A Distributed Attack Detection System for SDN Using Stack of Classifiers

A Distributed Attack Detection System for SDN Using Stack of Classifiers

  IJETT-book-cover           
  
© 2023 by IJETT Journal
Volume-71 Issue-3
Year of Publication : 2023
Author : Ravindra Kumar Chouhan, Mithilesh Atulkar, Naresh Kumar Nagwani
DOI : 10.14445/22315381/IJETT-V71I3P210

How to Cite?

Ravindra Kumar Chouhan, Mithilesh Atulkar, Naresh Kumar Nagwani, "A Distributed Attack Detection System for SDN Using Stack of Classifiers," International Journal of Engineering Trends and Technology, vol. 71, no. 3, pp. 81-90, 2023. Crossref, https://doi.org/10.14445/22315381/IJETT-V71I3P210

Abstract
For the last few years, the Software Defined Network (SDN) architecture has grown in popularity in industries and academia due to its advantages over traditional networks. Because of its emergence, it has attracted many attackers who interfere with the network's normal operation. To defend against such attacks, the SDN controller centrally monitors all network activities and then takes appropriate action. This task consumes the majority of the controller's resources, resulting in controller performance degradation. To address this problem, this paper proposes an architecture in which data plane resources are used for intrusion detection, freeing up the controller for other network-related tasks. In the switch of the data plane, a stack of classifiers composed of Random Forest (RF) and K-Nearest Neighbour (KNN) at level 0 and Logistic Regression (LR) at level 1 is used. Also, to fasten the attack detection process, the appropriate features have been selected using Pearson's Correlation Coefficient and mutual information of the features. The UNSW-NB15 dataset has been used to demonstrate this architecture's performance. The performance has been measured under the metrics Precision, Accuracy, F1 value, Recall, Prediction Time, and Cohen's Kappa Coefficient. In terms of recall, accuracy, CKC, and feature count, the classifier stack surpasses the individual classifiers. Its performance is slightly inferior to that of other classifiers under precision, F1, and prediction time, but the difference is manageable when other parameters are considered. Hence, the stack of the classifier is selected for deployment in the data plane devices.

Keywords
Intrusion Detection System (IDS), KNN, Machine Learning, OpenFlow, Random Forest, Software Defined Network (SDN), Stack of Classifiers.

