Skip to main content
SpringerLink
Log in

Statistical Analysis Based Intrusion Detection System for Ultra-High-Speed Software Defined Network

  • Published:
International Journal of Parallel Programming Aims and scope Submit manuscript

Abstract

Internet users and internet services are increasing day by day, which increases the internet traffic from zeta-bytes to petabytes with ultra-high-speed. Different types of architecture are implemented to handle high-speed data traffic. The two layers approach of the Software-Defined Network (SDN) architecture converts classical network architecture to consistent, centralized controllable network architecture with programming ability. On the other hand, network security is still the main concern for the network administrator and detection of malicious internet packets in ultra-high-speed traffic of the programmable network. Therefore, in this paper, we proposed a Statistical Analysis Based Intrusion Detection System (SABIDS) by using Machine Learning (ML) approach. The key idea is to implement the SABIDS inside the (RYU) controller that will statistically analyse the high-speed internet traffic flows and block the identified packet generator IP automatically. The SABIDS scheme consists of 3 modules, (1) fetch the runtime flow statistics, (2) Identify the nature of the flow by statistical and pattern match techniques, (3) Block the malicious flow’s source IP. Different types of ML classifiers are used to evaluate the performance of the scheme. This scheme enables the SDN controller to detect malicious traffic and avoid potential losses like system failure or risk of being an attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

taken from 0.99 to 1 on the Y-axis and FPR values from 0.0 to 1.0 X-axis

Similar content being viewed by others

References

  1. Ali, M.H., AlMohammed, B.A.D., Ismail, A., Zolkipli, M.F.: A new intrusion detection system based on fast learning network and particle swarm optimization. IEEE Access 6, 20255–20261 (2018)

    Article  Google Scholar 

  2. L Mitch, CBS News:Percentage of companies that report systems hacked Accessed on May 2019, Available at:https://www.cbsnews.com/news/percentage-of-companies-that-report-systems-hacked/

  3. Zhang, T., Zhu, Q.: Distributed privacy-preserving collaborative intrusion detection systems for VANETs. IEEE Trans Signal Inf Process Over Net 4(1), 148–161 (March 2018)

    Article  MathSciNet  Google Scholar 

  4. Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST Spec. Publ. 800(2007), 94 (2007)

    Google Scholar 

  5. Meng, W., Tischhauser, E.W., Wang, Q., Wang, Y., Han, J.: When intrusion detection meets blockchain technology: a review. IEEE Access 6, 10179–10188 (2018)

    Article  Google Scholar 

  6. Suvchul, L., Sungho, K., Sungil, L., et al.: LARGen: automatic signature generation for malwares using latent dirichlet allocation. IEEE Trans. Dependable Secure Comput. 99, 1–14 (2016)

    Google Scholar 

  7. M Jiefei, L Franck, R Alessandra, L Jorge, Detecting Distributed Signature based Intrusion: The case of Multi path Routing Attacks. IEEE conference on computer Communication (INFOCOM), 2015

  8. H Omessaad, M Maissa, K Francine A cloud based Architecture for Network Attack Signature Learning. 7th International Conference on New Technologies, Mobility and Security (NTMS), 2015

  9. BA Mohamed, FEA Nawal et al., Using Patch Management Tools to Enhance Signature Customization for IDSs based on Vulnerability Scanners. 11th International Conference on information technology: New Generation, 2014

  10. Dromard, J., Roudière, G., Owezarski, P.: Online and scalable unsupervised network anomaly detection method. IEEE Trans. Netw. Serv. Manage. 14(1), 34–47 (March 2017)

    Article  Google Scholar 

  11. Yang, Y.H., Prasanna, V.: High-performance and compact architecture for regular expression matching on FPGA. IEEE Trans. Comput. 61(7), 1013–1025 (2012)

    Article  MathSciNet  Google Scholar 

  12. M Yuxin, L Wenjuan and LF Kwok Design of Cloud-based Parallel Exclusive Signature Matching Model in Intrusion Detection. IEEE International Conference on High Performance Computing and Communications and IEEE International Conference on Embedded and Ubiquitous Computing, 2013

  13. G Masoud, S Bharanidharan, N Ganthan, Signature Based Gybrid Intrusion Detection System(HIDS) for Android Devices. IEEE Business Engineering and Industrial Application Colloquium (BEIAC), 2013

