Skip to main content
SpringerLink
Log in

RADS: a real-time anomaly detection model for software-defined networks using machine learning

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Software-defined networks (SDN) are no more a new technology as many industries are adopting it in a hybrid or full stack mode. SDN has already proved its technological advantages compared to the traditional networking technologies. The proposed work RADS leverages the architectural advantages of SDN and employs a flexible dynamic threshold approach to detect the anomalies in near real time using machine learning algorithms (ARIMA), and within 150 ms, the user is alerted about the attack so that necessary actions can be taken. A proof of concept for RADS is developed using mininet to create the SDN topology, Elasticsearch as the database to store the packet information and result of machine learning model. ARIMA, linear regression and Prophet models are considered for detecting anomalies, and the resulting graphs show the time taken to detect the attack is achieved in near real time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data availability

This article does not use any dataset from any repository, as we are using simulations and generating real-time data for testing for drawing results. However, we have collected the simulation data used for drawing the graphs and table values mentioned in the paper, which can be made available.

References

  1. India: number of internet users 2040 | Statista. (n.d.). Retrieved January 17, (2023), from https://www.statista.com/statistics/255146/number-of-internet-users-in-india/

  2. Mantis - the most powerful botnet to date. (n.d.). Retrieved January 17, (2023), from https://blog.cloudflare.com/mantis-botnet/

  3. Liu, S., Jiang, H., Li, S., Yang, Y., Shen, L.: A feature compression technique for anomaly detection using convolutional neural networks. In: Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID, 2020-October, pp. 39–42 (2020). https://doi.org/10.1109/ASID50160.2020.9271685

  4. Chun-Hui, X., Chen, S., Cong-Xiao, B., Xing, L.: anomaly detection in network management system based on isolation forest. In: Proceedings—2018 4th Annual International Conference on Network and Information Systems for Computers, ICNISC 2018, pp. 56–60 (2018). https://doi.org/10.1109/ICNISC.2018.00019

  5. Phan, T.V., Nguyen, T.G., Dao, N.N., Huong, T.T., Thanh, N.H., Bauschert, T.: DeepGuard: efficient anomaly detection in SDN with fine-grained traffic flow monitoring. IEEE Trans. Netw. Serv. Manag. 17(3), 1349–1362 (2020). https://doi.org/10.1109/TNSM.2020.3004415

    Article  Google Scholar 

  6. Kromkowski, P., Li, S., Zhao, W., Abraham, B., Osborne, A., Brown, D.E.: Evaluating statistical models for network traffic anomaly detection. In: 2019 Systems and Information Engineering Design Symposium, SIEDS (2019). https://doi.org/10.1109/SIEDS.2019.8735594

  7. Zhou, Y., Li, J.: Research of network traffic anomaly detection model based on multilevel autoregression. In: Proceedings of IEEE 7th International Conference on Computer Science and Network Technology, ICCSNT 2019, pp. 380–384 (2019). https://doi.org/10.1109/ICCSNT47585.2019.8962517

  8. Pwint, P. H., Shwe, T.: Network traffic anomaly detection based on apache spark. In: 2019 International Conference on Advanced Information Technologies, ICAIT 2019, pp. 222–226 (2019). https://doi.org/10.1109/AITC.2019.8920897

  9. Qin, G., Chen, Y., Lin, Y.X.: Anomaly detection using LSTM in IP networks. In: Proceedings—2018 6th International Conference on Advanced Cloud and Big Data, CBD 2018, pp. 334–337 (2018). https://doi.org/10.1109/CBD.2018.00066

  10. Shi, Z., Li, J., Wu, C., Li, J.: DeepWindow: an efficient method for online network traffic anomaly detection. In: Proceedings—21st IEEE International Conference on High Performance Computing and Communications, 17th IEEE International Conference on Smart City and 5th IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2019, pp. 2403–2408 (2019). https://doi.org/10.1109/HPCC/SMARTCITY/DSS.2019.00335

  11. Sun, Y., Ochiai, H., Esaki, H.: Multi-type anomaly detection based on raw network traffic. In: 2021 IEEE 18th Annual Consumer Communications and Networking Conference, CCNC 2021 (2021). https://doi.org/10.1109/CCNC49032.2021.9369654

  12. Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8, 155859–155872 (2020). https://doi.org/10.1109/ACCESS.2020.3019330

    Article  Google Scholar 

  13. Jia, K., Liu, C., Liu, Q., Wang, J., Liu, J., Liu, F.: A lightweight DDoS detection scheme under SDN context. Cybersecurity 5(1), 1–15 (2022). https://doi.org/10.1186/S42400-022-00128-7/TABLES/5

    Article  Google Scholar 

  14. Yu, S., Zhang, J., Liu, J., Zhang, X., Li, Y., Xu, T.: A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN. Eurasip J. Wirel. Commun. Netw. 2021(1), 1–21 (2021). https://doi.org/10.1186/S13638-021-01957-9/FIGURES/12

    Article  Google Scholar 

  15. Gao, C., Chen, Y., Wang, Z., Xia, H., Lv, N.: Anomaly detection frameworks for outlier and pattern anomaly of time series in wireless sensor networks. In: Proceedings—2020 International Conference on Networking and Network Applications, NaNA 2020, pp. 229–232 (2020). https://doi.org/10.1109/NANA51271.2020.00046

  16. Zhan, P., Xu, H., Luo, W., Li, X.: A novel network traffic anomaly detection approach using the optimal varphi-DTW. In: Proceedings of the IEEE International Conference on Software Engineering and Service Sciences, ICSESS, 2020-October, pp. 48–51 (2020). https://doi.org/10.1109/ICSESS49938.2020.9237659

