DeepIDS: Deep Learning Approach for Intrusion Detection in Software Defined Networking

Software Defined Networking (SDN) is developing as a new solution for the development and innovation of the Internet. SDN is expected to be the ideal future for the Internet, since it can provide a controllable, dynamic, and cost-effective network. The emergence of SDN provides a unique opportunity...

Full description

Saved in:
Bibliographic Details
Published inElectronics (Basel) Vol. 9; no. 9; p. 1533
Main Authors Tang, Tuan Anh, Mhamdi, Lotfi, McLernon, Des, Zaidi, Syed Ali Raza, Ghogho, Mounir, El Moussa, Fadi
Format Journal Article
LanguageEnglish
Published Basel MDPI AG 01.09.2020
Subjects
Accuracy
Algorithms
Anomalies
Artificial neural networks
Communication channels
Computer architecture
Controllers
Cybersecurity
Datasets
Deep learning
Denial of service attacks
False alarms
Internet
Intrusion detection systems
Machine learning
Network latency
Neural networks
Performance evaluation
Recurrent neural networks
Resource utilization
Software
Software-defined networking
Support vector machines
Online AccessGet full text

Cover

Abstract Software Defined Networking (SDN) is developing as a new solution for the development and innovation of the Internet. SDN is expected to be the ideal future for the Internet, since it can provide a controllable, dynamic, and cost-effective network. The emergence of SDN provides a unique opportunity to achieve network security in a more efficient and flexible manner. However, SDN also has original structural vulnerabilities, which are the centralized controller, the control-data interface and the control-application interface. These vulnerabilities can be exploited by intruders to conduct several types of attacks. In this paper, we propose a deep learning (DL) approach for a network intrusion detection system (DeepIDS) in the SDN architecture. Our models are trained and tested with the NSL-KDD dataset and achieved an accuracy of 80.7% and 90% for a Fully Connected Deep Neural Network (DNN) and a Gated Recurrent Neural Network (GRU-RNN), respectively. Through experiments, we confirm that the DL approach has the potential for flow-based anomaly detection in the SDN environment. We also evaluate the performance of our system in terms of throughput, latency, and resource utilization. Our test results show that DeepIDS does not affect the performance of the OpenFlow controller and so is a feasible approach.
AbstractList Software Defined Networking (SDN) is developing as a new solution for the development and innovation of the Internet. SDN is expected to be the ideal future for the Internet, since it can provide a controllable, dynamic, and cost-effective network. The emergence of SDN provides a unique opportunity to achieve network security in a more efficient and flexible manner. However, SDN also has original structural vulnerabilities, which are the centralized controller, the control-data interface and the control-application interface. These vulnerabilities can be exploited by intruders to conduct several types of attacks. In this paper, we propose a deep learning (DL) approach for a network intrusion detection system (DeepIDS) in the SDN architecture. Our models are trained and tested with the NSL-KDD dataset and achieved an accuracy of 80.7% and 90% for a Fully Connected Deep Neural Network (DNN) and a Gated Recurrent Neural Network (GRU-RNN), respectively. Through experiments, we confirm that the DL approach has the potential for flow-based anomaly detection in the SDN environment. We also evaluate the performance of our system in terms of throughput, latency, and resource utilization. Our test results show that DeepIDS does not affect the performance of the OpenFlow controller and so is a feasible approach.