  14. K Xiaoming and W Qiaoyan Intrusion detection model based on Android. In: Broadband Network and Multimedia Technology (ICBNMT), 2011 4th IEEE International Conference on, 2011, pp. 624–628

  15. Spolaor, R., Santo, E.D., Conti, M.: DELTA: data extraction and logging tool for android. IEEE Trans. Mob. Comput. 17(6), 1289–1302 (2018)

    Article  Google Scholar 

  16. FI Shiri, B Shanmugan and IB Norbik, A Parallel Technique for Improving the Performance of Signature-Based Network Intrusion Detection System. IEEE 3rd International Conference on Communication Software and Networks (ICCSN), 2011

  17. Z Yanjie Network Intrusion Detection System Model Based on Data Mining. 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2016

  18. M Liyanage, I Ahmad, A Abro et al. Software Defined Security Monitoring in 5G Networks. In: A Comprehensive Guide to 5G Security, 1, Wiley Telecom, 2017

  19. X Chen, C Song, Y Qi, X Dai and M Liu, A Scalable Framework of Testbed for SDN Simulation with Multiple Controllers. IEEE International Symposium on Parallel and Distributed Processing with Applications 2017

  20. Jyrki T. J. Penttinen, Protocols. In: The Telecommunications Handbook: Engineering Guidelines for Fixed, Mobile and Satellite Systems, 1, Wiley Telecom, 2013, 1008

  21. J Korinth, Ddl Chevallerie and A Koch, An Open-Source Tool Flow for the Composition of Reconfigurable Hardware Thread Pool Architectures. 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing Machines, Vancouver, 2015

  22. Yoon, S., Ha, T., Kim, S., Lim, H.: Scalable traffic sampling using centrality measure on software-defined networks. IEEE Commun. Mag. 55(7), 43–49 (2017)

    Article  Google Scholar 

  23. Kishimoto, K., Yamaki, H., Takakura, H.: “Improving performance of anomaly-based IDS by combining multiple classifiers,” 2011 IEEE/IPSJ International Symposium on Applications and the Internet. Munich, Bavaria (2011)

    Google Scholar 

  24. M Yuxin and KF Lam, A Generic Scheme for the Construction of Contextual Signatures with Hash Function in Intrusion Detection. IEEE Seventh International Conference on Computational Intelligence and Security, 2011

  25. B. Rebert, S. Hossain and H. Hisham, Informatic Theoratic Anomaly Detectionn framework for Web Application. IEEE 40th Annual Computer Software and Application Conference, 2016

  26. Tao, P., Sun, Z., Sun, Z.: An improved intrusion detection algorithm based on GA and SVM. IEEE Access 6, 13624–13631 (2018)

    Article  Google Scholar 

  27. KE Md and H Jianku, A statistical Framework for Intrusion Detection System. 11th International Conference on Fuzzy systems and knowledge Discovery, 2014

  28. Gupta, K.K., Nath, B., Kotagiri, R.: Layered approach using conditional random fields for intrusion detection. IEEE Trans. Dependable Secure Comput. 7(1), 35–49 (2010)

    Article  Google Scholar 

  29. H Shah, J Undercoffer, and A Joshi, Fuzzy Clustering for Intrusion Detection. 12th IEEE International Conference Fuzzy Systems (FUZZ-IEEE 03), 2, 1274–1278, 2003

  30. H Nguyen, K Franke and S Petrovic, Improving Effectiveness of Intrusion Detection by Correlation Feature Selection. International Conference on Availability, Reliability and Security, Krakow, 2010

  31. H Debar, M Becke, and D Siboni, A Neural Network Component for an Intrusion Detection System. Proceedings IEEE Symposium Research in Security and Privacy (RSP 92), 240–250, 1992.

