Network Traffic Feature Behaviour Augmentation Fusion based Attacks Classification for Intrusion Detection System in SDN Framework

  • Duong Van Dan
  • Tran Nam Khanh
  • Tạ Minh Thanh Le Quy Don Technical University
Keywords: Software-Defined Network, Intrusion Detection System, Machine Learning, Data Augmentation, Load Balancing, Network Flow Feature, SDN Detection, Feature Fusion

Abstract

The implementation of Software-Defined Network
(SDN) across multiple data centers aims to simplify the
control and management of networks. However, the increasing
popularity of SDN has also attracted the attention of attackers.
To tackle this problem, it is essential to have an intrusion
detection system (IDS) in place, which plays a crucial role in
cybersecurity by addressing external threats. The advantage
of SDN’s centralized nature is that it facilitates the training of
an IDS based on machine learning. However, there is a scarcity
of research specifically focused on intrusion detection in SDN.
Existing literature often treats SDN intrusion detection as
similar to traditional computer systems and relies on intrusion
datasets generated for those systems. We explore the issue
of intrusion detection in SDN using the most recent public
dataset (InSDN). However, InSDN is an imbalanced data set.
In this paper, we have recommended a method to balance the
data as well as a method to find the best features to improve
the quality of IDS using Machine Learning. In addition, we
also suggest a method of classifying SDN network traffic and
normal network traffic. At the same time, we also evaluate the
efficiency of the SDN system with the load balancing system
and without the load balancing system.

Author Biographies

Duong Van Dan

Van Dan Duong graduated with a degree in Information Technology from Le Quy Don Technical University in Vietnam in 2023. His research interests lie in the areas of deep learning, steganography, and computer vision.

Tran Nam Khanh

Nam Khanh Tran obtained an impressive IT engineering degree from Le Quy Don Technical University in Vietnam in 2020. He has since been contributing to the academic community as a lecturer at the same university, specializing in the research fields of cybersecurity, technology network, and image processing.

Tạ Minh Thanh, Le Quy Don Technical University

Minh Thanh Ta is currently an Associate Professor and Vice Dean of Institute of Information and Communication Technology in Le Quy Don Technical University, Vietnam. He is also a Postdoctoral Fellow of the Department of Mathematical and Computing Sciences at Tokyo Institute of Technology. He received his B.S. and M.S in Computer Science from National Defense Academy, Japan, in 2005 and 2008 and his Ph.D. from Tokyo Institute of Technology, Japan, in 2015, respectively. He is a member of IPSJ Japan and IEEE. His research interests lie in the area of watermarking, network security, and computer vision.

References

J. A. Sava, “Software-defined networking (sdn) market size worldwide from 2021 to 2027,” Available at https://

www.statista.com/statistics/468636/global-sdn-market-size/(2023/25/5).

A. Chawla, B. Lee, S. Fallon, and P. Jacob, “Host based intrusion detection system with combined cnn/rnn model,” in ECML PKDD 2018 Workshops, C. Alzate, A. Monreale, H. Assem, A. Bifet, T. S. Buda, B. Caglayan, B. Drury, E. Garc´ıa-Mart´ın, R. Gavald`a, I. Koprinska, S. Kramer, N. Lavesson, M. Madden, I. Molloy, M.-I. Nicolae, and M. Sinn, Eds. Cham: Springer International Publishing, 2019, pp. 149–158.

Y. Al-Nashif, A. A. Kumar, S. Hariri, Y. Luo, F. Szidarovsky, and G. Qu, “Multi-level intrusion detection system (ml-ids),” in 2008 International Conference on Autonomic Computing, 2008, pp. 131–140.

S. S. Gopalan, D. Ravikumar, D. Linekar, A. Raza, and M. Hasib, “Balancing approaches towards ml for ids: A

survey for the cse-cic ids dataset,” in 2020 International Conference on Communications, Signal Processing, and

their Applications (ICCSPA), 2021, pp. 1–6.

A. S. Dina and D. Manivannan, “Intrusion detection based on machine learning techniques in computer networks,” Internet of Things, vol. 16, p. 100462, 2021. [Online]. Available: https://www.sciencedirect.com/science/article/pii/ S2542660521001037

P. Parkar and A. Bilimoria, “A survey on cyber security ids using ml methods,” in 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), 2021, pp. 352–360.

M. Almgren and E. Jonsson, “Using active learning in intrusion detection,” in Proceedings. 17th IEEE Computer

Security Foundations Workshop, 2004., 2004, pp. 88–98.

M. S. Elsayed, N.-A. Le-Khac, and A. D. Jurcut, “Insdn: A novel sdn intrusion dataset,” IEEE Access, vol. 8, pp.

263–165 284, 2020.