References
[1] Huseyin Polat, Onur Polat, and Aydin Cetin, “Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models,” Sustainability, vol. 12, no. 3, 2020. Google Scholar | CrossRef | Publisher Link
[2] Jian Su et al., “Redundant Rule Detection for Software-Defined Networking,” KSII Transactions on Internet and Information Systems, vol. 14, no. 6, pp. 2735–2751, 2020. Google Scholar | CrossRef | Publisher Link
[3] Safaa Mahrach, and Abdelkrim Haqiq, “DDoS Flooding Attack Mitigation in Software Defined Networks,” International Journal of Advanced Computer Science and Applications, vol. 11, no. 1, 2020. Google Scholar | CrossRef | Publisher Link
[4] Lusani Mamushiane, Albert Lysko, and Sabelo Dlamini, “A Comparative Evaluation of the Performance of Popular SDN Controllers,” Wireless Days (WD), pp. 54–59, 2018. Google Scholar | CrossRef | Publisher Link
[5] Ansam Khraisat et al., “Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges,” Cybersecurity, vol. 2, no. 1, 2019. Google Scholar | CrossRef | Publisher Link
[6] Smitha Rajagopal, Poornima Panduranga Kundapur, and Katiganere Siddaramappa Hareesha, “A Stacking Ensemble for Network Intrusion Detection Using Heterogeneous Datasets,” Security and Communication Networks, vol. 2020, 2020. Google Scholar | CrossRef | Publisher Link
[7] Shanshan Yu et al., “A Cooperative DDoS Attack Detection Scheme Based on Entropy and Ensemble Learning in SDN,” EURASIP Journal on Wireless Communications and Networking, vol. 2021, 2021. Google Scholar | CrossRef | Publisher Link
[8] R. Sanjeetha et al., “Mitigation of Controller Induced DDoS Attack on Primary Server in High Traffic Scenarios of Software Defined Networks,” International Symposium on Advanced Networks and Telecommunication Systems (ANTS), pp. 1-6, 2018. Google Scholar | CrossRef | Publisher Link
[9] Jin Ye et al., “A DDoS Attack Detection Method Based on SVM in Software Defined Network,” Security and Communication Networks, vol. 2018, 2018. Google Scholar | CrossRef | Publisher Link
[10] Yehuda Afek, Anat Bremler-Barr, and Lior Shafir, “Network Anti-Spoofing with SDN Data Plane,” IEEE INFOCOM 2017 - IEEE Conference on Computer Communications, 2017. Google Scholar | CrossRef | Publisher Link
[11] Liang Tan et al., “A New Framework for DDoS Attack Detection and Defense in SDN Environment,” IEEE Access, vol. 8, pp. 161908–161919, 2020. Google Scholar | CrossRef | Publisher Link
[12] Kubra Kalkan et al., “JESS: Joint Entropy-Based DDoS Defense Scheme in SDN,” IEEE Journal on Selected Areas in Communications, vol. 36, no. 10, pp. 2358–2372, 2018. Google Scholar | CrossRef | Publisher Link
[13] Prashant Kumar et al., “SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN,” IEEE Transactions on Network and Service Management, vol. 15, no. 4, pp. 1545–1559, 2018. Google Scholar | CrossRef | Publisher Link
[14] Kshira Sagar Sahoo et al., “An Evolutionary SVM Model for DDOS Attack Detection in Software Defined Networks,” IEEE Access, vol. 8, pp. 132502–132513, 2020. Google Scholar | CrossRef | Publisher Link
[15] Nidhi Dandotiya, Abhinandan Singh Dandotiya, and Shashikant Gupta, “Impact of Software Defined Networking for Wireless Sensor Networks,” SSRG International Journal of Computer Science and Engineering, vol. 6, no. 4, pp. 6-10, 2019.
CrossRef | Publisher Link
[16] Sapna Singh Kshatri et al., “An Empirical Analysis of Machine Learning Algorithms for Crime Prediction Using Stacked Generalization: An Ensemble Approach,” IEEE Access, vol. 9, pp. 67488–67500, 2021. Google Scholar | CrossRef | Publisher Link
[17] Mohammed Al-Sarem et al., “An Optimized Stacking Ensemble Model for Phishing Websites Detection,” Electronics, vol. 10, no. 11, 2021. Google Scholar | CrossRef | Publisher Link
[18] Mwamba Kasongo Dahouda, and Inwhee Joe, “A Deep-Learned Embedding Technique for Categorical Features Encoding,” IEEE Access, vol. 9, pp. 114381–114391, 2021. Google Scholar | CrossRef | Publisher Link
[19] Gautam Srivastava et al., “An Ensemble Model for Intrusion Detection in the Internet of Softwarized Things,” ACM International Conference Proceeding Series, pp. 25–30, 2021. Google Scholar | CrossRef | Publisher Link
[20] Shi Dong, and Mudar Sarem, “DDoS Attack Detection Method Based on Improved KNN with the Degree of DDoS Attack in Software-Defined Networks,” IEEE Access, vol. 8, pp. 5039–5048, 2020. Google Scholar | CrossRef | Publisher Link
[21] Mamta Punjabi, and Gend Lal Prajapati, “Lazy Learner and PCA: An Evolutionary Approach,” 2017 Computing Conference, pp. 312–316, 2017. Google Scholar | CrossRef | Publisher Link
[22] Anupama Mishra et al., “Classification Based Machine Learning for Detection of DDoS Attack in Cloud Computing,” IEEE International Conference on Consumer Electronics, 2021. Google Scholar | CrossRef | Publisher Link
[23] Sangeetha M.V, and Bhavithra J, “Applying Packet Score Technique in SDN for DDoS Attack Detection,” SSRG International Journal of Computer Science and Engineering, vol. 5, no. 6, pp. 20-24, 2018.
CrossRef | Publisher Link
[24] S. R. Khonde, and V. Ulagamuthalvi, “Ensemble and Feature Selection-Based Intrusion Detection System for Multi-Attack Environment,” 2020 5th International Conference on Computing, Communication and Security (ICCCS), 2020. Google Scholar | CrossRef | Publisher Link
[25] Rifkie Primartha, and Bayu Adhi Tama, “Anomaly Detection Using Random Forest: A Performance Revisited,” Proceedings of 2017 International Conference on Data and Software Engineering, ICoDSE, pp. 1–6, 2017. Google Scholar | CrossRef | Publisher Link
[26] Abdulhamit Subasi, Practical Machine Learning for Data Analysis Using Python, 2020. Google Scholar | Publisher Link
[27] Nour Moustafa, and Jill Slay, “UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 Network Data Set),” 2015 Military Communications and Information Systems Conference (MilCIS) pp. 1-6, 2015. Google Scholar | CrossRef | Publisher Link
[28] Salma Elhag et al., “A Multi-Objective Evolutionary Fuzzy System to Obtain A Broad and Accurate Set of Solutions in Intrusion Detection Systems,” Soft Computing, vol. 23, pp. 1321–1336, 2019. Google Scholar | CrossRef | Publisher Link
[29] Samson Ho et al., “A Novel Intrusion Detection Model for Detecting Known and Innovative Cyberattacks Using Convolutional Neural Network,” IEEE Open Journal of the Computer Society, vol. 2, pp. 14–25, 2021. Google Scholar | CrossRef | Publisher Link
[30] Yang Wang et al., “SGS: Safe-Guard Scheme for Protecting Control Plane against DDoS Attacks in Software-Defined Networking,” IEEE Access, vol. 7, pp. 34699–34710, 2019. Google Scholar | CrossRef | Publisher Link
[31] Diyana Tehrany Dehkordy, and Abbas Rasoolzadegan, “DroidTKM: Detection of Trojan Families Using the KNN Classifier Based on Manhattan Distance Metric,” 2020 10th International Conference on Computer and Knowledge Engineering, ICCKE, pp. 136–141, 2020. Google Scholar | CrossRef | Publisher Link