Now showing 1 - 1 of 1
Thumbnail Image

Effective Deep Learning Based Methods for the Anomaly Detection in Software-Defined Networks

2022, Abdallah, Mahmoud Said ElSayed, 0000-0003-2416-7481

In the traditional IP networks, the functionality of decision making processes known as control plane and the forwarding of network traffic (data plane) are implemented within the network devices (e.g. routers or switches). The network operators configure traffic policies (e.g. routing, switching, quality of service) on each device independently. However, the aforementioned architecture increases the operational costs and makes it challenging to adapt and maintain the network configurations security on-demand. Hence, Software-defined Networks (SDN) is an emerging networking paradigm, which has the characteristics to allow more flexibility in network management. SDN accelerates network innovation by centralising the control and visibility across the network (i.e. set policies and prioritise traffic through a centralised controller). However, security has become a serious concern which impedes the widespread adoption of SDN. The new network architecture introduces new potential attack surfaces that did not exist before or are harder to exploit. One of the most common and serious types of attacks is Distributed Denial of Service (DDoS) attack, which can prevent normal users from access their network services. ~If the attacker successfully floods the SDN controller with a massive number of requests, the entire network turns into a ‘body with no brain’. Therefore, detecting these attacks is considered one of the most essential topics for the anomaly detection community. Intrusion detection systems (IDSs) are the standard security solutions to protect the network from malicious activities. Recently, several Machine Learning (ML) approaches have been proposed to provide a framework for securing SDN networks from intrusion attacks. However, the current work that applied ML for intrusion detection depends heavily on feature engineering to choose the right feature set. The evolving nature of network attacks and the rapid change of the attacker techniques makes these methods not suitable for attack detection in real-time. Since learning the complex relationships among different features requires prior knowledge from experts, and thus it is problematic and susceptible to lag. Besides the aforementioned limitations, one of the main challenges in deployment of detection mechanisms is the lack of realistic datasets for SDN networks. Most of the research community uses intrusion detection datasets, which are generated for IP traditional networks. The objective of this research dissertation is to develop an efficient and effective intrusion detection technique using Deep Learning (DL) algorithms to detect malicious activities in the SDN architecture. Firstly, we solved the lack availability of intrusion detection datasets by producing a new specific dataset for SDNs. The dataset contains the new attacks, which are generated as a result of separating the control plane from the data plane. Secondly, we developed a new detection approach based on DL techniques (DDoSNet) to solve the problem of DDoS attacks in SDN networks. The proposed approach has combined the autoencoder with the long short term memory (LSTM) algorithm to improve the detection rate of the DL approaches. Thirdly, we develop a new detection method by using the convolutional neural network (CNN) to reduce the weight explosion of the traditional neural networks. A new regularisation technique based on standard deviation has been deployed to avoid the overfitting problem and enhance the model performance for unknown attacks. The experimental results show that the developed approach has the capability to detect the known and new attacks as well with high performance rate. Finally, we produce a new DL method based on semi-supervised learning to tackle the problem of unlabeled and unbalanced datasets for network traffic. The obtained results for all experiments approved the potential of DL algorithms in anomaly detection techniques.