Smart Multistage Privacy-Preserving Framework for Intrusion Detection in Multi-Domain SDN

Abstract

SDN architectures are frequently used by organizations for the management of their networks and the detection of anomalous traffic in a single domain. However, in the real world, anomalous traffic might result in attacks like distributed denial of service (DDoS) that affect numerous domains. During intrusion detection, each SDN domain has to send real traffic data of a large volume to the multi-domain controller, exposing its sensitive information. This paper proposes a smart multistage framework for detecting attacks and ensuring privacy at no additional cost. This work utilized the recent unbalanced InSDN dataset for experimentation. It also uses an oversampling technique that reduces the imbalance rate for each attack type and selects the smallest possible training size and feature set size for an increase in detection accuracy and a reduction in computational complexity. Then, a multi-class classifier method for intrusion detection that does not require regularization or hyperparameter tuning, called ensemble-learning-based shallow decision tree (ELSDT) is proposed. Furthermore, the performance of the proposed classifier on the InSDN dataset is assessed on an SDN testbed. Experimental results show the ability of the proposed smart multistage privacy-preserving framework to make a significant reduction in the training sample size and feature set size to 87% and 76%, respectively. It also shows its outperformance in recent literature works by 5.67% improved accuracy.