Author Tang, Tuan Anh
El Moussa, Fadi
Mhamdi, Lotfi
Ghogho, Mounir
McLernon, Des
Zaidi, Syed Ali Raza
Author_xml – sequence: 1
  givenname: Tuan Anh
  surname: Tang
  fullname: Tang, Tuan Anh
– sequence: 2
  givenname: Lotfi
  surname: Mhamdi
  fullname: Mhamdi, Lotfi
– sequence: 3
  givenname: Des
  surname: McLernon
  fullname: McLernon, Des
– sequence: 4
  givenname: Syed Ali Raza
  surname: Zaidi
  fullname: Zaidi, Syed Ali Raza
– sequence: 5
  givenname: Mounir
  surname: Ghogho
  fullname: Ghogho, Mounir
– sequence: 6
  givenname: Fadi
  surname: El Moussa
  fullname: El Moussa, Fadi
BookMark eNplkE1LAzEQhoMoWGv_gKcFz6uTTLPbeCutH4Wih6rXJZsP3VqTNUkp_ntT6kFwLvMwvDPv8J6RY-edIeSCwhWigGuzMSoF7zoVBQjKEY_IgEEtSsEEO_7Dp2QU4xpyCYoThAF5nRvTL-arm2IPxdLI4Dr3Vkz7Pnip3gvrQ7FwKWxj510Wpey1p84VK2_TTgaTp7ZzRhePJu18-Mj75-TEyk00o98-JC93t8-zh3L5dL-YTZelQipSyTXKGoHxlgNgDcJSqLSRLepKty3asVaiUkxq5BPWWhwDsxY5ajQoqMIhuTzczd9-bU1Mzdpvg8uWDeNCQM0rClnFDioVfIzB2KYP3acM3w2FZh9h8z9C_AEC2Wjq
CitedBy_id crossref_primary_10_32604_cmc_2023_033896
crossref_primary_10_1109_JIOT_2022_3229722
crossref_primary_10_3390_sym14091916
crossref_primary_10_1016_j_procs_2021_10_078
crossref_primary_10_3390_electronics9122006
crossref_primary_10_32604_cmc_2021_017665
crossref_primary_10_3390_info14010041
crossref_primary_10_1007_s11277_023_10402_7
crossref_primary_10_1109_TNSE_2021_3059881
crossref_primary_10_1016_j_jnca_2021_103111
crossref_primary_10_32604_cmc_2022_017772
crossref_primary_10_7717_peerj_cs_1674
crossref_primary_10_1007_s10922_023_09748_x
crossref_primary_10_32604_cmc_2023_034176
crossref_primary_10_1016_j_jnca_2021_103093
crossref_primary_10_1016_j_comnet_2022_109484
crossref_primary_10_3390_s23094441
crossref_primary_10_1016_j_procs_2024_04_176
crossref_primary_10_1371_journal_pone_0297548
crossref_primary_10_3390_fi14020044
crossref_primary_10_1016_j_micpro_2022_104752
crossref_primary_10_32604_iasc_2023_034908
crossref_primary_10_32604_iasc_2022_024668
crossref_primary_10_1016_j_comcom_2021_11_014
crossref_primary_10_1016_j_compeleceng_2022_108034
crossref_primary_10_1007_s11227_023_05073_x
crossref_primary_10_1109_ACCESS_2022_3148134
crossref_primary_10_1109_TCE_2023_3283704
crossref_primary_10_3390_telecom4030025
crossref_primary_10_1007_s11042_024_18466_8
crossref_primary_10_4236_jis_2024_152015
crossref_primary_10_1016_j_phycom_2022_101956
crossref_primary_10_29130_dubited_737211
crossref_primary_10_3233_JIFS_236340
Cites_doi 10.15439/2014F175
10.1016/j.comnet.2016.05.019
10.1109/NTMS.2011.5720582
10.1109/CISDA.2009.5356528
10.1109/COMST.2015.2453114
10.1016/j.jnca.2016.12.024
10.1109/ICCNC.2015.7069319
10.1145/1355734.1355746
10.1145/2534169.2486019
10.1016/j.bjp.2013.10.014
10.1109/SP.2010.25
10.14722/ndss.2015.23064
10.1109/ICoAC.2014.7229711
10.1109/JPROC.2014.2371999
10.4108/eai.3-12-2015.2262516
10.1109/CCE.2016.7562606
10.1145/2491185.2491199
10.1109/CINTI.2014.7028696
10.1016/j.protcy.2012.05.017
10.1109/ACCESS.2017.2762418
10.1109/TETCI.2017.2772792
10.1109/LCN.2010.5735752
10.1109/WINCOM.2016.7777224
10.1016/j.cose.2011.12.012
10.1109/ATC.2015.7388340
10.1007/978-3-642-23644-0_9
10.3115/v1/D14-1179
ContentType Journal Article
Copyright 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Copyright_xml – notice: 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
DBID AAYXX
CITATION
7SP
8FD
8FE
8FG
ABUWG
AFKRA
ARAPS
AZQEC
BENPR
BGLVJ
CCPQU
DWQXO
HCIFZ
L7M
P5Z
P62
PIMPY
PQEST
PQQKQ
PQUKI
PRINS
DOI 10.3390/electronics9091533
DatabaseName CrossRef
Electronics & Communications Abstracts
Technology Research Database
ProQuest SciTech Collection
ProQuest Technology Collection
ProQuest Central (Alumni)
ProQuest Central
Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest Central
Technology Collection
ProQuest One Community College
ProQuest Central Korea
SciTech Premium Collection
