Overhead Reduction Technique for Software-Defined Network Based Intrusion Detection Systems

Abstract

In Software-Defined Networks, the Intrusion Detection System is receiving growing attention, due to the expansion of the internet and cloud storage. This system is vital for institutions that use cloud services and have many users. Although the Intrusion Detection System offers several security features, its performance is lagging behind in large enterprise’s networks. Existing approaches are based on centralised processing and use many features to implement a protection system. Therefore, system overload and poor performance occur at the controller and OpenFlow switches. As a result, the current solutions create issues that must be considered, especially when they are implemented on large networks. Furthermore, enhancements in security applications improve the reliability of networks. Following a literature review of the existing Intrusion Detection Systems, this paper presents a new model that offers decentralised processing and exchanges data over a trusted, independent channel, in order to solve issues relating to system overload and poor performance. Our model utilises an appropriate feature selection method to reduce the number of extracted features and minimise the data transmitted over the channels. Additionally, the Naive Bayes algorithm has been employed for flow classification purposes, since it is a fast classifier. We successfully implemented our framework, using the Mininet emulator, which provides a suitable networking environment. Evaluations indicates that our proposed system can detect various attacks with an accuracy of 98.46% and nominal decreasing rates of 1.5% in throughput and 0.7% in latency analyses, when the model is implemented in wide range networks.