Abstract
Software Defined Networks (SDNs) is an emerging concept in network architectures, which divides the network operations into two, control and data, layers. In this concept, control and management operations are moved from the network devices to the controller and inside the control plane. This separation makes it possible to incorporate network devices for different applications, while on the other hand leads to vulnerabilities in the network. In fact, the controller becomes the bottleneck of the network, and it is vulnerable to intrusions. Various approaches have been proposed to detect intrusion in these networks, which among them using deep learning methods has gained the majority of attention in the past decade. In this paper, an intrusion detection system based on the SDN model is presented which is executed as an application module in the controller. The proposed system consists of three phases: in the first phase, for pre-training, sparse stacked auto-encoders are incorporated which learn the features in an unsupervised manner. In the second phase, to train the system, the SoftMax classifier is used and in the third phase, system parameters are optimized. Performance of the proposed system is evaluated according to two datasets, namely NSL-KDD and CICIDS2017, for classification of attacks. To implement the proposed method, the Mininet software and Keras framework, which is based on Tensorflow, are incorporated. The average accuracy in detection and classification of attacks using the proposed method is 98.5%, which is promising in comparison with previous methods.
Similar content being viewed by others
References
Anan, M., Al-Fuqaha, A., Nasser, N., Mu, T. Y., & Bustam, H. (2016). Empowering networking research and experimentation through software-defined networking. Journal of Network and Computer Applications, 70, 140–155.
Jarraya, Y., Madi, T., & Debbabi, M. (2014). A survey and a layered taxonomy of software-defined networking. IEEE Communications Surveys & Tutorials, 16(4), 1955–1980.
Astuto, B. N., Mendonca, M., Nguyen, X. N., Obraczka, K., & Turletti, T. (2014). A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications Surveys & Tutorials, 16, 1617–1634.
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., & Maglaris, V. (2014). Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 62, 122–136.
Kreutz, D., Ramos, F. M. V., & Veríssimo, P. (2013). Towards secure and dependable software- defined networks. University of Lisbon.
Bawany, N. Z., Shamsi, J. A., & Salah, K. (2017). DDoS attack detection and mitigation using SDN: Methods, practices, and solutions. Arabian Journal for Science and Engineering, 42(2), 425–441.
Akhunzada, A., Ahmed, E., Gani, A., Khan, M. K., Imran, M., & Guizani, S. (2015). Securing software defined networks: Taxonomy, requirements, and open issues. IEEE Communications Magazine, 53(4), 36–44.
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.
Hande, Y., Muddana, A., & Darade, S. (2017). Software-defined network-based intrusion detection system. Innovations in Electronics and Communication Engineering, Lecture notes in Networks and Systems, 7, 535–543.
Ma, T., Wang, F., Cheng, J., Yu, Y., & Chen, X. (2016). A hybrid spectral clustering and deep neural network ensemble algorithm for intrusion detection in sensor networks. Sensors, 16(10), 1701.
Amine Ferrag, M., Maglaras, L., Moschoyiannis, S., & Janicke, H. (2020). Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study. Journal of Information Security and Applications, 50, 102419.
Vani, R. (2017). Towards efficient intrusion detection using deep learning techniques: A review. Int. J. Adv. Res. Comput. Commun. Eng., 6(10), 375–384.
Kokila, R. T., Selvi, S. T., & Govindarajan, K. (2014, December). DDoS detection and analysis in SDN-based environment using support vector machine classifier. In 2014 6th international conference on advanced computing (ICoAC) (pp. 205-210).
Singh, J., & Nene, M. J. (2013). A survey on machine learning techniques for intrusion detection systems. International Journal of Advanced Research in Computer and Communication Engineering, 2(11), 4349–4355.
Ashraf, J., & Latif, S. (2014, November). Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques. In 2014 National software engineering conference (pp. 55-60).
Mousavi, S. M., & St-Hilaire, M. (2017). Early detection of DDoS attacks against software defined network controllers. Journal of Network and Systems Management, 26, 1–19.
David, J., & Thomas, C. (2015). DDoS attack detection using fast entropy approach on flow- based network traffic. Procedia Computer Science, 50, 30–36.
Wang, R., Jia, Z., & Ju, L. (2015). An entropy-based distributed DDoS detection mechanism in software-defined networking,” Proc. - 14th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. Trust. 2015, vol. 1, pp. 310–317.
Dong, P., Du, X., Zhang, H., & Xu, T. (2016). A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In 2016 IEEE international conference on communications (ICC) (pp. 1-6).
Jankowski, D., & Amanowicz, M. (2016). On efficiency of selected machine learning algorithms for intrusion detection in software defined networks. International Journal of Electronics and Telecommunications, 62(3), 247–252.
Jankowski, D., & Amanowicz, M. (2016, May). A method of network workload generation for evaluation of intrusion detection systems in SDN environment. In 2016 International Conference on Military Communications and Information Systems (ICMCIS) (pp. 1-7).
Braga, R., Mota, E., & Passito, A. (2010, October). Lightweight DDoS flooding attack detection using NOX/OpenFlow. In IEEE Local Computer Network Conference (pp. 408-415).
