Skip to main content
SpringerLink
Log in

Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Software Defined Networks (SDNs) is an emerging concept in network architectures, which divides the network operations into two, control and data, layers. In this concept, control and management operations are moved from the network devices to the controller and inside the control plane. This separation makes it possible to incorporate network devices for different applications, while on the other hand leads to vulnerabilities in the network. In fact, the controller becomes the bottleneck of the network, and it is vulnerable to intrusions. Various approaches have been proposed to detect intrusion in these networks, which among them using deep learning methods has gained the majority of attention in the past decade. In this paper, an intrusion detection system based on the SDN model is presented which is executed as an application module in the controller. The proposed system consists of three phases: in the first phase, for pre-training, sparse stacked auto-encoders are incorporated which learn the features in an unsupervised manner. In the second phase, to train the system, the SoftMax classifier is used and in the third phase, system parameters are optimized. Performance of the proposed system is evaluated according to two datasets, namely NSL-KDD and CICIDS2017, for classification of attacks. To implement the proposed method, the Mininet software and Keras framework, which is based on Tensorflow, are incorporated. The average accuracy in detection and classification of attacks using the proposed method is 98.5%, which is promising in comparison with previous methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21

Similar content being viewed by others

References

  1. Anan, M., Al-Fuqaha, A., Nasser, N., Mu, T. Y., & Bustam, H. (2016). Empowering networking research and experimentation through software-defined networking. Journal of Network and Computer Applications, 70, 140–155.

    Article  Google Scholar 

  2. Jarraya, Y., Madi, T., & Debbabi, M. (2014). A survey and a layered taxonomy of software-defined networking. IEEE Communications Surveys & Tutorials, 16(4), 1955–1980.

    Article  Google Scholar 

  3. Astuto, B. N., Mendonca, M., Nguyen, X. N., Obraczka, K., & Turletti, T. (2014). A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications Surveys & Tutorials, 16, 1617–1634.

    Article  Google Scholar 

  4. Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., & Maglaris, V. (2014). Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 62, 122–136.

    Article  Google Scholar 

  5. Kreutz, D., Ramos, F. M. V., & Veríssimo, P. (2013). Towards secure and dependable software- defined networks. University of Lisbon.

    Book  Google Scholar 

  6. Bawany, N. Z., Shamsi, J. A., & Salah, K. (2017). DDoS attack detection and mitigation using SDN: Methods, practices, and solutions. Arabian Journal for Science and Engineering, 42(2), 425–441.

    Article  Google Scholar 

  7. Akhunzada, A., Ahmed, E., Gani, A., Khan, M. K., Imran, M., & Guizani, S. (2015). Securing software defined networks: Taxonomy, requirements, and open issues. IEEE Communications Magazine, 53(4), 36–44.

    Article  Google Scholar 

  8. Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.

    Article  Google Scholar 

  9. Hande, Y., Muddana, A., & Darade, S. (2017). Software-defined network-based intrusion detection system. Innovations in Electronics and Communication Engineering, Lecture notes in Networks and Systems, 7, 535–543.

    Article  Google Scholar 

  10. Ma, T., Wang, F., Cheng, J., Yu, Y., & Chen, X. (2016). A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors, 16(10), 1701.

    Article  Google Scholar 

  11. Amine Ferrag, M., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419.

    Article  Google Scholar 

  12. Vani, R. (2017). Towards efficient intrusion detection using deep learning techniques: A review. Int. J. Adv. Res. Comput. Commun. Eng., 6(10), 375–384.

    Google Scholar 

  13. Kokila, R. T., Selvi, S. T., & Govindarajan, K. (2014, December). DDoS detection and analysis in SDN-based environment using support vector machine classifier. In 2014 6th international conference on advanced computing (ICoAC) (pp. 205-210).

  14. Singh, J., & Nene, M. J. (2013). A survey on machine learning techniques for intrusion detection systems. International Journal of Advanced Research in Computer and Communication Engineering, 2(11), 4349–4355.

    Google Scholar 

  15. Ashraf, J., & Latif, S. (2014, November). Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques. In 2014 National software engineering conference (pp. 55-60).

