random forest, naive Bayes, multilayer perceptron, support vector machine, and XGBoost. The DT algorithm has achieved high scores to fit a real‐time application achieving F1 score on attack class of 0.9995, F1 score on normal class of 0.9983, and throughput score of 6,737,147.275 samples per second with a total number of three features. In addition, using data preprocessing to reduce the model complexity, thereby increasing the overall throughput to fit a real‐time system.

Safi Ibrahim,Aya M. Youssef,Mahmoud Shoman,Sanaa Taha

DOI: https://doi.org/10.1016/j.eij.2024.100564

IF: 4.195

2024-10-31

Egyptian Informatics Journal

Abstract:Software-defined networking (SDN) is a revolutionary technology that has revolutionised network management by providing flexibility and adaptability. As the popularity of SDN increases, it is crucial to address security vulnerabilities in these dynamic networks. This paper proposes a framework for enhancing security in SDN by utilising three separate Deep Learning models, namely Deep Neural Network (DNN), Convolutional Neural Network (CNN), and Long Short-Term Memory (LSTM). This framework is utilised for the InSDN dataset, a huge dataset specifically created for SDN security research. The dataset consists of a total of 343,939 instances, encompassing both normal and attack traffic. The regular data yields a sum of 68,424, whereas the attack traffic comprises 275,515 occurrences. This study employs multiclassification algorithms to precisely detect and categorise diverse security threats in SDN. The InSDN dataset faces issues related to class imbalance, which are addressed by using the Synthetic Minority Over-sampling Technique (SMOTE). The SMOTE technique is utilised to create artificial instances of the underrepresented class, hence achieving a more equitable distribution of security hazards within the dataset. This strategy improves the efficacy of multiclassification techniques, ultimately resulting in greater accuracy in the identification and classification of different security threats in SDN environments. The initial DNN model exhibited satisfactory performance, with an accuracy of 87%. The second CNN model demonstrated strong and consistent performance, with an accuracy rate of 99%. In addition, an LSTM model attained a 90% accuracy rate.

computer science, information systems, artificial intelligence

Md. Rayhan Ahmed,salekul Islam,Swakkhar Shatabda,A. K. M. Muzahidul Islam,Md. Towhidul Islam Robin

DOI: https://doi.org/10.36227/techrxiv.17153213

2021-12-10

Abstract:At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.

Jorge Buzzio-García,Jaime Vergara,Santiago Ríos-Guiral,Christian Garzón,Sergio Gutiérrez,Juan F. Botero,Jose Luis Quiroz-Arroyo,Jesús Arturo Pérez-Díaz

DOI: https://doi.org/10.1109/access.2024.3378271

IF: 3.9

2024-03-27

IEEE Access

Abstract:In the contemporary cybersecurity landscape, robust attack detection mechanisms are important for organizations. However, the current state of research in Software-Defined Networking (SDN) suffers from a notable lack of recent SDN-OpenFlow-based datasets. This study seeks to bridge this gap by introducing a novel dataset for intrusion detection in Software-Defined Networking named SDNFlow. The dataset, derived from OpenFlow statistics gathered from real traffic, integrates a comprehensive range of network activities. An empirical evaluation leveraging diverse Machine and deep Learning algorithms was performed. Namely, Logistic regression, decision tree, random forest, K-nearest neighbors, Support Vector Machines, and Multilayer Perceptron were tested getting pretty good results with a precision average of 98% to 99% in binary classification and from 97% to 99% in multiclass classification depending of the attack, we highlight the efficacy of K-Nearest Neighbors (KNN) for traffic classification, particularly in detecting DDoS attacks and port scanning. The dataset is valuable for evaluating intrusion detection systems within SDN environments and deepening the understanding of traffic patterns in Software Defined Networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abdullah Ahmed Bahashwan,Mohammed Anbar,Selvakumar Manickam,Ghassan Issa,Mohammad Adnan Aladaileh,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.1371/journal.pone.0297548

