Machine Learning Based Intrusion Detection System for Software Defined Networks

Software-Defined Networks (SDN) is an emerging area that promises to change the way we design, build, and operate network architecture. It tends to shift from traditional network architecture of proprietary based to open and programmable network architecture. However, this new innovative and improved technology also brings another security burden into the network architecture, with existing and emerging security threats. The network vulnerability has become more open to intruders: the focus is now shifted to a single point of failure where the central controller is a prime target. Therefore, integration of intrusion detection system (IDS) into the SDN architecture is essential to provide a network with attack countermeasure. The work designed and developed a virtual testbed that simulates the processes of the real network environment, where a star topology is created with hosts and servers connected to the OpenFlow OVS-switch. Signature-based Snort IDS is deployed for traffic monitoring and attack detection, by mirroring the traffic destine to the servers. The vulnerability assessment shows possible attacks threat exist in the network architecture and effectively contain by Snort IDS except for the few which the suggestion is made for possible mitigation. In order to provide scalable threat detection in the architecture, a flow-based IDS model is developed. A flow-based anomaly detection is implemented with machine learning to overcome the limitation of signature-based IDS. The results show positive improvement for detection of almost all the possible attacks in SDN environment with our pattern recognition of neural network for machine learning using our trained model with over 97% accuracy.