  16. Mousavi, S. M., & St-Hilaire, M. (2017). Early detection of DDoS attacks against software defined network controllers. Journal of Network and Systems Management, 26, 1–19.

    Google Scholar 

  17. David, J., & Thomas, C. (2015). DDoS attack detection using fast entropy approach on flow- based network traffic. Procedia Computer Science, 50, 30–36.

    Article  Google Scholar 

  18. Wang, R., Jia, Z., & Ju, L. (2015). An entropy-based distributed DDoS detection mechanism in software-defined networking,” Proc. - 14th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. 2015, vol. 1, pp. 310–317.

  19. Dong, P., Du, X., Zhang, H., & Xu, T. (2016). A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In 2016 IEEE international conference on communications (ICC) (pp. 1-6).

  20. Jankowski, D., & Amanowicz, M. (2016). On efficiency of selected machine learning algorithms for intrusion detection in software defined networks. International Journal of Electronics and Telecommunications, 62(3), 247–252.

    Article  Google Scholar 

  21. Jankowski, D., & Amanowicz, M. (2016, May). A method of network workload generation for evaluation of intrusion detection systems in SDN environment. In 2016 International Conference on Military Communications and Information Systems (ICMCIS) (pp. 1-7).

  22. Braga, R., Mota, E., & Passito, A. (2010, October). Lightweight DDoS flooding attack detection using NOX/OpenFlow. In IEEE Local Computer Network Conference (pp. 408-415).

  23. Abubakar, A., & Pranggono, B. (2017, September). Machine learning based intrusion detection system for software defined networks. In 2017 Eighth international conference on emerging security technologies (EST) (pp. 138-143).

  24. Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., & Yang, B. (2016). Predicting network attack patterns in SDN using machine learning approach. In 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks, Palo Alto, CA, USA, 2016.

  25. Dotcenko, S., Vladyko, A., & Letenko, I. (2014). A fuzzy logic-based information security management for software-defined networks. In 16th International Conference on Advanced Communication Technology (pp. 167-171)

  26. Tang, T. A., Mhamdi, L., McLernon, D., Zaidi, S. A. R., & Ghogho, M. (2016). Deep learning approach for network intrusion detection in software defined networking. In 2016 international conference on wireless networks and mobile communications (WINCOM) (pp. 258-263).

  27. Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2017) “Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey,” arXiv: 1701.02145, pp. 1–43.

  28. Javaid, A., Niyaz, Q., Sun, W., and Alam, M. (2016). “A Deep Learning Approach for Network Intrusion Detection System,” Proc. 9th EAI Int. Conf. Bio-inspired Inf. Commun. Technol. (formerly BIONETICS).

  29. Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., and Kim, K. J. (2017). “A survey of deep learning-based network anomaly detection,” Cluster Comput., pp. 1–13.

  30. Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016). Long short term memory recurrent neural network classifier for intrusion detection. In 2016 International Conference on Platform Technology and Service (PlatCon) (pp. 1-5).

  31. Niyaz, Q., Sun, W., and Javaid, A. Y. (2017). “A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN),” ICST Trans. Secur. Saf., vol. 4, no. 12, p. 153515.

  32. Li, H., Wei, F., and Hu, H. (2019). “Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN”, Proc. of the ACM Int. Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 13–16.

  33. Manso, P., Moura, J., & Serrão, C. (2019). SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information, 10(3), 106. https://doi.org/10.3390/info10030106

    Article  Google Scholar 

  34. Ahmim, A., Maglaras, L., Amine Ferrag, M., Derdour, M., Janicke, H. (2019). “A Novel Hierarchical Intrusion Detection System based on Decision Tree and Rules-based Models,” 15th Int. Conf. on Distributed Computing in Sensor Systems (DCOSS), pp. 228–233.