Abubakar, A., & Pranggono, B. (2017, September). Machine learning based intrusion detection system for software defined networks. In 2017 Eighth international conference on emerging security technologies (EST) (pp. 138-143).
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., & Yang, B. (2016). Predicting network attack patterns in SDN using machine learning approach. In 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks, Palo Alto, CA, USA, 2016.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014). A fuzzy logic-based information security management for software-defined networks. In 16th International Conference on Advanced Communication Technology (pp. 167-171)
Tang, T. A., Mhamdi, L., McLernon, D., Zaidi, S. A. R., & Ghogho, M. (2016). Deep learning approach for network intrusion detection in software defined networking. In 2016 international conference on wireless networks and mobile communications (WINCOM) (pp. 258-263).
Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., and Atkinson, R. (2017) “Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey,” arXiv: 1701.02145, pp. 1–43.
Javaid, A., Niyaz, Q., Sun, W., and Alam, M. (2016). “A Deep Learning Approach for Network Intrusion Detection System,” Proc. 9th EAI Int. Conf. Bio-inspired Inf. Commun. Technol. (formerly BIONETICS).
Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., and Kim, K. J. (2017). “A survey of deep learning-based network anomaly detection,” Cluster Comput., pp. 1–13.
Kim, J., Kim, J., Thu, H. L. T., & Kim, H. (2016). Long short term memory recurrent neural network classifier for intrusion detection. In 2016 International Conference on Platform Technology and Service (PlatCon) (pp. 1-5).
Niyaz, Q., Sun, W., and Javaid, A. Y. (2017). “A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN),” ICST Trans. Secur. Saf., vol. 4, no. 12, p. 153515.
Li, H., Wei, F., and Hu, H. (2019). “Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN”, Proc. of the ACM Int. Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 13–16.
Manso, P., Moura, J., & Serrão, C. (2019). SDN-based intrusion detection system for early detection and mitigation of DDoS attacks. Information, 10(3), 106. https://doi.org/10.3390/info10030106
Ahmim, A., Maglaras, L., Amine Ferrag, M., Derdour, M., Janicke, H. (2019). “A Novel Hierarchical Intrusion Detection System based on Decision Tree and Rules-based Models,” 15th Int. Conf. on Distributed Computing in Sensor Systems (DCOSS), pp. 228–233.
Ali Albahar, M. (2019). Recurrent neural network model based on a new regularization technique for real-time intrusion detection in SDN environments. Security and Communication Networks, Hindawi,. https://doi.org/10.1155/2019/8939041
Faker, O., Dogdu, E. (2019). “Intrusion Detection Using Big Data and Deep Learning Techniques,” In 2019 ACM Southeast Conference (ACMSE 2019), April 18–20, 2019, Kennesaw, GA, USA, DoI: https://doi.org/10.1145/3299815.3314439.
Zhou, M., Li, Y., Yuan, H., Wang, J., & Pu, Q. (2021). Indoor WLAN personnel intrusion detection using transfer learning-aided generative adversarial network with light-loaded database. Mobile Networks and Applications, 26, 1024–1042.
Islabudeen, M., & Kavitha Devi, M. K. (2020). A smart approach for intrusion detection and prevention system in mobile Ad Hoc networks against security attacks. Wireless Personal Communications. https://doi.org/10.1007/s11277-019-07022-5
Pragya, M., Arya, K. V., & Hardev Pal, S. (2018). Intrusion detection system against colluding misbehavior in MANETs. Wireless Personal Communications, 100(2), 491–503.
Meyer,P., Hackel, T., Langer, F., Stahlbock, L., Decker, J., Eckhardt, S. A., Korf, F., Schmit, T. C., Schuppel, F. (2020). “Demo: A Security Infrastructure for Vehicular Information Using SDN, Intrusion Detection, and a Defense Center in the Cloud,” IEEE Vehicular Networking Conference, New York, NY, USA, 16–18 Dec. 2020. DOI: https://doi.org/10.1109/VNC51378.2020.9318351.
Tsogbaatar, E., Bhuyan, M. H., Taenaka, Y., Fall, D., Gonchigsumlaa, K., Elmroth, E., & Kadobayashi, Y. (2021). DeL-IoT: A deep ensemble learning approach to uncover anomalies in IoT. Internet of Things, 14, 100391.
Kim, J., Shim, M., Hong, S., Shin, Y., & Choi, E. (2020). Intelligent detection of IoT botnets using machine learning and deep learning. Applied Sciences, 10(19), 7009.
Abdollahi, A., & Fathi, M. (2020). An intrusion detection system on ping of death attacks in IoT networks. Wireless Personal Communications. https://doi.org/10.1007/s11277-020-07139-y
Jagadeesh Babu, M., & Raji Reddy, A. (2020). SH-IDS: Specification heuristics based intrusion detection system for IoT networks. Wireless Personal Communications. https://doi.org/10.1007/s11277-020-07137-0
Mirsky, Y., Doitshman, T., Elovici, Y., Shabtai, A. (2018). “Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection,” Network and Distributed System Security Symposium (NDSS’18), San Diego, CA, USA, 18–21 . DOI: https://doi.org/10.14722/ndss.2018.232.
