Deep-learning-based Intrusion Detection for Software-defined Networking Space Systems

Abstract

This paper briefly reviews the application of the Software-defined Networking (SDN) architecture to satellite networks. It highlights the prominent cyber threats that SDN-based satellite networks are vulnerable to and proposes relevant defence mechanisms. SDN transforms traditional networking architectures by separating the control plane from the forwarding (data) plane. This separation enhances scalability and centralises management. In comparison, in traditional networks, the control plane and the data plane are usually combined, resulting in complex network management and reduced scalability. Satellite networks can take advantage of these benefits offered by SDN and this supports them as key enablers of critical services, including weather prediction, global broadband Internet coverage, and Internet of Things (IoT) services. Ease of configuration and flexibility are essential for satellites providing critical services to instantly adapt to network changes. These desirable attributes can be realised by applying SDN to satellite networks. Although SDN offers significant benefits to satellite networks, it is vulnerable to cyber-attacks and particularly due to its centralised architecture. A common attack on SDN is the Distributed Denial of Service (DDoS) attack which could render the entire SDN unavailable. To mitigate such threats, an efficient Intrusion Detection System (IDS) is required to monitor the network and detect any suspicious traffic. However, traditional IDSs produce too many false positives and often fail to detect advanced attacks. For their ability to learn feature hierarchies in network traffic data automatically, whether, for network traffic classification or anomaly detection, deep learning (DL) plays an increasingly important role in IDSs. In this paper, we present a brief review of recent developments in cyber security for SDN-based space systems, and we identify vulnerabilities and threats to an SDN-based satellite network. We further discuss the potential of a DL-based IDS for the detection of cyber threats. Finally, we identify further research gaps in the recent literature and propose future research directions.