IF: 3.7

2024-02-08

PLoS ONE

Abstract:Software Defined Network (SDN) has alleviated traditional network limitations but faces a significant challenge due to the risk of Distributed Denial of Service (DDoS) attacks against an SDN controller, with current detection methods lacking evaluation on unrealistic SDN datasets and standard DDoS attacks (i.e., high-rate DDoS attack). Therefore, a realistic dataset called HLD-DDoSDN is introduced, encompassing prevalent DDoS attacks specifically aimed at an SDN controller, such as User Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), and User Datagram Protocol (UDP). This SDN dataset also incorporates diverse levels of traffic fluctuations, representing different traffic variation rates (i.e., high and low rates) in DDoS attacks. It is qualitatively compared to existing SDN datasets and quantitatively evaluated across all eight scenarios to ensure its superiority. Furthermore, it fulfils the requirements of a benchmark dataset in terms of size, variety of attacks and scenarios, with significant features that highly contribute to detecting realistic SDN attacks. The features of HLD-DDoSDN are evaluated using a Deep Multilayer Perception (D-MLP) based detection approach. Experimental findings indicate that the employed features exhibit high performance in the detection accuracy, recall, and precision of detecting high and low-rate DDoS flooding attacks.

multidisciplinary sciences

G. Logeswari,S. Bose,T. Anitha

DOI: https://doi.org/10.32604/iasc.2023.026769

2023-01-01

Intelligent Automation & Soft Computing

Abstract:Software Defined Networking (SDN) has emerged as a promising and exciting option for the future growth of the internet. SDN has increased the flexibility and transparency of the managed, centralized, and controlled network. On the other hand, these advantages create a more vulnerable environment with substantial risks, culminating in network difficulties, system paralysis, online banking frauds, and robberies. These issues have a significant detrimental impact on organizations, enterprises, and even economies. Accuracy, high performance, and real-time systems are necessary to achieve this goal. Using a SDN to extend intelligent machine learning methodologies in an Intrusion Detection System (IDS) has stimulated the interest of numerous research investigators over the last decade. In this paper, a novel HFS-LGBM IDS is proposed for SDN. First, the Hybrid Feature Selection algorithm consisting of two phases is applied to reduce the data dimension and to obtain an optimal feature subset. In the first phase, the Correlation based Feature Selection (CFS) algorithm is used to obtain the feature subset. The optimal feature set is obtained by applying the Random Forest Recursive Feature Elimination (RF-RFE) in the second phase. A LightGBM algorithm is then used to detect and classify different types of attacks. The experimental results based on NSL-KDD dataset show that the proposed system produces outstanding results compared to the existing methods in terms of accuracy, precision, recall and f-measure.

automation & control systems,computer science, artificial intelligence

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.3390/fi13050111

2021-04-28

Future Internet

Abstract:Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

Mahmoud Said Elsayed,Nhien-An Le-Khac,Soumyabrata Dev,Anca Delia Jurcut

DOI: https://doi.org/10.48550/arXiv.2006.13981

2020-06-25

Abstract:Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns - hence, lacking in attack diversity. In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.

Cryptography and Security

Muhammad Zawad Mahmud,Shahran Rahman Alve,Samiha Islam,Mohammad Monirujjaman Khan

2024-11-08

Abstract:Software-defined network (SDN) is a new approach that allows network control to become directly programmable, and the underlying infrastructure can be abstracted from applications and network services. Control plane). When it comes to security, the centralization that this demands is ripe for a variety of cyber threats that are not typically seen in other network architectures. The authors in this research developed a novel machine-learning method to capture infections in networks. We applied the classifier to the UNSW-NB 15 intrusion detection benchmark and trained a model with this data. Random Forest and Decision Tree are classifiers used to assess with Gradient Boosting and AdaBoost. Out of these best-performing models was Gradient Boosting with an accuracy, recall, and F1 score of 99.87%,100%, and 99.85%, respectively, which makes it reliable in the detection of intrusions for SDN networks. The second best-performing classifier was also a Random Forest with 99.38% of accuracy, followed by Ada Boost and Decision Tree. The research shows that the reason that Gradient Boosting is so effective in this task is that it combines weak learners and creates a strong ensemble model that can predict if traffic belongs to a normal or malicious one with high accuracy. This paper indicates that the GBDT-IDS model is able to improve network security significantly and has better features in terms of both real-time detection accuracy and low false positive rates. In future work, we will integrate this model into live SDN space to observe its application and scalability. This research serves as an initial base on which one can make further strides forward to enhance security in SDN using ML techniques and have more secure, resilient networks.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Nisha Ahuja,Debajyoti Mukhopadhyay,Gaurav Singal

DOI: https://doi.org/10.1007/s00779-023-01785-2

2024-01-25

Personal and Ubiquitous Computing

Abstract:Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.

