Developing Flow-Based Intrusion Detection Model for Software Defined Network Using Machine Learning Approach

Abstract

With the rapid growth use of information technology today, hacking and other unauthorized activities have dynamically increased than ever before. Private and organization data and various resources found with the software-defined network controllers are vulnerable to malicious attacks. An intrusion detection system using Machine learning models plays a very important role in protecting computer network security. Various machine learning and Deep learning algorithms have been applied in network intrusion detection systems. Based on the literature review, many intrusions detection-related papers are specific to machine learning-based IDSs are developed. However, the presents IDSs still have their own drawbacks such as low processing speed, low detection rate, high training time, and relatively high false alarm rate (FAR). Most SDN-based IDS use the signature-based approach that detects only known attacks and needs continuous updating of the database to detect new attacks in the SDN network controllers. To overcome these challenges, we propose efficient flow-based IDS using Machine learning. The proposed research work focused on developing of an intrusion detection model with better detection rates, less training time, and improved performance by performing the training in parallel and selecting the most effective parameter for the model that can improve the performance of the models. The model learned the abstract and high dimensional feature representation of the NSL-KDD by passing them into many hidden layers. CNN and its variant architectures have significantly performed well in comparison with different classical machine learning classifiers. The experimental results show that the performance of the proposed flow-based anomaly intrusion detection system for software defined network using Deep learning models is significantly better than other network intrusion detection models, which achieved the best detection accuracy 99.61%, ROC 99%, short training time, low model loss, low reconstruction error, low false-positive rate, and low overfitting. Through rigorous experimental testing, it is confirmed that the flow-based anomaly intrusion detection system for software defined networks using a Machine Learning and Deep Learning algorithm performs well in comparison to the previous studies.