Abstract
An intrusion detection system (IDS) is an essential component of any modern network. The purpose of an IDS is to detect intrusion and generate appropriate alarms so that the intrusion can be mitigated. Implementing an IDS in a Software Defined Network (SDN) is easier since an SDN controller has a centralized view of the whole network. Researchers have made many efforts to use machine learning (ML) for developing network-based IDS in SDN. The network-based IDS analyzes different characteristics of incoming network traffic to detect intrusion. Early detection of intrusion is crucial for an IDS because if the intrusion is not detected quickly enough, it can cause severe damage, such as data breaches and service shutdowns. This paper focuses on detecting intrusion in SDN as early as possible using real-time flow-based features. Our aim is to detect intrusion with less amount of packets per flow, which not only facilitates early intrusion detection but also is useful when an intrusion flow has less number of packets. We show that although ML models perform well in offline training on a dataset, their performance decreases ~25% when fewer packets are used to generate features for the ML model. In all our experiments, a simple Random Forest (RF) algorithm outperforms a complex deep learning model on a publicly available dataset for intrusion detection in SDN.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
