scholarly journals Effects of Machine Learning Approach in Flow-Based Anomaly Detection on Software-Defined Networking

Symmetry ◽  
2019 ◽  
Vol 12 (1) ◽  
pp. 7 ◽  
Author(s):  
Samrat Kumar Dey ◽  
Md. Mahbubur Rahman
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Single Point ◽  
Software Defined Networking ◽  
Recursive Feature Elimination

Recent advancements in software-defined networking (SDN) make it possible to overcome the management challenges of traditional networks by logically centralizing the control plane and decoupling it from the forwarding plane. Through a symmetric and centralized controller, SDN can prevent security breaches, but it can also bring in new threats and vulnerabilities. The central controller can be a single point of failure. Hence, flow-based anomaly detection system in OpenFlow Controller can secure SDN to a great extent. In this research, we investigated two different approaches of flow-based intrusion detection system in OpenFlow Controller. The first of which is based on machine-learning algorithm where NSL-KDD dataset with feature selection ensures the accuracy of 82% with random forest classifier using the gain ratio feature selection evaluator. In the later phase, the second approach is combined with a deep neural network (DNN)-based intrusion detection system based on gated recurrent unit-long short-term memory (GRU-LSTM) where we used a suitable ANOVA F-Test and recursive feature elimination selection method to boost classifier output and achieve an accuracy of 88%. Substantial experiments with comparative analysis clearly show that, deep learning would be a better choice for intrusion detection in OpenFlow Controller.

scholarly journals Effects of Machine Learning Approach in Flow Based Anomaly Detection on Software Defined Networking

2019 ◽  
Author(s):  
Samrat Kumar Dey ◽  
Md. Mahbubur Rahman
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Anomaly Detection ◽  
Learning Algorithm ◽  
Detection System ◽  
Single Point ◽  
Feature Selection Method ◽  
Software Defined Networking ◽  
Recursive Feature Elimination

Recent advancements in Software Defined Networking (SDN) makes it possible to overcome the management challenges of traditional network by logically centralizing control plane and decoupling it from forwarding plane. Through centralized controllers, SDN can prevent security breach, but it also brings in new threats and vulnerabilities. Central controller can be a single point of failure. Hence, flow-based anomaly detection system in OpenFlow Controller can secure SDN to a great extent. In this paper, we investigated two different approaches of flow-based intrusion detection system in OpenFlow Controller. The first of which is based on machine-learning algorithm where NSL-KDD dataset with feature selection ensures the accuracy of 82% with Random Forest classifier using Gain Ratio feature selection evaluator. In the later phase, the second approach is combined with Gated Recurrent Unit Long Short-Term Memory based intrusion detection model based on Deep Neural Network (DNN) where we applied an appropriate ANOVA F-Test and Recursive Feature Elimination feature selection method to improve the classifier performance and achieved an accuracy of 88%. Substantial experiments with comparative analysis clearly show that, deep learning would be a better choice for intrusion detection in OpenFlow Controller.

An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier

2020 ◽  
pp. 1-20
Author(s):  
K. Muthamil Sudar ◽  
P. Deepalakshmi
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Network Architecture ◽  
Detection System ◽  
Software Defined Networking ◽  
Control Plane ◽  
Control Logic ◽  
Data Plane

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

scholarly journals Routing Attacs pada Internet Of Things Berbasis Smart Intrution Detecion System

2020 ◽  
Vol 7 (2) ◽  
pp. 329
Author(s):  
Eka Lailatus Sofa ◽  
Subiyanto Subiyanto
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Internet Of Things ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Machine Learning Algorithms ◽  
Machine Learning Algorithm ◽  
Routing Attacks

