Towards an Efficient Anomaly-Based Intrusion Detection for Software-Defined Networks
This work addresses the need for efficient intrusion detection to reduce controller overhead and enhance security in software-defined networks, but it is incremental as it applies existing methods to a specific domain.
The study evaluated the performance of 12 supervised machine-learning classifiers for anomaly-based intrusion detection in software-defined networks using the NSL-KDD dataset, comparing metrics such as accuracy, false alarm rate, and execution time.
Software-defined networking (SDN) is a new paradigm that allows developing more flexible network applications. SDN controller, which represents a centralized controlling point, is responsible for running various network applications as well as maintaining different network services and functionalities. Choosing an efficient intrusion detection system helps in reducing the overhead of the running controller and creates a more secure network. In this study, we investigate the performance of the well-known anomaly-based intrusion detection approaches in terms of accuracy, false alarm rate, precision, recall, f1-measure, area under ROC curve, execution time and Mc Nemar's test. Precisely, we focus on supervised machine-learning approaches where we use the following classifiers: Decision Trees (DT), Extreme Learning Machine (ELM), Naive Bayes (NB), Linear Discriminant Analysis (LDA), Neural Networks (NN), Support Vector Machines (SVM), Random Forest (RT), K Nearest-Neighbour (KNN), AdaBoost, RUSBoost, LogitBoost and BaggingTrees where we employ the well-known NSL-KDD benchmark dataset to compare the performance of each one of these classifiers.