An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks

Abstract

Software-defined networking (SDN) is a novel networking paradigm that provides enhanced programming abilities, which can be used to solve traditional security challenges on the basis of more efficient approaches. The most important element in the SDN paradigm is the controller, which manages the flows of each correspondence forwarding element (switch or router). Flow statistics provided by the controller are considered to be useful information that can be used to develop a network-based intrusion detection system. Therefore, in this paper, we propose a 5-level hybrid classification system based on flow statistics in order to attain an improvement in the overall accuracy of the system. For the first level, we employ the k-nearest neighbor approach (kNN); for the second level, we use the extreme learning machine (ELM); and for the remaining levels, we utilize the hierarchical extreme learning machine (HELM) approach. In comparison with conventional supervised machine learning algorithms and other state-of-the-art methodologies based on the NSL-KDD benchmark dataset, the experimental study showed that our system achieves a good accuracy (84.29%), with an ability to detect new attacks that reaches 77.18%. Therefore, our approach presents an efficient approach for intrusion detection in SDNs.