Fan, W., Park, Y., Kumar, S., Ganta, P., Zhou, X., Chang, S.-Y. (2021). “Blockchain-Enabled Collaborative Intrusion Detection in Software Defined Networks,” IEEE 19th Int. Conf. o Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China, 29 Dec.-1 Jan. 2021. DOI: https://doi.org/10.1109/TrustCom50675.2020.00129.
Kamyshanska, H., and Memisevic, R. (2013). “On autoencoder scoring,” Proc. 30th Int. Conf. Mach. Learn., vol. 28, pp. 1757–1765.
Lecun, Y., Bengio, Y., & Hinton, G. (2015). Deep learning. Nature, 521(7553), 436–444.
Abbas, A. R., Wolslegel, K., Seshasayee, D., Modrusan, Z., & Clark, H. F. (2009). Deconvolution of blood microarray data identifies cellular activation patterns in systemic lupus erythematosus. PLoS ONE, 4(7), 1–19.
Zhuang, F., Cheng, X., Luo, P., Pan, S. J., & He, Q. (2015, June). Supervised representation learning: Transfer learning with deep autoencoders. Proceedings of the Twenty-Fourth International Joint Conference on Artificial Intelligence (IJCAI), pp. 4119–4125.
Ryali, C., Nallamala, G., Fedus, W., and Prabhuzantye, Y. (2015). “Efficient Encoding Using Deep Neural Networks”.
Hinton, G. E., & Salakhutdinov, R. R. (2006). Reducing the dimensionality of data with neural networks. Science, 313(5786), 504–507.
Hinton, G. E. (2007). Learning multiple layers of representation. Trends in Cognitive Sciences, 11(10), 428–434.
Yousefi-Azar, M., Varadharajan, V., Hamey, L., & Tupakula, U. (2017, May). Autoencoder-based feature learning for cyber security applications. In 2017 International joint conference on neural networks (IJCNN) (pp. 3854-3861).
Salama, M., Eid, H., and Ramadan, R. (2011). “Hybrid intelligent intrusion detection scheme,” Adv. Intell. Soft Comput., pp. 293–303.
Meena, G., & Choudhary, R. R. (2017, July). A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA. In 2017 International Conference on Computer, Communications and Electronics (Comptelix) (pp. 553-558).
Dhanabal, L., & Shantharajah, S. P. (2015). A study on NSL-KDD Dataset For Intrusion Detection System Based On Classification Algorithms. Int. J. Adv. Res. Comput. Commun. Eng., 4(6), 446–452.
Revathi, S., & Malathi, A. (2013). A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. International Journal of Engineering Research & Technology (IJERT), 2(12), 1848–1853.
Shiravi, A., Shiravi, H., Tavallaee, M., & Ghorbani, A. A. (2012). Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 31(3), 357–374.
Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A. A. (2018) “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” Proc. 4th Int. Conf. Inf. Syst. Secur. Priv., no. Cic, pp. 108–116.
Chowdhury, M. U., Hammond, F., Konowicz, G., Li, J., Xin, C., and Wu, H. (2017). “A Few-shot Deep Learning Approach for Improved Intrusion Detection A Few-shot Deep Learning Approach for Improved Intrusion Detection,” IEEE 8th Annual Ubiquitous Computing, Electronics and Mobile Communication Conf. (UEMCON), New York, NY, USA, p. pp.1–8.
Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computer Science, 25(March), 152–160.
Sathya, R., and Thangarajan, R.(2015). “Efficient anomaly detection and mitigation in software defined networking environment,” in 2015 2nd International Conference on Electronics and Communication Systems (ICECS), 2015, pp. 479–484.
Mehdi,S. A., Khalid, J., and Khayam, S. A. (2011). “Revisiting Traffic Anomaly Detection Using Software Defined Networking,” Int. Workshop on Recent Advances in Intrusion Detection (RAID), pp. 161–180.
Le, A., Dinh, P., Le, H., and Tran, N. C. (2016). “Flexible Network-Based Intrusion Detection and Prevention System on Software-Defined Networks,” Proc. - 2015 Int. Conf. Adv. Comput. Appl. ACOMP 2015, pp. 106–111.
Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access, 5, 21954–21961.
Potluri, S., & Diedrich, C. (2017). Deep feature extraction for multi-class intrusion detection in industrial control systems. Int. J. Comput. Theory Eng., 9(5), 374–379.
Acknowledgements
This work was supported in part by Shahid Chamran University of Ahvaz, under grant number 16670/02/3/96. The authors would like to thank the High Performance Computing Center of Shahid Chamran University of Ahvaz (SCU-HPCC) for providing computing resources.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Choobdar, P., Naderan, M. & Naderan, M. Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset. Wireless Pers Commun 123, 437–471 (2022). https://doi.org/10.1007/s11277-021-09139-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-09139-y