INTRUSION DETECTION USING NETWORK FLOW FEATURE FOR SOFTWARE-DEFINED NETWORKS

Abstract

In recent years, Software-Defined Networking (SDN) is a new network architecture that has been gaining popularity. This promises to simplify network control and management with centralized control of the network, but it also increases the risk of a single point of failure (SPOF) in the network. To mitigate SPOF, more cyber security research is needed on SDN networks. On the other hand, intrusion detection systems (IDSs) play a crucial role in SDN security by dealing with external threats. Machine learning-based IDSs are well-suited for SDN because they can be trained on a centralized controller. However, there is limited research on SDN intrusion detection systems. Existing literature often treats SDN intrusion detection as similar to intrusion detection in traditional computer systems. This approach can be problematic because SDN networks have different characteristics than traditional computer systems. In this paper, we propose a new method for SDN intrusion detection using machine learning. Our method addresses the problem of data imbalance, which is a common problem with machine learning datasets. We also evaluate our method on the most recent public SDN intrusion detection dataset. Our results show that our method can achieve high accuracy and low false alarm rates. Finally, we evaluate the performance of our method in two different SDN scenarios: with and without load balancing. Our results show that our method can achieve high performance in both scenarios.