A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique

Abstract Software-defined networking (SDN) is a new networking paradigm that separates the controller from the network devices i.e. routers and switches. The centralized architecture of the SDN facilitates the overall network management and addresses the requirement of current data centers. While there are high benefits offered by the SDN architecture, the risk of new attacks is a critical problem and can prevent the wide adoption of SDNs. The SDN controller is a crucial element, and it is an attractive target for the intruders. In case the attacker successfully accessed the SDN controller, it can route the traffic based on its own requirements, causing severe damage to the entire network. The network intrusion detection systems (NIDSs) are important tools to detect and secure the network environment from malicious activities and anomalous attacks. Deep Learning (DL) has recently shown desirable results in a variety of problems, such as text, speech, and image applications, etc. While several related works deployed DL for NIDSs, most of these approaches ignore the influence of the overfitting problem during the implementation of DL algorithms. As a result, it can impact the robustness of the anomaly detection system and lead to poor model performance for zero-day attacks. In this work, we propose a new hybrid DL approach based on the convolutional neural network (CNN) to classify the flow traffic into normal or attack classes. A new regularizer method, namely SD-Reg, which is based on the standard deviation of the weight matrix, has been used to address the problem of overfitting and to improve the capability of NIDSs in detection of unseen intrusion events. The evaluation results indicate that the SD-Reg outperforms the previous regularizer methods. In addition, the proposed hybrid technique gives a higher performance in all the evaluation metrics compared to the single DL models. Several datasets, including the InSDN – the most recent dataset for SDN – are used to train and evaluate the performance of all techniques. Furthermore, we suggest a lightweight NIDS by training the CNN-based models using a less number of features without causing a significant drop in the model performance.

[1]  Chunhua Wang,et al.  Machine Learning and Deep Learning Methods for Cybersecurity , 2018, IEEE Access.

[2]  Ping Wang,et al.  Using convolutional neural networks to network intrusion detection for cyber threats , 2018, 2018 IEEE International Conference on Applied System Invention (ICASI).

[3]  Dumitru Erhan,et al.  Going deeper with convolutions , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[4]  Cheng Xing,et al.  An Intrusion Detection Model Based on Feature Reduction and Convolutional Neural Networks , 2019, IEEE Access.

[5]  Parman Sukarno,et al.  Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset , 2019, Journal of Physics: Conference Series.

[6]  Mei-Ling Shyu,et al.  A Survey on Deep Learning , 2018, ACM Comput. Surv..

[7]  José Augusto Baranauskas,et al.  How Many Trees in a Random Forest? , 2012, MLDM.

[8]  Howon Kim,et al.  An Effective Intrusion Detection Classifier Using Long Short-Term Memory with Gradient Descent Optimization , 2017, 2017 International Conference on Platform Technology and Service (PlatCon).

[9]  Vineet Richhariya,et al.  Survey of Current Network Intrusion Detection Techniques , 2013 .

[10]  M Mat Isa,et al.  Native SDN Intrusion Detection using Machine Learning , 2020, 2020 IEEE Eighth International Conference on Communications and Networking (ComNet).

[11]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[12]  Danilo Souza Silva,et al.  Machine learning algorithms to detect DDoS attacks in SDN , 2019, Concurr. Comput. Pract. Exp..

[13]  A. Ng Feature selection, L1 vs. L2 regularization, and rotational invariance , 2004, Twenty-first international conference on Machine learning - ICML '04.

[14]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[15]  Subhasri Duttagupta,et al.  VARMAN: Multi-plane security framework for software defined networks , 2019, Comput. Commun..

[16]  Prabaharan Poornachandran,et al.  Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security , 2018, 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT).

[17]  Xing Zhao,et al.  Intrusion Detection Algorithm Based on Convolutional Neural Network , 2018 .

[18]  Marwan Ali Albahar,et al.  Recurrent Neural Network Model Based on a New Regularization Technique for Real-Time Intrusion Detection in SDN Environments , 2019, Secur. Commun. Networks.

[19]  Lovekesh Vig,et al.  Long Short Term Memory Networks for Anomaly Detection in Time Series , 2015, ESANN.

