DeepIDS: Deep Learning Approach for Intrusion Detection in Software Defined Networking

Tang, Tuan Anh; Mhamdi, Lotfi; McLernon, Des; Zaidi, Syed Ali Raza; Ghogho, Mounir; Moussa, Fadi El

doi:10.3390/electronics9091533

Cited by 68 publications

(27 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They tested the performance of the proposed model on the NSL-KDD data set with two different deep learning algorithms as anomaly detector. The authors stated that the performance of the model was acceptable according to the results obtained in experimental studies [20].…”

Section: Related Workmentioning

confidence: 96%

Saldırı Tespit Sistemi İçin İstifleme Topluluk Öğrenme Yaklaşımı

Uçar

İncetaş³

2021

Düzce Üniversitesi Bilim Ve Teknoloji Dergisi

View full text Add to dashboard Cite

Intrusion detection systems (IDSs) have received great interest in computer science, along with increased network productivity and security threats. The purpose of this study is to determine whether the incoming network traffic is normal or an attack based on 41 features in the NSL-KDD dataset. In this paper, the performance of a stacking technique for network intrusion detection was analysed. Stacking technique is an ensemble approach which is used for combining various classification methods to produce a preferable classifier. Stacking models were trained on the NSLKDD training dataset and evaluated on the NSLKDDTest+ and NSLKDDTest21 test datasets. In the stacking technique, four different algorithms were used as base learners and an algorithm was used as a stacking meta learner. Logistic Regression (LR), Decision Trees (DT), Artificial Neural Networks (ANN), and K Nearest Neighbor (KNN) are the base learner models and Support Vector Machine (SVM) model is the meta learner. The proposed models were evaluated using accuracy rate and other performance metrics of classification. Experimental results showed that stacking significantly improved the performance of intrusion detection systems. The ensemble classifier (DT-LR-ANN + SVM) model achieved the best accuracy results with 90.57% in the NSLKDDTest + dataset and 84.32% in the NSLKDDTest21 dataset.

show abstract

Section: Related Workmentioning

confidence: 96%

Saldırı Tespit Sistemi İçin İstifleme Topluluk Öğrenme Yaklaşımı

Uçar

İncetaş³

2021

Düzce Üniversitesi Bilim Ve Teknoloji Dergisi

View full text Add to dashboard Cite

show abstract

“…Botnet traffic is retransmitted to isolate a bot-infected device in the SDN, and connectivity with the source IP defined by the ML classifier is clogged and secluded. DeepIDS, a flow based Deep Learning based IDS in SDN model is proposed by Tang et al [188]. Using DNN and GRU-RNN they have implemented the DeepIDS in a POX controller.…”

Section: Supervised DL Based Ids In Sdnmentioning

confidence: 99%

“…Hence, more research and indepth study are needed to detect novel attack types in SDN using ML-DL-based IDS. Another point is that, most of the ML-DLbased solutions focused on the intrusion detection approach only, few have discussed about the mitigation approach along with the detection approach, such as [129], [144], [147], [188], [205], [249], but there is a clear lack of studies which discussed about the prevention mechanism along with the detection and mitigation. We think that preventing the attack and keeping the SDN-based system functional while under attack is more critical than detecting or mitigating the attack.…”

Section: Lack Of Diverse Attack Detection and Additional Focus Towards Detection Rather Than Mitigation And Prevention Approachmentioning

confidence: 99%

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Rayhan¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Cite

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

show abstract

“…The DL model was tested with the NSL-KDD dataset, using a fully connected DNN and a gated RNN. The study stated that the DeepIDS model could provide success against flow-based attacks [17].…”

Section: Related Workmentioning

confidence: 99%

Deep network approach with stacked sparse autoencoders in detection of DDoS attacks on SDN‐based VANET

2020

View full text Add to dashboard Cite

Software-defined network (SDN)-based vehicular ad hoc network (VANET) is an outstanding technology for smart transportation as it increases traffic safety, efficiency, comfort, and manageability. However, despite all its benefits and good performance, SDN-based VANET is vulnerable to attack threats such as distributed denial of service (DDoS). When SDN-based VANET systems are exposed to DDoS attacks, this may affect traffic safety, causing traffic accidents and deaths. Therefore, the relevant security threats need to be addressed before integrating the SDN-based VANETs into smart transportation systems. In this study, the stacked sparse autoencoder (SSAE) + Softmax classifier deep network model is proposed to detect DDoS attacks targeting SDN-based VANETs. The features in the dataset obtained from the SDN-based VANET were reduced dimensionally utilising SSAE, and the most significant features were obtained. Then, these features were used as input into the Softmax classifier. According to the experimental results, the best accuracy scores were calculated as 96.9% using the four-layer SSAE + Softmax classifier deep network model proposed. When compared, the results demonstrate the SSAE + Softmax classifier deep network model proposed can obtain better results in the classification of DDoS attacks and is more successful than the other machine learning classifiers.

show abstract

DeepIDS: Deep Learning Approach for Intrusion Detection in Software Defined Networking

Cited by 68 publications

References 28 publications

Saldırı Tespit Sistemi İçin İstifleme Topluluk Öğrenme Yaklaşımı

Saldırı Tespit Sistemi İçin İstifleme Topluluk Öğrenme Yaklaşımı

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Deep network approach with stacked sparse autoencoders in detection of DDoS attacks on SDN‐based VANET

Contact Info

Product

Resources

About