Article: ML-SDNIDS: an attack detection mechanism for SDN based on machine learning Journal: International Journal of Information and Computer Security (IJICS) 2022 Vol.19 No.1/2 pp.118 - 141 Abstract: With the rapid development of network technology, there are more and more application scenarios of software defined networking (SDN), such as big data, cloud computing, internet of things, etc. However, the facilities in the SDN network face security issues such as DDoS attacks, network monitoring, and privacy. In addition, the SDN controller is also the main target of the attacker. This paper makes a simple analysis of the security risks in SDN and proposes a machine learning-based intrusion detection system for SDN (ML-SDNIDS). According to the characteristics of SDN, ML-SDNIDS uses autoencoder and one-class support vector machine algorithm to train intrusion detection model in the control plane, and uses P4 programming language combined with machine learning algorithm to realise real-time intrusion detection function in the data plane. And compared with the traditional SVM and OCSVM intrusion detection models in the latest intrusion detection dataset CIC-DDoS2019, the experimental results show that the scheme proposed in this paper has greatly improved the detection accuracy and the execution efficiency of the model. In addition, this experimental scheme can make the intrusion detection accuracy of data plane P4 switch as high as 97%, and its packet transmission efficiency is still millisecond. Inderscience Publishers - linking academia, business and industry through research

Title: ML-SDNIDS: an attack detection mechanism for SDN based on machine learning

Authors: Xian Guo; Wei Bai

Addresses: School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050, China ' School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050, China

Abstract: With the rapid development of network technology, there are more and more application scenarios of software defined networking (SDN), such as big data, cloud computing, internet of things, etc. However, the facilities in the SDN network face security issues such as DDoS attacks, network monitoring, and privacy. In addition, the SDN controller is also the main target of the attacker. This paper makes a simple analysis of the security risks in SDN and proposes a machine learning-based intrusion detection system for SDN (ML-SDNIDS). According to the characteristics of SDN, ML-SDNIDS uses autoencoder and one-class support vector machine algorithm to train intrusion detection model in the control plane, and uses P4 programming language combined with machine learning algorithm to realise real-time intrusion detection function in the data plane. And compared with the traditional SVM and OCSVM intrusion detection models in the latest intrusion detection dataset CIC-DDoS2019, the experimental results show that the scheme proposed in this paper has greatly improved the detection accuracy and the execution efficiency of the model. In addition, this experimental scheme can make the intrusion detection accuracy of data plane P4 switch as high as 97%, and its packet transmission efficiency is still millisecond.

Keywords: software defined networking; SDN; autoencoder; one-class support vector machine; OCSVM; intrusion detection system; IDS; P4.

DOI: 10.1504/IJICS.2022.126759

International Journal of Information and Computer Security, 2022 Vol.19 No.1/2, pp.118 - 141

Received: 30 Nov 2021
Accepted: 17 May 2022
Published online: 04 Nov 2022 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: ML-SDNIDS: an attack detection mechanism for SDN based on machine learning

Keep up-to-date