Two-level intrusion detection system in SDN using machine learning

Abstract

Software Defined Networking (SDN), the new paradigm in network architecture is changing how we design, manage, and operate an entire network, making networks more agile, flexible, and scalable. Such admirable features arise from the design factor that, in SDN, the control plane is decoupled from the data plane and instead resides on a centralized controller that has complete knowledge of the network. As SDN continues to flourish, security in this realm remains a critical issue. An effective intrusion detection system (IDS), which can monitor real-time traffic, detect and also identify the class of attack would greatly help in combating this problem. This work aims to heighten the security of SDN environments by building an IDS using the principles of machine learning and genetic algorithms. The proposed IDS is divided into two stages, the former to detect the attacks and the latter to categorize them. These stages reside in the switches and the controller of the network respectively. This approach reduces the dependency and the load on the controller, as well as providing a high attack detection rate.