A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique

Abstract

Software-defined networking (SDN) is a new networking paradigm that separates the controller from the network devices i.e. routers and switches. The centralized architecture of the SDN facilitates the overall network management and addresses the requirement of current data centers. While there are high benefits offered by the SDN architecture, the risk of new attacks is a critical problem and can prevent the wide adoption of SDNs. The SDN controller is a crucial element, and it is an attractive target for the intruders. In case the attacker successfully accessed the SDN controller, it can route the traffic based on its own requirements, causing severe damage to the entire network. The network intrusion detection systems (NIDSs) are important tools to detect and secure the network environment from malicious activities and anomalous attacks. Deep Learning (DL) has recently shown desirable results in a variety of problems, such as text, speech, and image applications, etc.While several related works deployed DL for NIDSs, most of these approaches ignore the influence of the overfitting problem during the implementation of DL algorithms. As a result, it can impact the robustness of the anomaly detection system and lead to poor model performance for zero-day attacks. In this work, we propose a new hybrid DL approach based on the convolutional neural network (CNN) to classify the flow traffic into normal or attack classes. A new regularizer method, namely SD-Reg, which is based on the standard deviation of the weight matrix, has been used to address the problem of overfitting and to improve the capability of NIDSs in detection of unseen intrusion events. The evaluation results indicate that the SD-Reg outperforms the previous regularizer methods. In addition, the proposed hybrid technique gives a higher performance in all the evaluation metrics compared to the single DL models. Several datasets, including the InSDN – the most recent dataset for SDN – are used to train and evaluate the performance of all techniques. Furthermore, we suggest a lightweight NIDS by training the CNN-based models using a less number of features without causing a significant drop in the model performance.