Two-Level Intrusion Detection System in SDN Using Machine Learning

  • V. VetriselviEmail author
  • P. S. Shruti
  • Susan Abraham
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 500)


Software Defined Networking (SDN), the new paradigm in network architecture is changing how we design, manage, and operate an entire network, making networks more agile, flexible, and scalable. Such admirable features arise from the design factor that, in SDN, the control plane is decoupled from the data plane and instead resides on a centralized controller that has complete knowledge of the network. As SDN continues to flourish, security in this realm remains a critical issue. An effective intrusion detection system (IDS), which can monitor real-time traffic, detect and also identify the class of attack would greatly help in combating this problem. This work aims to heighten the security of SDN environments by building an IDS using the principles of machine learning and genetic algorithms. The proposed IDS is divided into two stages, the former to detect the attacks and the latter to categorize them. These stages reside in the switches and the controller of the network respectively. This approach reduces the dependency and the load on the controller, as well as providing a high attack detection rate.


Intrusion detection system Software defined networks Machine learning Iterative dichotomiser 3 Genetic algorithm Distributed denial of service Programming protocol-independent packet processors 


  1. 1.
    O’Callaghan G, Scott-Hayward S, Sezer S (2013) SDN security: a survey. In: IEEE SDN for future networks and services (SDN4FNS), Nov 11–13, pp 1–7. IEEEGoogle Scholar
  2. 2.
    Sayeed A, Sayeed MA, Saxena S (2015) Intrusion detection system based on software defined network firewall. In: 1st international conference on next generation computing technologies (NGCT), Sept 4–5. DehradunGoogle Scholar
  3. 3.
    Ahmad I, Barati M, Muda Z, Sarvari S (2015) GA and SVM algorithms for selection of hybrid feature in intrusion detection system. Int Rev Comput Softw (I.RE.CO.S.) 10(3):265–270Google Scholar
  4. 4.
    Mousavi SM, St-Hilaire M (2015) Early detection of DDoS attacks against SDN controllers. In: International conference on computing, networking and communications, Feb 16–19. CaliforniaGoogle Scholar
  5. 5.
    Mantur B, Desai A, Nagegowda KS (2015) Centralized control signature-based firewall and statistical-based network intrusion detection system (NIDS) in software defined networks (SDN). Emerg Res Comput Inf Commun Appl 497–506Google Scholar
  6. 6.
    Golmah V (2014) An efficient hybrid intrusion detection system based on C5.0 and SVM. Int J Database Theory Appl 7(2):59–70CrossRefGoogle Scholar
  7. 7.
    Abouzakhar NS, Jain R (2013) A comparative study of hidden Markov model and support vector machine in anomaly intrusion detection. J Internet Technol Secured Trans (JITST) 2(3):607–615Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringCollege of Engineering GuindyChennaiIndia

Personalised recommendations