S. Wang, J. F. Balarezo, K. G. Chavez, A. Al-Hourani, S. Kandeepan, M. R. Asghar, and G. Russello, “Detecting

flooding ddos attacks in software defined networks using supervised learning techniques,” Engineering Science and Technology, an International Journal, vol. 35, p. 101176, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S2215098622000842

N. N. Tuan, P. H. Hung, N. D. Nghia, N. V. Tho, T. V. Phan, and N. H. Thanh, “A ddos attack mitigation

scheme in isp networks using machine learning based on sdn,” Electronics, vol. 9, no. 3, 2020. [Online]. Available:

https://www.mdpi.com/2079-9292/9/3/413

N. S. Shamim Towhid, “Early detection of intrusion in sdn,” Available at https://uregina.ca/∼nss373/papers/

Early-detection-SDN.pdf (2023/25/5).

M. R. Ahmed, salekul Islam, S. Shatabda, A. K. M. M.Islam, and M. T. I. Robin, “Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey,” 12 2021. [Online]. Available: https://www.techrxiv.org/articles/preprint/Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques A Comprehensive Survey/17153213

A. Bhardwaj, R. Tyagi, N. Sharma, A. Khare, M. S. Punia, and V. K. Garg, “Network intrusion detection in software defined networking with self-organized constraint-based intelligent learning framework,” Measurement: Sensors, vol. 24, p. 100580, 2022. [Online]. Available: https://www.

sciencedirect.com/science/article/pii/S2665917422002148

S. Dahiya, V. Siwach, and H. Sehrawat, “Review of ai techniques in development of network intrusion detection system in sdn framework,” in 2021 International Conference on Computational Performance Evaluation (ComPE), 2021, pp. 168–174.

N. Sultana, N. Chilamkurti, W. Peng, and R. Alhadad,“Survey on sdn based network intrusion detection system using machine learning approaches,” Peer-to-Peer Networking and Applications, vol. 12, no. 2, pp. 493–501, Mar 2019. [Online]. Available: https://doi.org/10.1007/s12083-017-0630-0

M. R. Hadi and A. S. Mohammed, “A novel approach to network intrusion detection system using deep learning for SDN: Futuristic approach,” in Machine Learning &amp Applications. Academy and Industry Research

Collaboration Center (AIRCC), jun 2022. [Online]. Available: https://doi.org/10.5121%2Fcsit.2022.121106

M. S. Towhid and N. Shahriar, “Early detection of intrusion in sdn,” in NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, 2023, pp. 1–6.

M. S. ElSayed, N.-A. Le-Khac, M. A. Albahar, and A. Jurcut, “A novel hybrid model for intrusion detection

systems in sdns based on cnn and a new regularization technique,” Journal of Network and Computer Applications, vol. 191, p. 103160, 2021. [Online]. Available: https://www. sciencedirect.com/science/article/pii/S1084804521001739

S. Ray, “A quick review of machine learning algorithms,” in 2019 International Conference on Machine Learning, BigData, Cloud and Parallel Computing (COMITCon), 2019, pp. 35–39.

P. Jeatrakul, K. W. Wong, and C. C. Fung, “Classification of imbalanced data by combining the complementary neural network and smote algorithm,” in Neural Information Processing. Models and Applications, K. W. Wong, B. S. U.Mendis, and A. Bouzerdoum, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 152–159.

N. Chawla, K. Bowyer, L. Hall, and W. Kegelmeyer, “Smote: Synthetic minority over-sampling technique,” J. Artif. Intell. Res. (JAIR), vol. 16, pp. 321–357, 06 2002.

G. Douzas and F. Bacao, “Geometric smote a geometrically enhanced drop-in replacement for smote,” Information Sciences, vol. 501, pp. 118–135, 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0020025519305353

Z. Wang, J. Hu, G. Min, Z. Zhao, and J. Wang, “Dataaugmentation-based cellular traffic prediction in edgecomputing- enabled smart city,” IEEE Transactions on Industrial Informatics, vol. 17, no. 6, pp. 4179–4187, 2021.

G. Lemaˆıtre, F. Nogueira, and C. K. Aridas, “Imbalancedlearn: A python toolbox to tackle the curse of imbalanced datasets in machine learning,” Journal of Machine Learning Research, vol. 18, no. 17, pp. 1–5, 2017. [Online]. Available: http://jmlr.org/papers/v18/16-365

T. Hastie, R. Tibshirani, and J. Friedman, The elements of statistical learning: data mining, inference and prediction, 2nd ed. Springer, 2009. [Online]. Available: http://www-stat.stanford.edu/∼tibs/ElemStatLearn/

Published
2024-09-15