computer science, information systems,telecommunications

Mamatha Maddu,Yamarthi Narasimha Rao

DOI: https://doi.org/10.1007/s10586-024-04581-6

2024-06-19

Cluster Computing

Abstract:Software-defined networking (SDN) is known for its enhanced network programmability and adaptability, but maintaining strong safety precautions to protect against emerging cyber-attacks remains a constant issue. Since SDN has logically centralized control, an attack on the controller might paralyze the entire network. For this reason, intrusion detection is very crucial. Many academics have embraced state-of-the-art techniques to assess and identify these assaults. However, the majority of these approaches lack scalability and accuracy. Moreover, they had difficulties with restricted features, low efficiency, incorrect characteristics, and computing complexity. Therefore, to detect network vulnerabilities in SDN-based IoT networks, we developed a practical deep learning approach based on Res2Net and Elman Recurrent Neural Networks (ERNN) technique as a defense solution to detect security issues in SDN. This framework consists of multiple steps and starts by addressing the dataset's class imbalance issue with a Data Augmentation Generative Adversarial Network (DAGAN). Next, the Res2net and Enhanced Honey Badger Algorithm (EHBA) are used to extract and select features. This lowers the computational expense and lessens the possibility that the model would be misled by unsuitable and negative characteristics. Finally, an ERNN-based technique is used to detect and classify the intrusions in SDN. After seeing the network assaults, a practical mitigation framework is implemented to mitigate the network attacks. Three SDN IoT-focused datasets, InSDN, IoT-23 and ToN-IoT, are used in an experimental investigation to analyze the proposed framework's performance. The results of numerous trials show that the proposed method outperforms existing techniques regarding several constraints.

computer science, information systems, theory & methods

Rasoul Jafari Gohari,Laya Aliahmadipour,Marjan Kuchaki Rafsanjani

2024-09-05

Abstract:Software Defined Networks (SDN) face many security challenges today. A great deal of research has been done within the field of Intrusion Detection Systems (IDS) in these networks. Yet, numerous approaches still rely on deep learning algorithms. These algorithms suffer from complexity in implementation, high processing power and high memory consumption. In addition to security issues, firstly, the number of datasets that are based on SDN protocols are very small. Secondly, the ones that are available encompass numerous attacks in the network and do not focus on a single attack. For this reason, to introduce an SDN-based IDS with a focus on Distributed Denial of Service (DDoS) attacks, it is necessary to generate a DDoS-oriented dataset whose features can train a high-quality IDS. In this work, in order to address two important challenges in SDNs, initially, we generate three DDoS attack datasets based on three common and different network topologies. In the second step, using the Convolutional Tsetlin Machine (CTM), we introduce a lightweight IDS for DDoS attack dubbed CTMBIDS. The lightweight nature of the CTMBIDS stems from its low memory consumption and also its interpretability compared to the existing complex deep learning models. The low usage of system resources for the CTMBIDS makes it an ideal choice for an optimal software that consumes the SDN controllers least amount of memory. Also, in order to ascertain the quality of the generated datasets, we compare the CTMBIDS empirical results with the DDoS attacks of the KDDCup99 benchmark dataset as well. Since the main focus of this work is on a lightweight IDS, the results show the CTMBIDS performs much more efficiently than deep learning based approaches. Furthermore, the results also show in most datasets, the proposed method has relatively equal or better accuracy and also consumes much less memory than the existing methods.

Cryptography and Security

Zaid Mustafa,Rashid Amin,Hamza Aldabbas,Naeem Ahmed

DOI: https://doi.org/10.1007/s10586-024-04430-6

2024-04-27

Cluster Computing

Abstract:There has been a discernible rise in the growth and progress of the Internet, networking, and mobile communication. The complexity of networking systems has increased due to the advancements in devices, resources, and infrastructure. A novel and developing network technology called software-defined networking (SDN), gets beyond the drawbacks of conventional networks and gives networking systems intelligent control. While SDN is the most adaptable and promising network management control solution, its implementation also introduces a number of new security risks. There is a need to deploy networking systems intelligently to manage, optimize, and organize these complex systems. Machine learning (ML) approaches have been extensively utilized to detect many attacks, and an ML technique may assist the network administrator in taking the necessary precautions to avoid intrusions. In SDN, ML techniques are used to manage the network and make Network Intrusion Detection Systems (NIDS) detect network attacks like Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks. This paper comprehensively surveys ML and Deep Learning (DL) algorithms and techniques used for intrusion detection in SDN. Different studies are categorized accordingly, such as supervised, unsupervised, and deep learning models. Research studies are compared in the form of a table, and learned lessons are also leveraged for each category. Finally, this survey presents the key challenges faced in implementing different intrusion detection techniques in SDN before comprehensively highlighting future research directions.