[20]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[21]  Nhien-An Le-Khac,et al.  InSDN: A Novel SDN Intrusion Dataset , 2020, IEEE Access.

[22]  Virender Ranga,et al.  Statistical analysis of CIDDS-001 dataset for Network Intrusion Detection Systems using Distance-based Machine Learning , 2018 .

[23]  Sean Carlisto de Alvarenga,et al.  A survey of intrusion detection in Internet of Things , 2017, J. Netw. Comput. Appl..

[24]  Ali A. Ghorbani,et al.  Characterization of Encrypted and VPN Traffic using Time-related Features , 2016, ICISSP.

[25]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[26]  Shenghua Gao,et al.  Remembering history with convolutional LSTM for anomaly detection , 2017, 2017 IEEE International Conference on Multimedia and Expo (ICME).

[27]  Yu Wang,et al.  A fog-based privacy-preserving approach for distributed signature-based intrusion detection , 2018, J. Parallel Distributed Comput..

[28]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[29]  Andrew Hines,et al.  Towards Application-Aware Networking: ML-Based End-to-End Application KPI/QoE Metrics Characterization in SDN , 2018, 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN).

[30]  Richard K. G. Do,et al.  Convolutional neural networks: an overview and application in radiology , 2018, Insights into Imaging.

[31]  Pantiukhin Dmitry,et al.  Intelligent methods for intrusion detection in local area networks , 2019 .

[32]  Nhien-An Le-Khac,et al.  DDoSNet: A Deep-Learning Model for Detecting Network Attacks , 2020, 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[33]  Nhien-An Le-Khac,et al.  Network Anomaly Detection Using LSTM Based Autoencoder , 2020, Q2SWinet.

[34]  Rob Fergus,et al.  Visualizing and Understanding Convolutional Networks , 2013, ECCV.

[35]  Yu Lasheng,et al.  Deep Learning Approach Combining Sparse Autoencoder With SVM for Network Intrusion Detection , 2018, IEEE Access.

[36]  Ting Liu,et al.  Recent advances in convolutional neural networks , 2015, Pattern Recognit..

[37]  Nhien-An Le-Khac,et al.  Machine-Learning Techniques for Detecting Attacks in SDN , 2019, 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT).

[38]  Forrest N. Iandola,et al.  SqueezeNet: AlexNet-level accuracy with 50x fewer parameters and <1MB model size , 2016, ArXiv.

[39]  Nhien-An Le-Khac,et al.  Detecting Abnormal Traffic in Large-Scale Networks , 2020, 2020 International Symposium on Networks, Computers and Communications (ISNCC).

[40]  Zhen Liu,et al.  An Adaptive Ensemble Machine Learning Model for Intrusion Detection , 2019, IEEE Access.

[41]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[42]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[43]  Bernardi Pranggono,et al.  Machine learning based intrusion detection system for software defined networks , 2017, 2017 Seventh International Conference on Emerging Security Technologies (EST).

[44]  Ji Won Kim,et al.  CNN-Based Network Intrusion Detection against Denial-of-Service Attacks , 2020, Electronics.

[45]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[46]  Fahimeh Farahnakian,et al.  A deep auto-encoder based approach for intrusion detection system , 2018, 2018 20th International Conference on Advanced Communication Technology (ICACT).

[47]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[48]  Iqbal Gondal,et al.  Survey of intrusion detection systems: techniques, datasets and challenges , 2019, Cybersecurity.

[49]  Zhuowen Tu,et al.  Aggregated Residual Transformations for Deep Neural Networks , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[50]  Ozgur Koray Sahingoz,et al.  Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset , 2020, IEEE Access.

[51]  Nhien-An Le-Khac,et al.  Dealing With COVID-19 Network Traffic Spikes [Cybercrime and Forensics] , 2021, IEEE Security & Privacy.

[52]  Insoo Koo,et al.  Toward a Lightweight Intrusion Detection System for the Internet of Things , 2019, IEEE Access.

[53]  John Sartori,et al.  Approximate Communication , 2018, ACM Comput. Surv..

[54]  Zhifeng Zhao,et al.  AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks , 2018, IEEE Internet of Things Journal.