Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

Ahmed, Naveed; Ngadi, Md. Asri; Sharif, Johan Mohamad; Hussain, Saddam; Uddin, Mueen; Rathore, Muhammad Siraj; Iqbal, Jawaid; Abdelhaq, Maha; Alsaqour, Raed; Ullah, Syed Sajid; Zuhra, Fatima Tul

doi:10.3390/s22207896

Cited by 17 publications

(13 citation statements)

References 145 publications

(148 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ML techniques have been increasingly applied to improve the accuracy and reduce false positives of anomaly‐based NIDS (Ahmed et al, 2022; Tufan et al, 2021). Researchers have leveraged various datasets and models to develop effective NIDS.…”

Section: Related Workmentioning

confidence: 99%

“…Signature‐based methods rely on predefined attack signatures but may struggle to detect new threats or polymorphic attacks that adapt to evade detection. In contrast, anomaly‐based NIDSs excel at identifying unusual or unexpected behaviour, making them particularly effective against zero‐day attacks and unknown threats (Ahmed et al, 2022; Khraisat et al, 2019; Ozkan‐Okay et al, 2021). By analyzing traffic patterns and identifying anomalies, anomaly‐based NIDSs can detect previously unknown attacks that would otherwise go undetected by signature‐based systems.…”

Section: Introductionmentioning

confidence: 99%

“…While anomaly‐based NIDSs have an advantage in reducing false negatives, they may produce a higher rate of false positives, flagging non‐malicious activity as an attack. Achieving the right balance between false positives and false negatives is crucial to ensure optimal security (Ahmed et al, 2022).…”

Section: Introductionmentioning

confidence: 99%

“…Machine learning (ML) has proven to be a powerful asset in anomaly‐based NIDS, enabling the detection of new intrusions and various network behaviours, including those previously unseen or unknown (Ahmed et al, 2022; Tufan et al, 2021). NIDSs analyze network logs, encompassing both tabular features like source and destination IP addresses, ports, timestamps, and non‐tabular features like payload data, often in non‐human‐readable forms like binary or encoded text.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Network intrusion detection system by learning jointly from tabular and text‐based features

Düzgün,

Çayır,

Ünal

et al. 2023

Expert Systems

View full text Add to dashboard Cite

Network intrusion detection systems (NIDS) play a critical role in maintaining the security and integrity of computer networks. These systems are designed to detect and respond to anomalous activities that may indicate malicious intent or unauthorized access. The need for robust NIDS solutions has never been more pressing in today's digital landscape, characterized by constantly evolving cyber threats. Deploying effective NIDS can be challenging, particularly in accurately identifying network anomalies amid the ever‐increasing sophisticated and difficult‐to‐detect cyber threats. The motivation for our research stems from the recognition that while NIDS studies have made significant strides, there remains a crucial need for more effective and accurate methods to detect network anomalies. Commonly used features in NIDS studies include network logs, with some studies exploring text‐based features such as payload. However, traditional machine and deep learning models may need to be improved in learning jointly from tabular and text‐based features. Here, we present a new approach that integrates both tabular and text‐based features to improve the performance of NIDS. Our research aims to address the existing limitations of NIDS and contribute to the development of more reliable and efficient network security solutions by introducing more effective and accurate methods for detecting network anomalies. Our internal experiments have revealed that the deep learning approach utilizing tabular features produces favourable results, whereas the pre‐trained transformer approach needs to perform sufficiently. Hence, our proposed approach, which integrates both feature types using deep learning and pre‐trained transformer approaches, achieves superior performance. These findings indicate that integrating both feature types using deep learning and pre‐trained transformer approaches can significantly improve the accuracy of network anomaly detection. Moreover, our proposed approach outperforms the state‐of‐the‐art methods in terms of accuracy, F1‐score, and recall on commonly used NIDS datasets consisting of ISCX‐IDS2012, UNSW‐NB15, and CIC‐IDS2017, with F1‐scores of 99.80%, 92.37%, and 99.69%, respectively, indicating its effectiveness in detecting network anomalies.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Network intrusion detection system by learning jointly from tabular and text‐based features