<p class="Abstrak"><em>Internet of Things</em> (IoT) telah memasuki berbagai aspek kehidupan manusia, diantaranya <em>smart city, smart home, smart street, </em>dan<em> smart industry </em>yang memanfaatkan internet untuk memantau informasi yang dibutuhkan<em>.</em> Meskipun sudah dienkripsi dan diautentikasi, protokol jaringan <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) yang dapat menghubungkan benda-benda yang terbatas sumber daya di IoT masih belum dapat diandalkan. Hal ini dikarenakan benda-benda tersebut masih dapat terpapar oleh <em>routing attacks</em> yang berasal dari jaringan 6LoWPAN dan internet. Makalah ini menyajikan kinerja <em>Smart Intrusion Detection System</em> berdasarkan <em>Compression Header Analyzer</em> untuk menganalisis model <em>routing attacks</em> lainnya pada jaringan IoT. IDS menggunakan <em>compression header</em> 6LoWPAN sebagai fitur untuk <em>machine learning algorithm</em> dalam mempelajari jenis <em>routing attacks</em>. Skenario simulasi dikembangkan untuk mendeteksi <em>routing attacks</em> berupa <em>selective forwarding attack</em> dan <em>sinkhole attack</em>. Pengujian dilakukan menggunakan <em>feature selection</em> dan <em>machine learning algorithm</em>. <em>Feature selection</em> digunakan untuk menentukan fitur signifikan yang dapat membedakan antara aktivitas normal dan abnormal. Sementara <em>machine learning algorithm</em> digunakan untuk mengklasifikasikan <em>routing attacks</em> pada jaringan IoT. Ada tujuh <em>machine learning algorithm</em> yang digunakan dalam klasifikasi antara lain <em>Random Forest, Random Tree, J48, Bayes Net, JRip, SMO,</em> dan <em>Naive Bayes</em>. Hasil percobaan disajikan untuk menunjukkan kinerja <em>Smart Intrusion Detection System</em> berdasarkan <em>Compression Header Analyzer</em> dalam menganalisis <em>routing attacks</em>. Hasil evaluasi menunjukkan bahwa IDS ini dapat mendeteksi antara serangan dan <em>non-</em>serangan.</p><p class="Abstrak"> </p><p class="Abstrak"><em><strong>Abstract</strong></em></p><p class="Abstract"><em>Internet of Things (IoT) has entered various aspects of human life including smart city, smart home, smart street, and smart industries that use the internet to get the information they need. Even though it's encrypted and authenticated, Internet protocol  <a title="IPv6" href="https://en.wikipedia.org/wiki/IPv6">IPv6</a> over Low-Power Wireless <a title="Personal area network" href="https://en.wikipedia.org/wiki/Personal_area_network">Personal Area Networks</a> (6LoWPAN) networks that can connect limited resources to IoT are still unreliable. This is because these objects can still be exposed to attacks from 6LoWPAN and the internet. This paper presents the performance of an Smart Intrusion Detection System based on Compression Header Analyzer to analyze other routing attack models on IoT networks. IDS uses a 6LoWPAN compression header as a feature for machine learning algorithms in learning the types of routing attacks. Simulation scenario was developed to detect routing attacks in the form of selective forwarding and sinkhole. Testing is done using the feature selection and machine learning algorithm. Feature selection is used to determine significant features that can distinguish between normal and abnormal activities. While machine learning algorithm is used to classify attacks on IoT networks. There were seven machine learning algorithms used in the classification including Random Forests, Random Trees, J48, Bayes Net, JRip, SMO, and Naive Bayes. Experiment Results to show the results of the Smart Intrusion Detection System based on Compression Header Analyzer in analyzing routing attacks. The evaluation results show that this IDS can protect between attacks and non-attacks.</em><strong></strong></p><p class="Abstrak"><em><strong><br /></strong></em></p>

Hybridization of Machine Learning Algorithm in Intrusion Detection System

2020 ◽  
pp. 150-175
Author(s):  
Amudha P. ◽  
Sivakumari S.
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Classification Accuracy ◽  
Intrusion Detection System ◽  
Learning Algorithm ◽  
Detection System ◽  
Principal Component ◽  
Machine Learning Algorithms ◽  
Feature Selection Technique ◽  
Efficient Manner

In recent years, the field of machine learning grows very fast both on the development of techniques and its application in intrusion detection. The computational complexity of the machine learning algorithms increases rapidly as the number of features in the datasets increases. By choosing the significant features, the number of features in the dataset can be reduced, which is critical to progress the classification accuracy and speed of algorithms. Also, achieving high accuracy and detection rate and lowering false alarm rates are the major challenges in designing an intrusion detection system. The major motivation of this work is to address these issues by hybridizing machine learning and swarm intelligence algorithms for enhancing the performance of intrusion detection system. It also emphasizes applying principal component analysis as feature selection technique on intrusion detection dataset for identifying the most suitable feature subsets which may provide high-quality results in a fast and efficient manner.

Sign in / Sign up

Export Citation Format

Share Document