Advanced Technologies Database with Aerospace
Advanced Technologies & Aerospace Database
ProQuest Advanced Technologies & Aerospace Collection
Publicly Available Content Database
ProQuest One Academic Eastern Edition (DO NOT USE)
ProQuest One Academic
ProQuest One Academic UKI Edition
ProQuest Central China
DatabaseTitle CrossRef
Publicly Available Content Database
Advanced Technologies & Aerospace Collection
Technology Collection
Technology Research Database
ProQuest Advanced Technologies & Aerospace Collection
ProQuest Central Essentials
ProQuest One Academic Eastern Edition
Electronics & Communications Abstracts
ProQuest Central (Alumni Edition)
SciTech Premium Collection
ProQuest One Community College
ProQuest Technology Collection
ProQuest SciTech Collection
ProQuest Central China
ProQuest Central
Advanced Technologies & Aerospace Database
ProQuest One Academic UKI Edition
ProQuest Central Korea
ProQuest One Academic
Advanced Technologies Database with Aerospace
DatabaseTitleList Publicly Available Content Database
CrossRef
Database_xml – sequence: 1
  dbid: 8FG
  name: ProQuest Technology Collection
  url: https://search.proquest.com/technologycollection1
  sourceTypes: Aggregation Database
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2079-9292
ExternalDocumentID 10_3390_electronics9091533
GroupedDBID 5VS
8FE
8FG
AAYXX
AFKRA
ALMA_UNASSIGNED_HOLDINGS
ARAPS
BENPR
BGLVJ
CCPQU
CITATION
GROUPED_DOAJ
HCIFZ
IAO
KQ8
MODMG
M~E
OK1
P62
PIMPY
PROAC
7SP
8FD
ABUWG
AZQEC
DWQXO
L7M
PQEST
PQQKQ
PQUKI
PRINS
ID FETCH-LOGICAL-c319t-5d3a73025b5003709f106deab3d6dbb3f4dc96c2ad3582bf3402ff353d3e391c3
IEDL.DBID BENPR
ISSN 2079-9292
IngestDate Thu Oct 10 20:05:39 EDT 2024
Thu Sep 26 21:26:43 EDT 2024
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Issue 9
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c319t-5d3a73025b5003709f106deab3d6dbb3f4dc96c2ad3582bf3402ff353d3e391c3
OpenAccessLink https://www.proquest.com/docview/2599075610?pq-origsite=%requestingapplication%
PQID 2599075610
PQPubID 2032404
ParticipantIDs proquest_journals_2599075610
crossref_primary_10_3390_electronics9091533
PublicationCentury 2000
PublicationDate 2020-09-01
PublicationDateYYYYMMDD 2020-09-01
PublicationDate_xml – month: 09
  year: 2020
  text: 2020-09-01
  day: 01
PublicationDecade 2020
PublicationPlace Basel
PublicationPlace_xml – name: Basel
PublicationTitle Electronics (Basel)
PublicationYear 2020
Publisher MDPI AG
Publisher_xml – name: MDPI AG
References Mukherjee (ref_12) 2012; 4
Shone (ref_15) 2018; 2
ref_13
ref_35
ref_34
ref_10
ref_32
ref_31
ref_30
Ha (ref_28) 2016; 109
ref_19
AlEroud (ref_20) 2017; 80
ref_18
ref_17
ref_16
Kreutz (ref_5) 2015; 103
Ibrahim (ref_11) 2013; 8
ref_25
Natarajan (ref_6) 2016; 18
ref_23
Yin (ref_14) 2017; 5
ref_22
ref_21
Shiravi (ref_33) 2012; 31
ref_1
ref_29
ref_27
ref_26
ref_9
ref_8
Giotis (ref_24) 2014; 62
Jain (ref_3) 2013; 43
McKeown (ref_2) 2008; 38
ref_4
ref_7
References_xml – ident: ref_9
– ident: ref_30
– ident: ref_27
  doi: 10.15439/2014F175
– volume: 109
  start-page: 172
  year: 2016
  ident: ref_28
  article-title: Suspicious traffic sampling for intrusion detection in software-defined networks
  publication-title: Comput. Netw.
  doi: 10.1016/j.comnet.2016.05.019
  contributor:
    fullname: Ha
– ident: ref_32
– ident: ref_19
  doi: 10.1109/NTMS.2011.5720582
– ident: ref_34
– ident: ref_10
  doi: 10.1109/CISDA.2009.5356528
– volume: 18
  start-page: 623
  year: 2016
  ident: ref_6
  article-title: A survey of security in software defined networks
  publication-title: IEEE Commun. Surv. Tutor.
  doi: 10.1109/COMST.2015.2453114
  contributor:
    fullname: Natarajan
– volume: 80
  start-page: 152
  year: 2017
  ident: ref_20
  article-title: Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach
  publication-title: J. Netw. Comput. Appl.
