Flow Based Anomaly Detection in Software Defined Networking: A Deep Learning Approach With Feature Selection Method

Software Defined Networking (SDN) has come to prominence in recent years and demonstrates an enormous potential in shaping the future of networking by separating control plane from data plane. OpenFlow is the first and most widely used protocol that makes this separation possible in the first place. As a newly emerged technology, SDN has its inherent security threats that can be eliminated or at least mitigated by securing the OpenFlow controller that manages flow control in SDN. A flow based anomaly detection method in OpenFlow controller using Deep Neural Network (DNN) have been approached in this research. Hence, in this exploration, we propose a combined Gated Recurrent Unit Long Short Term Memory (GRU-LSTM) Network intrusion detection system. In order to improve the classifier performance, an appropriate ANOVA F-Test and Recursive feature Elimination (RFE) (ANOVA F-RFE) feature selection method also have been applied. The proposed approach is tested using the benchmark dataset NSL-KDD. A subset of complete dataset with convenient feature selection ensures the highest accuracy of 87% with GRU-LSTM Model. Experimental results show that deep-learning approach with feature selection method offers high potential for flow-based anomaly detection in OpenFlow controller.

[1]  Ahmad Y. Javaid,et al.  A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN) , 2016, EAI Endorsed Trans. Security Safety.

[2]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[3]  S. Ramakrishnan,et al.  PERFORMANCE COMPARISON FOR INTRUSION DETECTION SYSTEM USING NEURAL NETWORK WITH KDD DATASET , 2014, SOCO 2014.

[4]  Truong Thu Huong,et al.  OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks , 2016, 2016 IEEE Sixth International Conference on Communications and Electronics (ICCE).

[5]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[6]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[7]  Izzat Alsmadi,et al.  Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach , 2017, J. Netw. Comput. Appl..

[8]  Yoshua Bengio,et al.  Empirical Evaluation of Gated Recurrent Neural Networks on Sequence Modeling , 2014, ArXiv.

[9]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[10]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[11]  Yoshua Bengio,et al.  Gradient Flow in Recurrent Nets: the Difficulty of Learning Long-Term Dependencies , 2001 .

[12]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[13]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[14]  Philipp Winter,et al.  Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[15]  Vallipuram Muthukkumarasamy,et al.  Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[16]  Yoshua Bengio,et al.  Learning Phrase Representations using RNN Encoder–Decoder for Statistical Machine Translation , 2014, EMNLP.

[17]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[18]  Syed Zainudeen Mohd Said,et al.  A Subset Feature Elimination Mechanism for Intrusion Detection System , 2016 .

[19]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[20]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[21]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[22]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[23]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).