Flow-Based Ensemble Learning for Intrusion Detection in Software-Defined Networks

Abstract

We propose a machine learning-based intrusion detection system for SDN, considering the special vulnerability of the centralized control plane. It is trained on a publicly available dataset for SDN network traffic, which includes flow attributes such as the number of packets, the number of bytes, the flow duration, and the packet rate. To ensure the robustness of the learning process, the dataset is subjected to preprocessing techniques such as class balancing using SMOTE, feature scaling, and cross-validation. The proposed IDS model employs supervised learning techniques such as Random Forest, XGBoost, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Multi-Layer Perceptron (MLP) for the detection of intrusions. Among these, ensemble-based models such as Random Forest and XGBoost show promising results, with an accuracy of 99% for the detection of intrusions in SDNs. All the models show high precision and recall, with XGBoost being the best choice in terms of performance and efficiency. From the experimental results, it is clear that the proposed model for intrusion detection in SDNs is effective, scalable, and viable for the security of the SDN infrastructure without compromising the performance of the network, thus making it suitable for real-time applications.We propose a machine learning-based intrusion detection system for SDN, considering the special vulnerability of the centralized control plane. It is trained on a publicly available dataset for SDN network traffic, which includes flow attributes such as the number of packets, the number of bytes, the flow duration, and the packet rate. To ensure the robustness of the learning process, the dataset is subjected to preprocessing techniques such as class balancing using SMOTE, feature scaling, and cross-validation. The proposed IDS model employs supervised learning techniques such as Random Forest, XGBoost, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Multi-Layer Perceptron (MLP) for the detection of intrusions. Among these, ensemble-based models such as Random Forest and XGBoost show promising results, with an accuracy of 99% for the detection of intrusions in SDNs. All the models show high precision and recall, with XGBoost being the best choice in terms of performance and efficiency. From the experimental results, it is clear that the proposed model for intrusion detection in SDNs is effective, scalable, and viable for the security of the SDN infrastructure without compromising the performance of the network, thus making it suitable for real-time applications.