Abstract
Software-Defined Network (SDN) has been developed to reduce network complexity through control and manage the whole network from a centralized location. Today, SDN is widely implemented in many data center's network environments. Nevertheless, emerging technology itself can lead to many vulnerabilities and threats which are still challenging for manufacturers to address it. Therefore, deploying Intrusion Detection Systems (IDSs) to monitor malicious activities is a crucial part of the network architecture. Although the centralized view of the SDN network creates new opportunities for the implementation of IDSs, the performance of these detection techniques relies on the quality of the training datasets. Unfortunately, there are no publicly available datasets that can be used directly for anomaly detection systems applied in SDN networks. The majority of the published studies use non-compatible and outdated datasets, such as the KDD'99 dataset. This manuscript aims to generate an attack-specific SDN dataset and it is publicly available to the researchers. To the best of our knowledge, our work is one of the first solutions to produce a comprehensive SDN dataset to verify the performance of intrusion detection systems. The new dataset includes the benign and various attack categories that can occur in the different elements of the SDN platform. Further, we demonstrate the use of our proposed dataset by performing an experimental evaluation using eight popular machine-learning-based techniques for IDSs.
Highlights
In conventional distributed networks, the functionality of decision making processes known as control plane and, the forwarding of network traffic are implemented within the network devices
One of the significant challenges for deploying Intrusion Detection Systems (IDSs) is the fact that there is no public dataset generated directly from Software-Defined Network (SDN) networks and can be used for training and evaluation of anomaly detection systems
Some previous efforts [3]–[8] have been tried to simulate the SDN network and generate an acceptable dataset, the existing datasets only outline a few types of attacks i.e. only focus on Denial of Service (DoS)/DDoS threats without considering the different attack classes existing in the SDN network
Summary
The functionality of decision making processes known as control plane and, the forwarding of network traffic (data plane) are implemented within the network devices (e.g. routers or switches). One of the significant challenges for deploying IDS is the fact that there is no public dataset generated directly from SDN networks and can be used for training and evaluation of anomaly detection systems. Some previous efforts [3]–[8] have been tried to simulate the SDN network and generate an acceptable dataset, the existing datasets only outline a few types of attacks i.e. only focus on DoS/DDoS threats without considering the different attack classes existing in the SDN network. We consider the common attack classes in conventional networks, besides the new attacks data that are generated in SDN during its centralized design. The impact of the generated attacks on the different elements of SDN is reviewed This can help the researchers to identify potential holes, and they can propose several countermeasures based on these requirements. Demonstrating how to use the new dataset with popular Machine Learning (ML) techniques applied in anomaly detection systems for the SDN network
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
