Abstract
Software-Defined Networking (SDN) is a contemporary network strategy utilized instead of a traditional network structure. It provides significantly more administrative efficiency and ease than traditional networks. However, the centralized control used in SDN entails an elevated risk of single-point failure that is more susceptible to different kinds of network assaults like Distributed Denial of Service (DDoS), DoS, spoofing, and API exploitation which are very complex to identify and mitigate. Thus, a powerful intrusion detection system (IDS) based on deep learning is created in this study for the detection and mitigation of network intrusions. This system contains several stages and begins with the data augmentation method named Deep Convolutional Generative Adversarial Networks (DCGAN) to over the data imbalance problem. Then, the features are extracted from the input data using a CenterNet-based approach. After extracting effective characteristics, ResNet152V2 with Slime Mold Algorithm (SMA) based deep learning is implemented to categorize the assaults in InSDN and Edge IIoT datasets. Once the network intrusion is detected, the proposed defense module is activated to restore regular network connectivity quickly. Finally, several experiments are carried out to validate the algorithm's robustness, and the outcomes reveal that the proposed system can successfully detect and mitigate network intrusions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alzahrani, A.O., Alenazi, M.J.: ML-IDSDN: machine learning based intrusion detection system for software-defined network. Concurr. Comput.: Pract. Exp. 35(1), e7438 (2023)
Hnamte, V., Hussain, J.: DCNNBiLSTM: an efficient hybrid deep learning-based intrusion detection system. Telemat. Inform. Rep. 10, 100053 (2023)
Arkan, A., & Ahmadi, M.: An unsupervised and hierarchical intrusion detection system for software-defined wireless sensor networks. J. Supercomput. 79, 11844–11870 (2023)
Mehmood, M., Javed, T., Nebhen, J., Abbas, S., Abid, R., Bojja, G.R., Rizwan, M.: A hybrid approach for network intrusion detection. CMC-Comput. Mater. Contin 70, 91–107 (2022)
Henry, A., Gautam, S., Khanna, S., Rabie, K., Shongwe, T., Bhattacharya, P., Chowdhury, S.: Composition of hybrid deep learning model and feature optimization for intrusion detection system. Sensors 23(2), 890 (2023)
Bour, H., Abolhasan, M., Jafarizadeh, S., Lipman, J., Makhdoom, I.: A multi-layered intrusion detection system for software defined networking. Comput. Electr. Eng. 101, 108042 (2022)
Shailaja, K., Srinivasulu, B., Thirupathi, L., Gangula, R., Boya, T.R., Polem, V.: An intelligent deep feature based intrusion detection system for network applications. Wireless Pers. Commun. 129(1), 345–370 (2023)
Zhao, X., Su, H., Sun, Z.: An intrusion detection system based on genetic algorithm for software-defined networks. Mathematics 10(21), 3941 (2022)
Gupta, S.K., Tripathi, M., Grover, J.: Hybrid optimization and deep learning based intrusion detection system. Comput. Electr. Eng. 100, 107876 (2022)
Ariffin, S.H., Le Chong, J., Latif, N.M.A.A., Abd Malik, N.N.N., Baharudin, M.A., Syed-Yusof, S.K., Yusof, K.M.: Intrusion detection system (IDS) Accuracy testing for software defined network internet of things (SDN-IOT) Testbed. ELEKTRIKA-J. Electr. Eng. 21(3), 23–27 (2022)
Zavrak, S., Iskefiyeli, M.: Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach. Neural Comput. Appl. 35(16), 12175–12193 (2023)
Al Razib, M., Javeed, D., Khan, M.T., Alkanhel, R., Muthanna, M.S.A.: Cyber threats detection in smart environments using SDN-enabled DNN-LSTM hybrid framework. IEEE Access 10, 53015–53026 (2022)
Abdulsamad, A.A., Salih, T.A.: IoT security improvement based on SDN controller. Eurasian J. Eng. Technol. 14, 49–56 (2023)
Guo, X., Bai, W.: ML-SDNIDS: an attack detection mechanism for SDN based on machine learning. Int. J. Inf. Comput. Secur. 19(1–2), 118–141 (2022)
Kumar, J.: Mitigate volumetric DDoS attack using machine learning algorithm in SDN based IoT network environment. Int. J. Adv. Comput. Sci. Appl. 14(1), 559–568 (2023)
Bhardwaj, A., Tyagi, R., Sharma, N., Khare, A., Punia, M.S., Garg, V.K.: Network intrusion detection in software defined networking with self-organized constraint-based intelligent learning framework. Measur.: Sens. 24, 100580 (2022)
Jadhav, K.P., Arjariya, T., Gangwar, M.: Hybrid-Ids: an approach for intrusion detection system with hybrid feature extraction technique using supervised machine learning. Int. J. Intell. Syst. Appl. Eng. 11(5s), 591–597 (2023)
