Survey on SDN based network intrusion detection system using machine learning approaches

Sultana, Nasrin; Chilamkurti, Naveen; Peng, Wei; Alhadad, Rabei

doi:10.1007/s12083-017-0630-0

Cited by 375 publications

(201 citation statements)

References 35 publications

Supporting

Mentioning

198

Contrasting

Unclassified

Order By: Relevance

“…Compared with signature based detection, anomaly detection using ML is more scalable, and more flexible. [27] All machine learning approaches follow the same general steps of identifying/building learning data sets, feature extraction and classification.Selecting the right dataset is crucial because ML models can only identify anomalies based on what it has known (trained with).The more organic, diverse and properly prepared dataset we have, the more accurate our models will be. Pre-processing steps usually involves mapping symbolic values to numeric values, data scaling, etc.…”

Section: Anomaly Detection Using Machine Learningmentioning

confidence: 99%

“…A large portion of training data for ML-based SDN security applications is synthetic and is not realistic enough. Commonly used data sets include but not limiting to the University of New Brunswick ISCX 2012 Intrusion Detection, Evaluation Data Set, the CIC DOS Dataset, the KDD dataset, the ADFA-LD12 dataset, the UNSW-NB15 dataset, the WSN-DS dataset, and so on [27]. Because those datasets were developed by research institutes and made available to the public, MLbased solutions trained on those datasets alone can be outmaneuvered by adversaries who studied the same data.…”

Section: Solutionsmentioning

confidence: 99%

“…Even when there is absolutely nothing wrong going on, performance of ML models in the real world is usually degraded because of a significantly higher volume of data, a much wider range of fluctuations, real world constraints, and so on. In short, while being good at classification tasks, ML models are not be able to recognize the context and logics behind real world situations [27]. Consequently, it is challenging to really evaluate a model.…”

Section: Solutionsmentioning

confidence: 99%

See 2 more Smart Citations

The Challenges in ML-Based Security for SDN

Tn¹

2018

2018 2nd Cyber Security in Networking Conference (CSNet)

View full text Add to dashboard Cite

Machine learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Dened Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire Software Defined Network. Compromising the models is therefore a very desirable goal. Previous surveys have been done on either adversarial machine learning without the context of secure networking environment or the general vulnerabilities of SDNs without much consideration of the defending ML models. Through examination of the latest ML based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.

show abstract

Section: Anomaly Detection Using Machine Learningmentioning

confidence: 99%

Section: Solutionsmentioning

confidence: 99%

Section: Solutionsmentioning

confidence: 99%

See 1 more Smart Citation

The Challenges in ML-Based Security for SDN

Tn¹

2018

2018 2nd Cyber Security in Networking Conference (CSNet)

View full text Add to dashboard Cite

show abstract

“…In order to improve detection accuracy and minimize the low false alarm rate, machine learning (ML) techniques are employed to develop NIDS. Due to its advance features other than machine learning, nowadays the deep learning (DL) approach has also been used extensively in the tracks of anomaly detection [12]. This paper will explore the effects of a flow-based anomaly detection system using both Machine learning and deep learning approach in software-defined networking because of the nature of flow-based traffic analysis of software-defined networking (SDN).…”

Section: Introductionmentioning

confidence: 99%

“…They protect a network from being affected by malicious data. Network intrusion detection systems (NIDS) are developed to detect malicious activities including distributed denial-of-service (DDoS) attacks, virus, worm, and anomaly patterns [12]. A common approach for intrusion detection is detecting anomalies in network traffic, however, network threats are evolving at an unprecedented rate.…”

mentioning

confidence: 99%

Effects of Machine Learning Approach in Flow-Based Anomaly Detection on Software-Defined Networking

Dey

Rahman²

2019

Symmetry

View full text Add to dashboard Cite

Recent advancements in software-defined networking (SDN) make it possible to overcome the management challenges of traditional networks by logically centralizing the control plane and decoupling it from the forwarding plane. Through a symmetric and centralized controller, SDN can prevent security breaches, but it can also bring in new threats and vulnerabilities. The central controller can be a single point of failure. Hence, flow-based anomaly detection system in OpenFlow Controller can secure SDN to a great extent. In this research, we investigated two different approaches of flow-based intrusion detection system in OpenFlow Controller. The first of which is based on machine-learning algorithm where NSL-KDD dataset with feature selection ensures the accuracy of 82% with random forest classifier using the gain ratio feature selection evaluator. In the later phase, the second approach is combined with a deep neural network (DNN)-based intrusion detection system based on gated recurrent unit-long short-term memory (GRU-LSTM) where we used a suitable ANOVA F-Test and recursive feature elimination selection method to boost classifier output and achieve an accuracy of 88%. Substantial experiments with comparative analysis clearly show that, deep learning would be a better choice for intrusion detection in OpenFlow Controller.Symmetry 2020, 12, 7 2 of 21 of the network, taking advantage of decision-making from the global perspective of the network in the controller. However, to be successful in current dynamic environments, traffic monitoring becomes a cornerstone in SDN given that management applications often need to make use of accurate and timely traffic measurements. Forwarding components like switches, routers, etc., are elements of the data plane and the controller is the only element of the control plane. Decoupling of the network control and forwarding functions, and direct programmability of the network give network managers enough control over the network. Separation of the routing and forwarding activities of networking components (e.g., switches, routers, etc.) from the data plane, makes the administration and management of the network straightforward because the control plane now only has to handle logical network topology-related information, traffic routing, and so forth while the data plane only needs to manage the network traffic using the configuration provided by the control unit. The SDN paradigm was the outcome of some works of the research world that suggested the necessity of building programmable networks as a practical way to experiment with new protocols in production networks. From its inception, it has gained lots of attention from academia and industry. It is supported by giants of the Internet world like Google, Cisco, HP, Juniper or NEC and by standardization organizations like the Open Network Foundation (ONF) or the Internet Engineering Task Force (IETF), so one can state that this network paradigm has a lot of potential to succeed. The proposal of the OpenFlow protocol [2] in 2008 wa...

show abstract

SDMN Security

Montes

2021

Wiley 5G Ref

View full text Add to dashboard Cite

Software‐Defined Mobile Networks (SDMNs) is a rapidly emerging paradigm that involves designing and implementing mobile networks and functions as software allowing the introduction of generic, commodity, and off‐the‐shelf hardware and software in the core and radio access parts. It involves separating the data and control planes (SDN) and introducing Network Function Virtualization (NFV). These architectural and technical changes introduce new capabilities with respect to manageability, scalability, and dynamicity but also new vulnerabilities that will be discussed in this section, followed by the presentation of different solutions. Particular focus is made on distributed and highly flexible and programmable security monitoring architectures since they are important for providing the awareness of the state of the network at all levels (i.e. from the application to physical layers, at the data, and control planes) and enable the prevention and reaction to security breaches involving anomalies, sensitive data loss, and cyber‐attacks.

show abstract

Survey on SDN based network intrusion detection system using machine learning approaches

Cited by 375 publications

References 35 publications

The Challenges in ML-Based Security for SDN

The Challenges in ML-Based Security for SDN

Effects of Machine Learning Approach in Flow-Based Anomaly Detection on Software-Defined Networking

SDMN Security

Contact Info

Product

Resources

About