computer science, information systems, theory & methods

Avinash R. Sonule,Mukesh Kalla,Amit Jain,D.S. Chouhan,,,,

DOI: https://doi.org/10.35940/ijeat.c5809.029320

2020-02-28

International Journal of Engineering and Advanced Technology

Abstract:The network attacks become the most important security problems in the today’s world. There is a high increase in use of computers, mobiles, sensors,IoTs in networks, Big Data, Web Application/Server,Clouds and other computing resources. With the high increase in network traffic, hackers and malicious users are planning new ways of network intrusions. Many techniques have been developed to detect these intrusions which are based on data mining and machine learning methods. Machine learning algorithms intend to detect anomalies using supervised and unsupervised approaches.Both the detection techniques have been implemented using IDS datasets like DARPA98, KDDCUP99, NSL-KDD, ISCX, ISOT.UNSW-NB15 is the latest dataset. This data set contains nine different modern attack types and wide varieties of real normal activities. In this paper, a detailed survey of various machine learning based techniques applied on UNSW-NB15 data set have been carried out and suggested thatUNSW-NB15 is more complex than other datasets and is assumed as a new benchmark data set for evaluating NIDSs.

N Maheswaran,S Bose,Buvaneswari Natarajan

DOI: https://doi.org/10.1080/00051144.2024.2372749

IF: 1.79

2024-07-13

Automatika

Abstract:The advancements made in Software-Defined Networking (SDN) technology seem quite promising, with potential wide application in managing and controlling the latest network infrastructures. SDN technology decouples the control plane from the data plane, enabling effective and flexible network management. However, this dynamic phenomenon brings new security challenges. With the increasing dynamism and programmable nature of networks, conventional security protocols may not sufficient to protect against advanced and sophisticated attacks. Although Intrusion Detection Systems (IDSs) have been extensively applied for identifying and preventing security threats in traditional network environments, IDS models designed specifically for traditional network requirements may not be adequate for SDN environments. These issues may stem from the static nature of conventional networks, contrasting with the dynamicity of advanced SDN networks, and the traditional IDS's inability to adapt to the dynamic nature of SDN. To address these challenges, the current research proposes a novel Deep Hybrid IDS model to enhance network security in SDN environments and prevent attacks using Scapy. The proposed model detects signature-based attacks by integrating Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) for real-time simulated datasets, achieving an accuracy of 97.8%, which is comparatively better than existing models.

automation & control systems,engineering, electrical & electronic

Jayashree PadmanabhanSaranya PrabuSaikrishna BalakrishnanVinayaka Murthy VijayDepartment of Computer Technology,MIT Campus,Anna University,Chennai,Tamil Nadu 600044,IndiaJayashree Padmanabhan received her BE (Hons) in electronics and communication from Madurai Kamaraj University,Masters (electronics engineering),and PhD (computer science and engineering) from Anna University. She is currently working as a professor in the department of computer technology,Anna University,Chennai. She has rich teaching and research experience and nearly 50 reputed journal/conference publications. Her research interests include cyber security,cryptographic algorithms,data analytics,medical informatics and e-learning. Email: aranya Prabu received her BE and Mtech degrees in computer science and engineering from Anna University and Kalsalingam University in 2007 and 2009,respectively. Currently,she is pursuing her PhD in the department of computer technology at Anna University,MIT campus,Chennai. She is carrying out her research on security solutions for software-defined networks. Her research interests include deep learning,network security,and SDN. Corresponding author. Email: psaranya.cse@gmail.comSaikrishna Balakrishnan graduated from Anna University,MIT Campus with BE (Hons) in computer science and engineering in 2022. Currently,he is working as a software developer for Citicorp Services India Pvt. Ltd. in Chennai,India. His research interests include deep learning,network security,and blockchain applications. Email: krishna6122000@gmail.comVinayaka Murthy Vijay graduated from Anna University,MIT Campus with BE in computer science and engineering in 2022. Currently,he is working as a software developer for Verizon Data Services India (VDSI) in Chennai,India. His research interests include IOT,blockchain and networking applications. Email: vijayvinayak23@gmail.com

