Abstract
AbstractIn recent years, there has been a huge increase in the number of attacks that cause huge damage and financial losses for both educational and business organizations. Intrusion detection systems (IDSs) play a key role in ensuring network security. With the emergence of new types of security threats, traditional IDSs based on pattern matching and signature filtering are limited by their need of new/up-to-date attack patterns. To tackle this issue, machine learning and deep learning (ML/DL) techniques have been proposed in the literature to enhance the detection ability of traditional IDSs. In this chapter, we investigate a novel problem of using unsupervised learning in the task of network intrusion detection in software-defined networks (SDN). In particular, we develop a novel outlier detection method with Isolation Forest (IDS-IF) to effectively detect network anomalies in SDN. Most of the existing unsupervised ML/DL techniques suffer from high false positive rates since they consider any deviation from the normal behavior as intrusion. To alleviate this issue, IDS-IF isolates intrusions instead of profiling normal data samples. The proposed solution not only enhances the detection performance but also reduces the false positive rate as well as computational complexity. The experimental results using the well-known public network security dataset KDD show that IDS-IF outperforms the recent state-of-the-art outlier detection method (i.e., Local Outlier Factor (LOF)) in terms of accuracy, F1 score, and false positives rates, making it a promising method to cope with the new emerging security threats in SDN.KeywordsIDSUnsupervised learningIsolation ForestSDN
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call