Evaluating the Isolation Forest Method for Anomaly Detection in Software-Defined Networking Security

Abstract

The research addresses the critical anomaly detection problem in Software-Defined Networking (SDN), a domain where network integrity and security are paramount. Employing the Isolation Forest algorithm, a machine learning model renowned for its efficacy in identifying outliers, the study systematically generates synthetic network traffic data to train and test the model's detection capabilities. The methodology encompasses simulating a range of contamination rates to reflect varying degrees of anomalous activities within the network. Key findings indicate that while the model exhibits potential in anomaly detection, as reflected by the progressive increase in triggered alerts and policy changes, its performance metrics, such as precision, recall, F1-score, and AUC, reveal limitations in its current application. The research contributes to the field by providing a detailed analysis of the Isolation Forest algorithm's performance in an SDN context and laying the groundwork for future enhancements in machine learning-based security measures within these networks.