  doi: 10.1016/j.jnca.2016.12.024
  contributor:
    fullname: AlEroud
– ident: ref_22
  doi: 10.1109/ICCNC.2015.7069319
– volume: 38
  start-page: 69
  year: 2008
  ident: ref_2
  article-title: OpenFlow: Enabling innovation in campus networks
  publication-title: ACM SIGCOMM Comput. Commun. Rev.
  doi: 10.1145/1355734.1355746
  contributor:
    fullname: McKeown
– volume: 43
  start-page: 3
  year: 2013
  ident: ref_3
  article-title: B4: Experience with a globally-deployed software defined WAN
  publication-title: ACM SIGCOMM Comput. Commun. Rev.
  doi: 10.1145/2534169.2486019
  contributor:
    fullname: Jain
– ident: ref_1
– ident: ref_35
– volume: 62
  start-page: 122
  year: 2014
  ident: ref_24
  article-title: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments
  publication-title: Comput. Netw.
  doi: 10.1016/j.bjp.2013.10.014
  contributor:
    fullname: Giotis
– ident: ref_7
  doi: 10.1109/SP.2010.25
– ident: ref_26
  doi: 10.14722/ndss.2015.23064
– volume: 8
  start-page: 107
  year: 2013
  ident: ref_11
  article-title: A comparison study for intrusion database (Kdd99, Nsl-Kdd) based on self organization map (SOM) artificial neural network
  publication-title: J. Eng. Sci. Technol.
  contributor:
    fullname: Ibrahim
– ident: ref_18
  doi: 10.1109/ICoAC.2014.7229711
– volume: 103
  start-page: 14
  year: 2015
  ident: ref_5
  article-title: Software-defined networking: A comprehensive survey
  publication-title: Proc. IEEE
  doi: 10.1109/JPROC.2014.2371999
  contributor:
    fullname: Kreutz
– ident: ref_13
  doi: 10.4108/eai.3-12-2015.2262516
– ident: ref_17
  doi: 10.1109/CCE.2016.7562606
– ident: ref_4
  doi: 10.1145/2491185.2491199
– ident: ref_21
  doi: 10.1109/CINTI.2014.7028696
– ident: ref_31
– volume: 4
  start-page: 119
  year: 2012
  ident: ref_12
  article-title: Intrusion detection using naive Bayes classifier with feature reduction
  publication-title: Procedia Technol.
  doi: 10.1016/j.protcy.2012.05.017
  contributor:
    fullname: Mukherjee
– volume: 5
  start-page: 21954
  year: 2017
  ident: ref_14
  article-title: A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2017.2762418
  contributor:
    fullname: Yin
– volume: 2
  start-page: 41
  year: 2018
  ident: ref_15
  article-title: A deep learning approach to network intrusion detection
  publication-title: IEEE Trans. Emerg. Top. Comput. Intell.
  doi: 10.1109/TETCI.2017.2772792
  contributor:
    fullname: Shone
– ident: ref_16
  doi: 10.1109/LCN.2010.5735752
– ident: ref_8
  doi: 10.1109/WINCOM.2016.7777224
– volume: 31
  start-page: 357
  year: 2012
  ident: ref_33
  article-title: Toward developing a systematic approach to generate benchmark datasets for intrusion detection
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2011.12.012
  contributor:
    fullname: Shiravi
– ident: ref_23
  doi: 10.1109/ATC.2015.7388340
– ident: ref_25
  doi: 10.1007/978-3-642-23644-0_9
– ident: ref_29
  doi: 10.3115/v1/D14-1179
SSID ssj0000913830
Score 2.4495163
Snippet Software Defined Networking (SDN) is developing as a new solution for the development and innovation of the Internet. SDN is expected to be the ideal future...
