Unsupervised Deep Learning for Software Defined Networks Anomalies Detection

Abstract

Software-Defined Networks (SDN) initiates a novel networking model. SDN introduces the separation of forwarding and control planes by proposing a new independent plane called network controller. The architecture enhances the network resilient, decompose management complexity, and support more straightforward network policies enforcement. However, the model suffers severe security threats. Specifically, a centralized network controller is a precious target for the attackers for two reasons. First, the controller is located at a central location between the application and data planes. Second, a controller is software which prone to vulnerabilities, e.g., buffer and stack overflow. Hence, providing security measures is a crucial procedure towards the fully unleash of the new model capabilities. Intrusion detection is one option to enhance networking security. Several approaches were proposed, for instance, signature-based, and anomaly detection. Anomaly detection is a broad approach deployed by various methods, e.g., machine learning. For many decades intrusion detection solution suffers performance and accuracy deficiencies. This paper revisits network anomalies detection as recent advances in machine learning particularly deep learning. The study proposes an intrusion detection framework based on unsupervised deep learning algorithms. The framework consists of an unsupervised deep learning phase followed by simple clustering algorithms, e.g. k-means. Our results showed accuracy over 99%, that is a significant improvement in detection accuracy.