Düzgün,

Çayır,

Ünal

et al. 2023

Expert Systems

View full text Add to dashboard Cite

show abstract

“…ML methods are used in intrusion detection systems, but dataset pre-processing and anomaly traffic detection are time-consuming and complex [ 58 ]. However, using DL methods [ 59 ], features may be mapped to a higher degree with more distinct feature spaces. A CNN is a deep learning approach that uses a convolution layer to automatically extract useful features from the authentic data feature plane through convolution layer.…”

Section: Literature Reviewmentioning

confidence: 99%

A novel hybrid optimization enabled robust CNN algorithm for an IoT network intrusion detection approach

et al. 2022

View full text Add to dashboard Cite

Due to the huge number of connected Internet of Things (IoT) devices within a network, denial of service and flooding attacks on networks are on the rise. IoT devices are disrupted and denied service because of these attacks. In this study, we proposed a novel hybrid meta-heuristic adaptive particle swarm optimization–whale optimizer algorithm (APSO-WOA) for optimization of the hyperparameters of a convolutional neural network (APSO-WOA-CNN). The APSO–WOA optimization algorithm’s fitness value is defined as the validation set’s cross-entropy loss function during CNN model training. In this study, we compare our optimization algorithm with other optimization algorithms, such as the APSO algorithm, for optimization of the hyperparameters of CNN. In model training, the APSO–WOA–CNN algorithm achieved the best performance compared to the FNN algorithm, which used manual parameter settings. We evaluated the APSO–WOA–CNN algorithm against APSO–CNN, SVM, and FNN. The simulation results suggest that APSO–WOA–CNf[N is effective and can reliably detect multi-type IoT network attacks. The results show that the APSO–WOA–CNN algorithm improves accuracy by 1.25%, average precision by 1%, the kappa coefficient by 11%, Hamming loss by 1.2%, and the Jaccard similarity coefficient by 2%, as compared to the APSO–CNN algorithm, and the APSO–CNN algorithm achieves the best performance, as compared to other algorithms.

show abstract

Impacts of blockchain in software‐defined Internet of Things ecosystem with Network Function Virtualization for smart applications: Present perspectives and future directions

Rahman

Islam

Kundu

et al. 2023

Int J Communication

View full text Add to dashboard Cite

SummaryAs an emerging technology, blockchain (BC) has been playing a promising role in today's software‐defined networking (SDN)‐enabled Internet of Things (IoT) applications. Because of the salient feature of the network function virtualization (NFV) techniques, SDN can ensure an IoT system runs efficiently and smoothly in a cloud‐driven ecosystem. When cloud‐enabled systems encounter immense security and operational challenges caused mainly by third‐party dependency, large‐scale data communication, and maintenance, BC offers effective and robust data transfer solutions without incorporating intermediaries over the distributed network. With the increased SDN‐BC convergence in the IoT domain, the underlying challenges and perspectives deserve proper attention methodically and structurally. From the motivation of addressing such issues, this study provides necessary insights to combine those for successful plug‐and‐play. Therefore, the study includes purposefully investigating current state‐of‐the‐art to extract the research trends, future directions, and perspectives in this domain. This study provides a comprehensive survey of IoT, SDN, NFV, and BC‐enabled emerging technologies. More importantly, the authors intelligently integrated the four different technologies—IoT, SDN, BC, and NFV based on characteristics, scopes, challenges, taxonomies, and tables in numerous areas. Initially, the authors introduce the SDN‐IoT ecosystem in brief and address the features and applications. We took a close look at the SDN's overall taxonomy based on security, environment, scopes, and challenges. We also briefly describe the integration of SDN‐IoT with the NFV ecosystems. Moreover, we review the prospect of BC technology from security perspectives, its extent, challenges of practical implementation, and the possible integration of IoT regarding smart applications. Finally, this study highlights several future directions based on these technologies.

show abstract

Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction

Cited by 17 publications

References 145 publications

Network intrusion detection system by learning jointly from tabular and text‐based features

Network intrusion detection system by learning jointly from tabular and text‐based features

A novel hybrid optimization enabled robust CNN algorithm for an IoT network intrusion detection approach

Impacts of blockchain in software‐defined Internet of Things ecosystem with Network Function Virtualization for smart applications: Present perspectives and future directions

Contact Info

Product

Resources

About