SourceID proquest
crossref
SourceType Aggregation Database
StartPage 1533
SubjectTerms Accuracy
Algorithms
Anomalies
Artificial neural networks
Communication channels
Computer architecture
Controllers
Cybersecurity
Datasets
Deep learning
Denial of service attacks
False alarms
Internet
Intrusion detection systems
Machine learning
Network latency
Neural networks
Performance evaluation
Recurrent neural networks
Resource utilization
Software
Software-defined networking
Support vector machines
Title DeepIDS: Deep Learning Approach for Intrusion Detection in Software Defined Networking
URI https://www.proquest.com/docview/2599075610
Volume 9
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfR1NT8IwtFG46MH4GVEkPXgzDdvass2LQQHBBGJEDLeln8bLQCHx5m_3dSsiMTHZYWu7Ht7L-_5C6DJoKcl4KEjItCUs5hERVgQk5bIVxLHSoggXDEet_oQ9TPnUO9wWPq1yxRMLRq1nyvnIm6Cmgx3npP3N_J24qVEuuupHaGyjahQyF6at3nZHj08_XhbX9TKhQVktQ8G-b66nyyxS2OWUbkqkTYZcSJnePtrz6iFul_g8QFsmP0S7v5oGHqGXjjHzQWd8jd0L9g1SX3HbdwfHoIbiQe6KKQDmcGhZZFvl-C3HY2C6n-LDwKqFGzUelVng8P8xmvS6z3d94qcjEAVksyRcUwHkGXHJXROZILVg3WkjJHUzoiS1TKu0pSKhXTGstBQsRWspp5oamoaKnqBKPsvNKcKJTVKVKGHhYToWUqdwKoQ7FbOhkTV0tYJQNi-bYGRgPDh4Zn_hWUP1FRAzTxCLbI2-s_-3z9FO5EzaIo2rjioALXMBcn8pG2g76d03PIrha_jV_QYIE7Mb
link.rule.ids 315,786,790,12792,21416,27955,27956,33406,33777,43633,43838,74390,74657
linkProvider ProQuest
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV07T8MwELagDMCAeIpCAQ9syGoS23mwoAooLbRd2qJukZ-IJS20En-fc-JSKiSkDFHseLjzPb7z-Q6h6yBWkvFQkJBpS1jCIyKsCEjGZRwkidKiPC7oD-LOmD1P-MQH3OY-rXKpE0tFrafKxcib4KYDjnPW_m72QVzXKHe66ltobKItRmPq9nnafvqJsbialykNqrsyFNB9c9VbZp7BKKd03R6tq-PSxrT30Z53DnGr4uYB2jDFIdr9VTLwCL0-GDPrPgxvsXvBvjzqG2752uAYnFDcLdxVCqA4TFqUuVYFfi_wEFTul_g08NXCihoPqhxw-P8YjduPo_sO8b0RiAKhWRCuqQDhjLjkroRMkFnAdtoISV2HKEkt0yqLVSS0uworLQWcaC3lVFNDs1DRE1QrpoU5RTi1aaZSJSw8TCdC6gxmhbCmYjY0so5ulhTKZ1UJjBygg6Nn_peeddRYEjH34jDPV8w7-3_4Cm13Rv1e3usOXs7RTuTAbZnQ1UA1oJy5AA9gIS9LNn8DIBWyiw
linkToPdf http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3LS8MwGA86QfQgPnE6NQdvEtY2Tdt4keGsm48hzMluJU_x0k038N_3S5s5RRB6KP3SHH4f3yv5HgidB4mSMQsFCWNtSZyyiAgrAsKZTII0VVpU1wWPg6Q3iu_GbOzzn2Y-rXKhEytFrSfKnZG3wU2HOM5Z-7b1aRFP3fxq-k7cBCl30-rHaayiNedkuzEOWX77fd7i-l9mNKjrZijQ28s5MzMOVEbpb9v0WzVX9ibfRlveUcSdmrM7aMWUu2jzR_vAPfTSNWba7w4vsXvBvlXqK-74PuEYHFLcL11ZBaAPi-ZV3lWJ30o8BPX7KT4MfLWwo8aDOh8c_t9Ho_zm-bpH_JwEokCA5oRpKkBQIyaZaycTcAtxnjZCUjctSlIba8UTFQntymKlpRAzWksZ1dRQHip6gBrlpDSHCGc24ypTwsIT61RIzWFVCHuq2IZGNtHFAqFiWrfDKCCMcHgWf_FsotYCxMKLxqxYMvLof_IZWgcOFw_9wf0x2ohcnFvldrVQA4AzJ-AMzOVpxeUvEqK2wA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=DeepIDS%3A+Deep+Learning+Approach+for+Intrusion+Detection+in+Software+Defined+Networking&rft.jtitle=Electronics+%28Basel%29&rft.au=Tang%2C+Tuan+Anh&rft.au=Mhamdi%2C+Lotfi&rft.au=McLernon%2C+Des&rft.au=Zaidi%2C+Syed+Ali+Raza&rft.date=2020-09-01&rft.issn=2079-9292&rft.eissn=2079-9292&rft.volume=9&rft.issue=9&rft.spage=1533&rft_id=info:doi/10.3390%2Felectronics9091533&rft.externalDBID=n%2Fa&rft.externalDocID=10_3390_electronics9091533
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2079-9292&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2079-9292&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2079-9292&client=summon