Risk based intrusion detection system in software defined networking

Abstract

SummarySoftware defined networking (SDN) separates control from data operations. However, this technology adds a new security cost to the network architecture because of the ongoing and developing security vulnerabilities. An intrusion detection system must be continuously improved and integrated into the SDN architecture in order to provide a network defense against attacks. In this study, we propose a continual learning system based on risk assessment to detect intrusion in SDN. We suggest a technique for continually enhancing datasets to produce a more accurate prediction. The proposed system includes various processes, including risk assessment and the selection of the deep learning (DL) approach. We propose assessing the risks related to different intrusion types. Based on the risk value, we can identify which intrusion types are more important and have a dangerous impact. We use the risk values to choose the most appropriate DL approach and for the dataset's continual enrichment. We compare different DL methods using the standard metrics and two proposed metrics. Then, we propose to use a method based on the bit alternation approach to obtain a unique metric for decision‐making. Finally, we have studied the efficacy of our system using two case studies.