-
An Efficient Flow-based Multi-level Hybrid Intrusion Detection System for Software-Defined Networks
Authors:
Majd Latah,
Levent Toker
Abstract:
Software-Defined Networking (SDN) is a novel networking paradigm that provides enhanced programming abilities, which can be used to solve traditional security challenges on the basis of more efficient approaches. The most important element in the SDN paradigm is the controller, which is responsible for managing the flows of each correspondence forwarding element (switch or router). Flow statistics…
▽ More
Software-Defined Networking (SDN) is a novel networking paradigm that provides enhanced programming abilities, which can be used to solve traditional security challenges on the basis of more efficient approaches. The most important element in the SDN paradigm is the controller, which is responsible for managing the flows of each correspondence forwarding element (switch or router). Flow statistics provided by the controller are considered to be useful information that can be used to develop a network-based intrusion detection system. Therefore, in this paper, we propose a 5-level hybrid classification system based on flow statistics in order to attain an improvement in the overall accuracy of the system. For the first level, we employ the k-Nearest Neighbor approach (kNN); for the second level, we use the Extreme Learning Machine (ELM); and for the remaining levels, we utilize the Hierarchical Extreme Learning Machine (H-ELM) approach. In comparison with conventional supervised machine learning algorithms based on the NSL-KDD benchmark dataset, the experimental study showed that our system achieves the highest level of accuracy (84.29%). Therefore, our approach presents an efficient approach for intrusion detection in SDNs.
△ Less
Submitted 11 June, 2018;
originally announced June 2018.
-
Artificial Intelligence Enabled Software Defined Networking: A Comprehensive Overview
Authors:
Majd Latah,
Levent Toker
Abstract:
Software defined networking (SDN) represents a promising networking architecture that combines central management and network programmability. SDN separates the control plane from the data plane and moves the network management to a central point, called the controller, that can be programmed and used as the brain of the network. Recently, the research community has showed an increased tendency to…
▽ More
Software defined networking (SDN) represents a promising networking architecture that combines central management and network programmability. SDN separates the control plane from the data plane and moves the network management to a central point, called the controller, that can be programmed and used as the brain of the network. Recently, the research community has showed an increased tendency to benefit from the recent advancements in the artificial intelligence (AI) field to provide learning abilities and better decision making in SDN. In this study, we provide a detailed overview of the recent efforts to include AI in SDN. Our study showed that the research efforts focused on three main sub-fields of AI namely: machine learning, meta-heuristics and fuzzy inference systems. Accordingly, in this work we investigate their different application areas and potential use, as well as the improvements achieved by including AI-based techniques in the SDN paradigm.
△ Less
Submitted 6 November, 2018; v1 submitted 19 March, 2018;
originally announced March 2018.
-
Towards an Efficient Anomaly-Based Intrusion Detection for Software-Defined Networks
Authors:
Majd Latah,
Levent Toker
Abstract:
Software-defined networking (SDN) is a new paradigm that allows developing more flexible network applications. SDN controller, which represents a centralized controlling point, is responsible for running various network applications as well as maintaining different network services and functionalities. Choosing an efficient intrusion detection system helps in reducing the overhead of the running c…
▽ More
Software-defined networking (SDN) is a new paradigm that allows developing more flexible network applications. SDN controller, which represents a centralized controlling point, is responsible for running various network applications as well as maintaining different network services and functionalities. Choosing an efficient intrusion detection system helps in reducing the overhead of the running controller and creates a more secure network. In this study, we investigate the performance of the well-known anomaly-based intrusion detection approaches in terms of accuracy, false alarm rate, precision, recall, f1-measure, area under ROC curve, execution time and Mc Nemar's test. Precisely, we focus on supervised machine-learning approaches where we use the following classifiers: Decision Trees (DT), Extreme Learning Machine (ELM), Naive Bayes (NB), Linear Discriminant Analysis (LDA), Neural Networks (NN), Support Vector Machines (SVM), Random Forest (RT), K Nearest-Neighbour (KNN), AdaBoost, RUSBoost, LogitBoost and BaggingTrees where we employ the well-known NSL-KDD benchmark dataset to compare the performance of each one of these classifiers.
△ Less
Submitted 19 August, 2018; v1 submitted 18 March, 2018;
originally announced March 2018.