  17. Chae, Y., Katenka, N., Dipippo, L.: An adaptive threshold method for anomaly-based intrusion detection systems. In: 2019 IEEE 18th International Symposium on Network Computing and Applications, NCA 2019 (2019). https://doi.org/10.1109/NCA.2019.8935045

  18. Provotar, O. I., Linder, Y. M., Veres, M.M.: Unsupervised anomaly detection in time series using LSTM-based autoencoders. In: 2019 IEEE International Conference on Advanced Trends in Information Theory, ATIT 2019—Proceedings, pp. 513–517 (2019). https://doi.org/10.1109/ATIT49449.2019.9030505

  19. Das, S., Venugopal, D., Shiva, S.: A holistic approach for detecting DDoS attacks by using ensemble unsupervised machine learning. In: Advances in Intelligent Systems and Computing, vol. 1130, pp. 721–738. AISC (2020). https://doi.org/10.1007/978-3-030-39442-4_53/COVER

  20. Vikram, A., Mohana: Anomaly detection in network traffic using unsupervised machine learning approach. 476–479 (2020). https://doi.org/10.1109/ICCES48766.2020.9137987

  21. Kasim, Ö.: An efficient and robust deep learning based network anomaly detection against distributed denial of service attacks. Comput. Netw. 180, 107390 (2020). https://doi.org/10.1016/J.COMNET.2020.107390

    Article  Google Scholar 

  22. Hwang, R.H., Peng, M.C., Huang, C.W., Lin, P.C., Nguyen, V.L.: An unsupervised deep learning model for early network traffic anomaly detection. IEEE Access 8, 30387–30399 (2020). https://doi.org/10.1109/ACCESS.2020.2973023

    Article  Google Scholar 

  23. Usha, G., Narang, M., Kumar, A.: Detection and classification of distributed DoS attacks using machine learning. Lect. Notes Data Eng. Commun. Technol. 58, 985–1000 (2021). https://doi.org/10.1007/978-981-15-9647-6_78/COVER

    Article  Google Scholar 

  24. Xu, W., Jang-Jaccard, J., Singh, A., Wei, Y., Sabrina, F.: Improving performance of autoencoder-based network anomaly detection on NSL-KDD dataset. IEEE Access 9, 140136–140146 (2021). https://doi.org/10.1109/ACCESS.2021.3116612

    Article  Google Scholar 

  25. Ahuja, N., Singal, G., Mukhopadhyay, D., Kumar, N.: Automated DDOS attack detection in software defined networking. J. Netw. Comput. Appl. 187, 103108 (2021). https://doi.org/10.1016/J.JNCA.2021.103108

    Article  Google Scholar 

  26. Samom, P.S., Taggu, A.: Distributed denial of service (DDoS) attacks detection: a machine learning approach. Lect. Notes Netw. Syst. 187, 75–87 (2021). https://doi.org/10.1007/978-981-33-6173-7_6/COVER

    Article  Google Scholar 

  27. Khashab, F., Moubarak, J., Feghali, A., Bassil, C.: DDoS attack detection and mitigation in SDN using machine learning. In: Proceedings of the 2021 IEEE Conference on Network Softwarization: Accelerating Network Softwarization in the Cognitive Age, NetSoft 2021, pp. 395–401 (2021). https://doi.org/10.1109/NETSOFT51509.2021.9492558

  28. Abou El Houda, Z., Senhaji Hafid, A., Khoukhi, L.: A novel unsupervised learning method for intrusion detection in software-defined networks. In: EAI/Springer Innovations in Communication and Computing, pp. 103–117(2022). https://doi.org/10.1007/978-3-030-77185-0_7/COVER

  29. Tan, L., Pan, Y., Wu, J., Zhou, J., Jiang, H., Deng, Y.: A new framework for DDoS attack detection and defense in SDN environment. IEEE Access 8, 161908–161919 (2020). https://doi.org/10.1109/ACCESS.2020.3021435

    Article  Google Scholar 

  30. ARIMA Model - Complete Guide to Time Series Forecasting in Python | ML+. (n.d.). Retrieved January 17, (2023), from https://www.machinelearningplus.com/time-series/arima-model-time-series-forecasting-python/

  31. Mininet: An Instant Virtual Network on Your Laptop (or Other PC) - Mininet. (n.d.). Retrieved January 17, (2023), from http://mininet.org/

  32. Scapy. (n.d.). Retrieved January 17, (2023), from https://scapy.net/

  33. Mushtaq, R.: Augmented dickey fuller test. SSRN Electron. J. (2011). https://doi.org/10.2139/SSRN.1911068

  34. Flores, J.H.F., Engel, P.M., Pinto, R.C.: Autocorrelation and partial autocorrelation functions to improve neural networks models on univariate time series forecasting. In: Proceedings of the International Joint Conference on Neural Networks (2012). https://doi.org/10.1109/IJCNN.2012.6252470

Download references

Author information

Authors and Affiliations

  1. Department of CSE, RV College of Engineering, Bengaluru, India

    M. Sneha, A. Keerthan Kumar, Nikhil V. Hegde, A. S. Anish & G. Shobha

Authors
  1. M. Sneha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Keerthan Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nikhil V. Hegde
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. S. Anish
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. G. Shobha
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors reviewed the manuscript.

Corresponding author

Correspondence to M. Sneha.

Ethics declarations

Conflict of interest

None of the authors have received any research grants. None of the authors have received a speaker honorarium from any company. All authors declare that none of them has any conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sneha, M., Kumar, A.K., Hegde, N.V. et al. RADS: a real-time anomaly detection model for software-defined networks using machine learning. Int. J. Inf. Secur. 22, 1881–1891 (2023). https://doi.org/10.1007/s10207-023-00724-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00724-9

Keywords

Search

Navigation