DOI: https://doi.org/10.1080/03772063.2023.2297380

IF: 1.8768

2024-01-05

IETE Journal of Research

Abstract:SDN architectures are frequently used by organizations for the management of their networks and the detection of anomalous traffic in a single domain. However, in the real world, anomalous traffic might result in attacks like distributed denial of service (DDoS) that affect numerous domains. During intrusion detection, each SDN domain has to send real traffic data of a large volume to the multi-domain controller, exposing its sensitive information. This paper proposes a smart multistage framework for detecting attacks and ensuring privacy at no additional cost. This work utilized the recent unbalanced InSDN dataset for experimentation. It also uses an oversampling technique that reduces the imbalance rate for each attack type and selects the smallest possible training size and feature set size for an increase in detection accuracy and a reduction in computational complexity. Then, a multi-class classifier method for intrusion detection that does not require regularization or hyperparameter tuning, called ensemble-learning-based shallow decision tree (ELSDT) is proposed. Furthermore, the performance of the proposed classifier on the InSDN dataset is assessed on an SDN testbed. Experimental results show the ability of the proposed smart multistage privacy-preserving framework to make a significant reduction in the training sample size and feature set size to 87% and 76%, respectively. It also shows its outperformance in recent literature works by 5.67% improved accuracy.

telecommunications,engineering, electrical & electronic

Nasrin Sultana,Naveen Chilamkurti,Wei Peng,Rabei Alhadad

DOI: https://doi.org/10.1007/s12083-017-0630-0

2018-01-12

Abstract:Software Defined Networking Technology (SDN) provides a prospect to effectively detect and monitor network security problems ascribing to the emergence of the programmable features. Recently, Machine Learning (ML) approaches have been implemented in the SDN-based Network Intrusion Detection Systems (NIDS) to protect computer networks and to overcome network security issues. A stream of advanced machine learning approaches – the deep learning technology (DL) commences to emerge in the SDN context. In this survey, we reviewed various recent works on machine learning (ML) methods that leverage SDN to implement NIDS. More specifically, we evaluated the techniques of deep learning in developing SDN-based NIDS. In the meantime, in this survey, we covered tools that can be used to develop NIDS models in SDN environment. This survey is concluded with a discussion of ongoing challenges in implementing NIDS using ML/DL and future works.

computer science, information systems,telecommunications

Uakomba Mbasuva,Guy-Alain Lusilao Zodi

DOI: https://doi.org/10.1109/imcom53663.2022.9721785

2022-01-03

Abstract:Software Defined Networks (SDN) is gaining popularity in academia and the industry. This is due to SDNs ease of programmability, flexibility and centralized management. These networking features allow network administrators and programmers to easily monitor and control the entire network, at a limited cost. However, because of its centralized architecture, the controller becomes a single point of failure. This vulnerability makes it a target to cyber-attacks, but more specifically to Distributed Denial of Service (DDoS) attacks. The DDoS attack may target the SDN network controller in order to disrupt the entire network, causing network resources unavailable to legitimate users. Hence, in this work, we propose an ensemble Deep Learning (DL) Intrusion Detection System (IDS) to detect DDoS attack traffic in SDNs. Our proposed approach build an ensemble of Convolutional Neural Network (CNN), Deep Neural Network (DNN) and Recurrent Neural Network (RNN) model. To train the model, we use feature selection techniques from the literature and utilized the Canadian Institute for Cybersecurity Intrusion Detection System (CIC-IDS2017) as the evaluation dataset. The performance of the proposed model is compared with existing models, and from the results, it is observed that our proposed ensemble deep learning model performs better than ensemble CNN, ensemble RNN and ensemble voting.

Xiaofan Chen,Shunzheng Yu

DOI: https://doi.org/10.1587/transinf.2016edl8016

2016-01-01

IEICE Transactions on Information and Systems

Abstract:DDoS remains a major threat to Software Defined Networks. To keep SDN secure, effective detection techniques for DDoS are indispensable. Most of the newly proposed schemes for detecting such attacks on SDN make the SDN controller act as the IDS or the central server of a collaborative IDS. The controller consequently becomes a target of the attacks and a heavy loaded point of collecting traffic. A collaborative intrusion detection system is proposed in this paper without the need for the controller to play a central role. It is deployed as a modified artificial neural network distributed over the entire substrate of SDN. It disperses its computation power over the network that requires every participating switch to perform like a neuron. The system is robust without individual targets and has a global view on a large-scale distributed attack without aggregating traffic over the network. Emulation results demonstrate its effectiveness.