Deep-discovery: Anomaly discovery in software-defined networks using artificial neural networks

Abstract

This paper proposes Deep-Discovery, an Intrusion Detection System (IDS), to perform Anomaly Discovery in Software-Defined Networking (SDN) using Artificial Neural Network (ANN). The proposed IDS framework utilizes the Multi-Layer Perceptron (MLP), a Feedforward (FF) ANN, to detect volume-based and protocol-based Distributed Denial of Service (DDoS) attacks on the data plane of SDN. The proposed model considers the attack detection a multi-class classification problem and classifies the network traffic into six attack classes with an accuracy of 98.81% and a minimal False Alarm Rate (FAR) of 0.002. The proposed classification model addresses the binary classification problem to compare and analyze the classification performance metrics. The Deep-Discovery that deals with the binary classification problem categorizes the network traffic into anomalous and normal traffic with 99.79% accuracy and a nominal FAR of 0.0001. The novelty of this work is its emphasis on obtaining the optimal performance metrics with a simple neural network with minimal computational overhead rather than an intricate and complex model.