  32. Z Zhang, J Li, CN Manikopoulos, J Jorgenson, and J Ucles, HIDE: A Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification. Proceedings IEEE Workshop Information Assurance and Security (IAW 01), 85–90, 2001

  33. R. Samaneh, LP Chiou, A statistical Rule Learning Approach to network Intrusion detection. 5th International Conference on IT Convergence and Security (ICITCS), 2015

  34. H Zhihui, X Li, Research of Worm Intrusion Detection Algorithm Based on Statistical Classification Technology. IEEE 8th Internatinal Symposium on Computational Intelligence and Design, 2015

  35. G Anteneh, G Moses et al., Analysis of DDOS attacks and an introsuction of Hybrid Statistical Model to Detect DDOS attacks on Cloud Computing Environment. 12th International Conference in Information technology- New generations, 2015

  36. Daniel S. Yeung, Xizhao Wang, Covariance-Matrix Modeling and detecting Various Flooding Attacks., IEEE Transactions on Systems, MAN, Cybernetics- Part A: Systems and Humans, 37, 2, 2007

  37. Lonea, A.M., Popescu, D.E., Tianfield, H.: Detecting DDoS attacks in cloud computing environment. Int. J. Comput. Commun. 8(1), 70–78 (2013)

    Article  Google Scholar 

  38. Xie, Y., Yu, S.Z.: A large-scale hidden SemiMarkov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans Net (TON) 17(1), 54–65 (February 2009)

    Article  Google Scholar 

  39. R Mahajan, SM Bellovin, S Floyd, J Ioannidis, V Paxson, and S Shenker, Controlling high bandwidth aggregates in the network., Presented at Computer Communication Review, 62–73, 2012

  40. AB Kulkarni, SF Bush, and SC Evans, Detecting Distributed Denial-of-Service Attacks Using Kolmogorov Complexity Metrics, GE Research and Development Center, February 2012

  41. J. Mirkovic, G. Prier, and P. Reiher, “Attacking DDoS at the Source”, In Proc. of the 10th IEEE International Conference on Network Protocols (ICNP ’02), Washington DC, USA, 2012

  42. S Abdelsayed, D Glimsholt, C Leckie, S Ryan, and S Shami, An Efficient Filter for Denial-of-Service Bandwidth Attacks, Proceedings of the 46th IEEE Global Telecommunications Conference (GLOBECOM03), 1353–1357, 2013

  43. J Quittek, T Zseby, B Claise, and S Zander, Requirements for IP Flow Information Export (IPFIX) (IETF RFC 3917), The Internet Society, Oct. 2004.

  44. B Claise, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information (IETF RFC 5101), The Internet Society, Jan. 2008

  45. OpenFlow Switch Specification, Version 1.3.3, Released by Open Network Foundation

  46. White paper, Introduction to Cisco IOS, NetFlow Released by Cisco IOS NetFlow, 2012

  47. Qin, K., Huang, C., Ganesan, N., Liu, K., Chen, X.: Minimum cost multi-path parallel transmission with delay constraint by extending openflow. China Commun. 15(3), 15–26 (March 2018)

    Article  Google Scholar 

  48. MACCDC“Publicly available PCAP” available at http://www.netresec.com/?page=MACCDC Accessed Date: March 2018

  49. Malware Traffic Analysis available at http://malware-traffic-analysis.net Accessed Date: March, 2018

  50. Juniper Networks, Understanding OpenFlow Flow Entry Timers on Devices Running Junos OS Available at https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-sdn-openflow-flow-entry-timers-overview.html Accessed date Dec, 2017

  51. M Cello, M Marchese et al. Statistical Fingerprint -Based Intrusion Detection System (SF-IDS). Published in International Journal of Communication Systems, Wiley, 2016

  52. I Pillai, G Fumera, F Roli, F-measure optimisation in multi-label classifiers. Proceedings of the 21st International Conference on Pattern Recognition (ICPR2012) 2012, 2424–2427

  53. Narasimhan, H., Agarwal, S.: Support vector algorithms for optimizing the partial area under the ROC curve. Neural Comput. 29(7), 1919–1963 (2017)

    Article  MathSciNet  Google Scholar 

  54. D Chen, H Wang, DE Henson, L Sheng Clustering Cancer Data by Areas between Survival Curves IEEE First International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE) 2016, 61–66

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Bahria University, Islamabad, Pakistan

    Talha Naqash, Sajjad Hussain Shah & Muhammad Najam Ul Islam

Authors
  1. Talha Naqash
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sajjad Hussain Shah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Muhammad Najam Ul Islam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Talha Naqash.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Naqash, T., Shah, S.H. & Islam, M.N.U. Statistical Analysis Based Intrusion Detection System for Ultra-High-Speed Software Defined Network. Int J Parallel Prog 50, 89–114 (2022). https://doi.org/10.1007/s10766-021-00715-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10766-021-00715-0

Search

Navigation