Performance Analysis of SDN-Based Intrusion Detection Model with Feature Selection Approach

Generally, there are two types of approaches available for the detection of networks attacks, namely signature based and anomaly based. In this work, we will analyze the performance of anomaly-based detection model in SDN with the help of some common machine learning algorithms and feature selection mechanisms. We construct a mechanism of machine learning model for an intrusion detection system and train the model with the NSL-KDD Data set using feature selection technique. In order to enhance the performance of the classifier, some feature selection methods have been applied as a prepossessing of the data set. We have used five feature selection methods, namely Info Gain, Gain Ratio, CFS Subset Evaluator, Symmetric Uncertainty, and Chi-square test. A full data set of 41 features and a reduced data set after applying feature selection method has been experimented. A data set with feature selection ensures the highest accuracy with Random Forest classifier using Gain Ratio feature selection Evaluator.

[1]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  Truong Thu Huong,et al.  OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks , 2016, 2016 IEEE Sixth International Conference on Communications and Electronics (ICCE).

[4]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[5]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[6]  David Erickson,et al.  The beacon openflow controller , 2013, HotSDN '13.

[7]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[8]  Yu-Xin Meng,et al.  The practice on using machine learning for network anomaly intrusion detection , 2011, 2011 International Conference on Machine Learning and Cybernetics.

[9]  Anamika Yadav,et al.  Performance analysis of NSL-KDD dataset using ANN , 2015, 2015 International Conference on Signal Processing and Communication Engineering Systems.

[10]  Vallipuram Muthukkumarasamy,et al.  Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[11]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[12]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[13]  Bernardi Pranggono,et al.  Machine learning based intrusion detection system for software defined networks , 2017, 2017 Seventh International Conference on Emerging Security Technologies (EST).

[14]  Seemab Latif,et al.  Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques , 2014, 2014 National Software Engineering Conference.

[15]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[16]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.