Detection Optimization of Rare Attacks in Software-Defined Network using Ensemble Learning

Abstract

Software-defined networking (SDN) is a highly flexible architecture that automates and facilitates network configuration and management. Intrusion detection systems (IDS) are becoming essential components in the network to detect malicious attacks and suspicious activities by continuously monitoring network traffic. Integration between SDN and machine learning (ML) techniques is extensively used to build an effective IDS against all potential cyber-attacks that aim at breaking the network security policy and stealing valuable data. Implementing an IDS based on SDN and ML has the advantage of managing traffic dynamically and fully autonomously to provide high protection against security threats. The main objective of this paper is to propose an IDS based on SDN that integrates adaptive boosting and cost-sensitive techniques to improve the detection rates of rare attacks without compromising the detection accuracy of familiar attacks. Cost matrix values for various attacks are optimized using grid search and genetic algorithms. The integration of AdaBoost and cost-sensitive aims to build a classification model that minimizes the total number of high-cost errors caused by incorrectly classifying attacks. Experiments were conducted on the CSE-CIC-IDS2017 and CSE-CIC-IDS2018 datasets to simulate the network. The proposed algorithm's performance is evaluated using the macro F1-score and the geometric average of the recall (G-mean). Simulation results prove that the proposed algorithm enhances the detection performance of rare intrusions compared to current techniques, where it achieves the macro F1-score of 0.99 and the G-mean of 0.992 using CIC-IDSC-IDS2017, while for CIC-IDSC-IDS2018 the macro F1-score is 0.993 and the G-mean is 0.994.