Maray, M., Alshahrani H.M., Alissa, K., Alotaibi, N., Gaddah, A., Meree, A., Hamza, M.A.: Optimal deep learning driven intrusion detection in SDN-Enabled IoT environment. Comput. Mater. Continua 74(3), 6587–6604 (2022)
El-Shamy, A.M., El-Fishawy, N.A., Attiya, G.M., Ahmed, M.: Detection optimization of rare attacks in software-defined network using ensemble learning. Mansoura Eng.. J. 48(1), 4 (2023)
Yang, L., Song, Y., Gao, S., Hu, A., Xiao, B.: Griffin: real-time network intrusion detection system via ensemble of autoencoder in SDN. IEEE Trans. Netw. Serv. Manage. 19(3), 2269–2281 (2022)
Elsayed, R.A., Hamada, R.A., Abdalla, M.I., Elsaid, S.A.: Securing IoT and SDN systems using deep-learning based automatic intrusion detection. Ain Shams Eng. J. 14(10), 102211 (2023)
Chen, L., Wang, Z., Huo, R., Huang, T.: An adversarial DBN-LSTM method for detecting and defending against DDoS attacks in SDN environments. Algorithms 16(4), 197 (2023)
Khedr, W.I., Gouda, A.E., Mohamed, E.R.: FMDADM: a multi-layer DDoS attack detection and mitigation framework using machine learning for stateful SDN-based IoT networks. IEEE Access 11, 28934–28954 (2023)
Wang, J., Wang, L.: SDN-defend: a lightweight online attack detection and mitigation system for DDoS attacks in SDN. Sensors 22(21), 8287 (2022)
Logeswari, G., Bose, S., Anitha, T.: An intrusion detection system for sdn using machine learning. Intell. Autom. Soft Comput. 35(1), 867–880 (2023)
Ravi, V., Chaganti, R., Alazab, M.: Deep learning feature fusion approach for an intrusion detection system in SDN-based IoT networks. IEEE Internet Things Mag. 5(2), 24–29 (2022)
Linhares, T., Patel, A., Barros, A.L., Fernandez, M.: SDNTruth: innovative DDoS detection scheme for software-defined networks (SDN). J. Netw. Syst. Manage. 31(3), 55 (2023)
Jia, K., Liu, C., Liu, Q., Wang, J., Liu, J., Liu, F.: A lightweight DDoS detection scheme under SDN context. Cybersecurity 5(1), 27 (2022)
Elsayed, M.S., Le-Khac, N.A., Jurcut, A.D.: InSDN: a novel SDN intrusion dataset. IEEE Access 8, 165263–165284 (2020)
Ferrag, M.A., Friha, O., Hamouda, D., Maglaras, L., Janicke, H.: Edge-IIoTset: a new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access 10, 40281–40306 (2022)
Safwan, H., Iqbal, Z., Amin, R., Khan, M.A., Alhaisoni, M., Alqahtani, A., Chang, B.: An IoT environment based framework for intelligent intrusion detection, computer. Mater. Cont. 75(2), 2366–2381 (2023)
Friha, O., Ferrag, M.A., Shu, L., Maglaras, L., Choo, K.K.R., Nafaa, M.: FELIDS: federated learning-based intrusion detection system for agricultural Internet of Things. J. Parallel Distrib. Comput. 165, 17–31 (2022)
Aouedi, O., Piamrat, K.: F-BIDS: federated-blending based intrusion detection system. Pervas. Mob. Comput. 89, 101750 (2023)
Alashhab, A.A., Zahid, M.S.M., Muneer, A., & Abdullahi, M.: Low-rate DDoS attack detection using deep learning for SDN-enabled IoT networks. Int. J. Adv. Comput. Sci. Appl. 13(11), 371–377 (2022)
Tareq, I., Elbagoury, B.M., El-Regaily, S., El-Horbaty, E.S.M.: Analysis of ToN-IoT, UNW-NB15, and Edge-IIoT datasets using DL in cybersecurity for IoT. Appl. Sci. 12(19), 9572 (2022)
Rashid, M.M., Khan, S.U., Eusufzai, F., Redwan, M.A., Sabuj, S.R., Elsharief, M.: A federated learning-based approach for improving intrusion detection in industrial internet of things networks. Network 3(1), 158–179 (2023)
Ghourabi, A.: A security model based on LightGBM and transformer to protect healthcare systems from cyberattacks. IEEE Access 10, 48890–48903 (2022)
Dini, P., Begni, A., Ciavarella, S., De Paoli, E., Fiorelli, G., Silvestro, C., Saponara, S.: Design and testing novel one-class classifier based on polynomial interpolation with application to networking security. IEEE Access 10, 67910–67924 (2022)
Acknowledgements
We declare that this manuscript is original, has not been published before and is not currently being considered for publication elsewhere.
Funding
Not applicable.
Author information
Authors and Affiliations
Contributions
Mamatha: Conceptualization, Data Curation, Formal Analysis, Investigation, Resources, Software, Writing an original draft. Dr YNR: Methodology, Project administration, Supervision, Validation, Visualization, Writing-Review & editing, Funding acquisition.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Maddu, M., Rao, Y.N. Network intrusion detection and mitigation in SDN using deep learning models. Int. J. Inf. Secur. 23, 849–862 (2024). https://doi.org/10.1007/s10207-023-00771-2
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-023-00771-2