An Efficient Flow-based Multi-level Hybrid Intrusion Detection System for Software-Defined Networks

TL;DR

This paper introduces a multi-level hybrid intrusion detection system for SDN that combines various machine learning techniques to improve accuracy, achieving 84.29% on the NSL-KDD dataset.

Contribution

It proposes a novel 5-level hybrid classification framework utilizing kNN, ELM, and H-ELM for SDN intrusion detection, enhancing detection accuracy.

Findings

Achieved 84.29% accuracy on NSL-KDD dataset.

Outperformed traditional supervised machine learning algorithms.

Demonstrated efficiency in SDN intrusion detection.

Abstract

Software-Defined Networking (SDN) is a novel networking paradigm that provides enhanced programming abilities, which can be used to solve traditional security challenges on the basis of more efficient approaches. The most important element in the SDN paradigm is the controller, which is responsible for managing the flows of each correspondence forwarding element (switch or router). Flow statistics provided by the controller are considered to be useful information that can be used to develop a network-based intrusion detection system. Therefore, in this paper, we propose a 5-level hybrid classification system based on flow statistics in order to attain an improvement in the overall accuracy of the system. For the first level, we employ the k-Nearest Neighbor approach (kNN); for the second level, we use the Extreme Learning Machine (ELM); and for the remaining levels, we utilize the Hierarchical Extreme Learning Machine (H-ELM) approach. In comparison with conventional supervised machine learning algorithms based on the NSL-KDD benchmark dataset, the experimental study showed that our system achieves the highest level of accuracy (84.29%). Therefore, our approach presents an efficient approach for intrusion detection in SDNs.