  35. Ali Albahar, M. (2019). Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments. Security and Communication Networks, Hindawi,. https://doi.org/10.1155/2019/8939041

    Article  Google Scholar 

  36. Faker, O., Dogdu, E. (2019). “Intrusion Detection Using Big Data and Deep Learning Techniques,” In 2019 ACM Southeast Conference (ACMSE 2019), April 18–20, 2019, Kennesaw, GA, USA, DoI: https://doi.org/10.1145/3299815.3314439.

  37. Zhou, M., Li, Y., Yuan, H., Wang, J., & Pu, Q. (2021). Indoor WLAN personnel intrusion detection using transfer learning-aided generative adversarial network with light-loaded database. Mobile Networks and Applications, 26, 1024–1042.

    Article  Google Scholar 

  38. Islabudeen, M., & Kavitha Devi, M. K. (2020). A smart approach for intrusion detection and prevention system in mobile Ad Hoc networks against security attacks. Wireless Personal Communications. https://doi.org/10.1007/s11277-019-07022-5

    Article  Google Scholar 

  39. Pragya, M., Arya, K. V., & Hardev Pal, S. (2018). Intrusion detection system against colluding misbehavior in MANETs. Wireless Personal Communications, 100(2), 491–503.

    Article  Google Scholar 

  40. Meyer,P., Hackel, T., Langer, F., Stahlbock, L., Decker, J., Eckhardt, S. A., Korf, F., Schmit, T. C., Schuppel, F. (2020). “Demo: A Security Infrastructure for Vehicular Information Using SDN, Intrusion Detection, and a Defense Center in the Cloud,” IEEE Vehicular Networking Conference, New York, NY, USA, 16–18 Dec. 2020. DOI: https://doi.org/10.1109/VNC51378.2020.9318351.

  41. Tsogbaatar, E., Bhuyan, M. H., Taenaka, Y., Fall, D., Gonchigsumlaa, K., Elmroth, E., & Kadobayashi, Y. (2021). DeL-IoT: A deep ensemble learning approach to uncover anomalies in IoT. Internet of Things, 14, 100391.

    Article  Google Scholar 

  42. Kim, J., Shim, M., Hong, S., Shin, Y., & Choi, E. (2020). Intelligent detection of IoT botnets using machine learning and deep learning. Applied Sciences, 10(19), 7009.

    Article  Google Scholar 

  43. Abdollahi, A., & Fathi, M. (2020). An intrusion detection system on ping of death attacks in IoT networks. Wireless Personal Communications. https://doi.org/10.1007/s11277-020-07139-y

    Article  Google Scholar 

  44. Jagadeesh Babu, M., & Raji Reddy, A. (2020). SH-IDS: Specification heuristics based intrusion detection system for IoT networks. Wireless Personal Communications. https://doi.org/10.1007/s11277-020-07137-0

    Article  Google Scholar 

  45. Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A. (2018). “Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection,” Network and Distributed System Security Symposium (NDSS’18), San Diego, CA, USA, 18–21 . DOI: https://doi.org/10.14722/ndss.2018.232.

  46. Fan, W., Park, Y., Kumar, S., Ganta, P., Zhou, X., Chang, S.-Y. (2021). “Blockchain-Enabled Collaborative Intrusion Detection in Software Defined Networks,” IEEE 19th Int. Conf. o Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 Dec.-1 Jan. 2021. DOI: https://doi.org/10.1109/TrustCom50675.2020.00129.

  47. Kamyshanska, H., and Memisevic, R. (2013). “On autoencoder scoring,” Proc. 30th Int. Conf. Mach. Learn., vol. 28, pp. 1757–1765.

  48. Lecun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436–444.

    Article  Google Scholar 

  49. Abbas, A. R., Wolslegel, K., Seshasayee, D., Modrusan, Z., & Clark, H. F. (2009). Deconvolution of blood microarray data identifies cellular activation patterns in systemic lupus erythematosus. PLoS ONE, 4(7), 1–19.

    Article  Google Scholar 

  50. Zhuang, F., Cheng, X., Luo, P., Pan, S. J., & He, Q. (2015, June). Supervised representation learning: Transfer learning with deep autoencoders. Proceedings of the Twenty-Fourth International Joint Conference on Artificial Intelligence (IJCAI), pp. 4119–4125.

