An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks
- PDF / 996,528 Bytes
- 11 Pages / 595.276 x 790.866 pts Page_size
- 76 Downloads / 236 Views
REGULAR PAPER
An efficient flow‑based multi‑level hybrid intrusion detection system for software‑defined networks Majd Latah1 · Levent Toker2 Received: 28 July 2019 / Accepted: 4 September 2020 © China Computer Federation (CCF) 2020
Abstract Software-defined networking (SDN) is a novel networking paradigm that provides enhanced programming abilities, which can be used to solve traditional security challenges on the basis of more efficient approaches. The most important element in the SDN paradigm is the controller, which manages the flows of each correspondence forwarding element (switch or router). Flow statistics provided by the controller are considered to be useful information that can be used to develop a networkbased intrusion detection system. Therefore, in this paper, we propose a 5-level hybrid classification system based on flow statistics in order to attain an improvement in the overall accuracy of the system. For the first level, we employ the k-nearest neighbor approach (kNN); for the second level, we use the extreme learning machine (ELM); and for the remaining levels, we utilize the hierarchical extreme learning machine (HELM) approach. In comparison with conventional supervised machine learning algorithms and other state-of-the-art methodologies based on the NSL-KDD benchmark dataset, the experimental study showed that our system achieves a good accuracy (84.29%), with an ability to detect new attacks that reaches 77.18%. Therefore, our approach presents an efficient approach for intrusion detection in SDNs. Keywords Extreme learning machine (ELM) · Hierarchical extreme learning machine (h-ELM) · Intrusion detection systems (IDS) · K-nearest neighbor (kNN) · Software-defined networking (SDN)
1 Introduction Software-defined networking (SDN) is the fruit of earlier proposals that mainly concerned both programmable networks and the separation of control-data planes (Jarraya et al., 2014). In the SDN paradigm, the controller, which represents a logically centralized controlling point, successfully manages and gathers flow-based statistics via southbound interface such as OpenFlow protocol (McKeown et al. 2008), which is maintained by open networking foundation (ONF), a non-profit industry consortium that offers support and ensures various improvements in the SDN field (McKeown et al. 2008). * Majd Latah [email protected] Levent Toker [email protected] 1
Department of Computer Science, Ozyegin University, 34794 Istanbul, Turkey
Department of Computer Engineering, Ege University, 35100 Bornova, Turkey
2
In this paper, we aim to design an efficient intrusion detection system (IDS) in the SDN paradigm. Our goal is to correctly classify well-known attacks alongside being able to detect new attacks on the basis of flow statistics provided by the controller. Flow-based intrusion detection approaches (Kim et al. 2004; Lakhina et al. 2005; Brauckhoff et al. 2007) depend only on the inspection of the packet header; therefore, they are considered to be computationally efficient in compari
Data Loading...