  51. Ryali, C., Nallamala, G., Fedus, W., and Prabhuzantye, Y. (2015). “Efficient Encoding Using Deep Neural Networks”.

  52. Hinton, G. E., & Salakhutdinov, R. R. (2006). Reducing the dimensionality of data with neural networks. Science, 313(5786), 504–507.

    Article  MathSciNet  Google Scholar 

  53. Hinton, G. E. (2007). Learning multiple layers of representation. Trends in Cognitive Sciences, 11(10), 428–434.

    Article  Google Scholar 

  54. Yousefi-Azar, M., Varadharajan, V., Hamey, L., & Tupakula, U. (2017, May). Autoencoder-based feature learning for cyber security applications. In 2017 International joint conference on neural networks (IJCNN) (pp. 3854-3861).

  55. Salama, M., Eid, H., and Ramadan, R. (2011). “Hybrid intelligent intrusion detection scheme,” Adv. Intell. Soft Comput., pp. 293–303.

  56. Meena, G., & Choudhary, R. R. (2017, July). A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA. In 2017 International Conference on Computer, Communications and Electronics (Comptelix) (pp. 553-558).

  57. Dhanabal, L., & Shantharajah, S. P. (2015). A study on NSL-KDD Dataset For Intrusion Detection System Based On Classification Algorithms. Int. J. Adv. Res. Comput. Commun. Eng., 4(6), 446–452.

    Google Scholar 

  58. Revathi, S., & Malathi, A. (2013). A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. International Journal of Engineering Research & Technology (IJERT), 2(12), 1848–1853.

    Google Scholar 

  59. Shiravi, A., Shiravi, H., Tavallaee, M., & Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 31(3), 357–374.

    Article  Google Scholar 

  60. Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. A. (2018) “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” Proc. 4th Int. Conf. Inf. Syst. Secur. Priv., no. Cic, pp. 108–116.

  61. Chowdhury, M. U., Hammond, F., Konowicz, G., Li, J., Xin, C., and Wu, H. (2017). “A Few-shot Deep Learning Approach for Improved Intrusion Detection A Few-shot Deep Learning Approach for Improved Intrusion Detection,” IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conf. (UEMCON), New York, NY, USA, p. pp.1–8.

  62. Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computer Science, 25(March), 152–160.

    Article  Google Scholar 

  63. Sathya, R., and Thangarajan, R.(2015). “Efficient anomaly detection and mitigation in software defined networking environment,” in 2015 2nd International Conference on Electronics and Communication Systems (ICECS), 2015, pp. 479–484.

  64. Mehdi,S. A., Khalid, J., and Khayam, S. A. (2011). “Revisiting Traffic Anomaly Detection Using Software Defined Networking,” Int. Workshop on Recent Advances in Intrusion Detection (RAID), pp. 161–180.

  65. Le, A., Dinh, P., Le, H., and Tran, N. C. (2016). “Flexible Network-Based Intrusion Detection and Prevention System on Software-Defined Networks,” Proc. - 2015 Int. Conf. Adv. Comput. Appl. ACOMP 2015, pp. 106–111.

  66. Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954–21961.

    Article  Google Scholar 

  67. Potluri, S., & Diedrich, C. (2017). Deep feature extraction for multi-class intrusion detection in industrial control systems. Int. J. Comput. Theory Eng., 9(5), 374–379.

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported in part by Shahid Chamran University of Ahvaz, under grant number 16670/02/3/96. The authors would like to thank the High Performance Computing Center of Shahid Chamran University of Ahvaz (SCU-HPCC) for providing computing resources.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Faculty of Engineering, Shahid Chamran University of Ahvaz, Ahvaz, Iran

    Padideh Choobdar, Marjan Naderan & Mahmood Naderan

Authors
  1. Padideh Choobdar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marjan Naderan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahmood Naderan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marjan Naderan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Choobdar, P., Naderan, M. & Naderan, M. Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset. Wireless Pers Commun 123, 437–471 (2022). https://doi.org/10.1007/s11277-021-09139-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-09139-y

Keywords

Search

Navigation