Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction
Abstract
:1. Introduction
- First, we conducted a comprehensive review on ML/DL-based network intrusion detection systems;
- Second, we reviewed each study on SDN-based NID systems using ML and DL algorithms;
- We also explored recent advancements and trends in ML/DL approaches for NIDS, followed by the NIDS system leveraging SDN using ML/DL approaches, and research issues in NID systems using ML/DL approaches.
2. Background
2.1. General Architecture of SDN
2.1.1. Data Plane
2.1.2. Control Plane
2.1.3. Southbound Interface
2.1.4. The Northbound Interface
2.1.5. Westbound/Eastbound Interfaces
2.2. Network Intrusion Detection System
- Incoming network traffic analyzed by the system known as NIDS.
- Important files of the operating system are monitored by the system and defined as “Host-based intrusion detection systems (HIDS)”.
- The aforementioned classifications of IDS are further classified. Signature and anomaly detection are the basis of commonly used variants [25].
2.2.1. Signature-Based Detection
2.2.2. Anomaly-Based Detection
Target Plane | Threat | Reason |
---|---|---|
Control plane | Controller hijacking | Due to malicious application vulnerability leverage in NBI |
Application plane | Threats from applications | Lack of authorization and authentication |
Control plane | Spoofing | Due to absence of switch and TLS authentication consistency or compromised verification checks in flow rules. |
Control plane | MITM attack between controller and switches | Without TLS security, the communication channel is not secured |
Data plane | Fingerprinting SDN networks | Difference in time to process packets between SDN and traditional network |
Control plane | Denial of service attack to saturate flow table | Centralized controllers |
Data plane | Information disclosure | Flow tables limitation |
Data plane | Tampering attack using fraud flow rules | Difference in time to process packets, which reveals information about the content of flow |
Data plane | ICMP attacks, DoS attacks, sequence prediction attack, reset attack, and SYN attacks | Inheritance of TCP level attacks from traditional networks |
Data plane | Cache poisoning attack against the controller state and flow table | Inserting forged packets |
Data plane | Freeloading | Spoofing IP/MAC address to one of the hosts of an already established communication link. |
3. Machine Learning and Deep Learning in NIDS
3.1. Supervised Learning
3.1.1. Random Forest
3.1.2. Support Vector Machine
3.1.3. k-Nearest Neighbor
3.2. Unsupervised Learning
3.2.1. Self-Organizing Map
3.2.2. k-Means
3.3. Semi-Supervised Learning
3.4. Reinforcement Learning
3.4.1. Deep Reinforcement Learning
3.4.2. RL-Based Game Theory
3.5. Deep Learning in NID
3.5.1. DNN
3.5.2. FFDNN
3.5.3. RNN
3.5.4. Convolutional Neural Network
3.5.5. Restricted Boltzmann Machine (RBM)
3.5.6. Deep Belief Network
3.5.7. Deep Autoencoder
4. ML- and DL-Based IDS in SDN
4.1. Machine Learning-Based IDS in SDN
- (a)
- Data Plane
- (b) Control Plane
- (c) Application Plane
4.1.1. DoS, U2R, Probe, and R2L
4.1.2. DDoS Attacks
4.1.3. Comparison of Various Approaches in SDN
Reference | Method of Detection | Dataset Used | Detected Attack | Feature Selection |
---|---|---|---|---|
[122] | RBM | KDD-Cup 1999 | General anomaly | 41 features |
[114] | Random forest | KDD99 | DoS, R2L, U2R, and Probe | 10 feature sets |
[125] | SVM | NSL-KDD | DOS | 25 used from 41 features |
[126] | k-means | Simulation-based | UDP flood and TCP flood | Packet count, duration, and byte count |
4.2. Deep Learning-Based IDS in SDN
4.2.1. DDoS Attack Detection Using DL Algorithms
4.2.2. Anomaly Detection Using DL Algorithms
4.2.3. Specific Circumstances of Network
Paper | Objective | Controller Used | Method | Comparison |
---|---|---|---|---|
[1] | Lightweight DDoS Flooding Attack | OpenFlow Controller | Used SOM with artificial neural network | It could efficiently detect DDoS attack but there were no flow rules installed for detection |
[150] | Anomaly Detection | SDN Controller | Used DL approach for detection of flow-based anomaly | Did not have any alternative solutions for signature-based intrusion detection system |
[144] | DDoS Attack Detection | OpenFlow Controller (NOX) | Used deep auto-encoder approach for feature reduction | For vast networks, there is a controller bottleneck |
[146] | Intrusion Detection | OpenFlow Controller | Used learning vector quantization and SOM | Cannot efficiently detect U2R attack |
[148] | Intrusion Detection | SDN Controller | Used DL with generative adversarial networks | It is very efficient and cost effective in intrusion detection |
[147] | Anomaly Detection | NOX and OpenFlow Compliant Switches | Used four anomaly algorithms: TRW-CB algorithm, NETAD, maximum entropy detector, and rate limiting | Able to detect anomalies in SOHO network and have standardized programmability |
[154] | Anomaly Detection | SDN Controller | DL-based RBM and gradient descent-based SVM anomaly detection for suspicious flow detection | Effective data delivery is realized using multi-objective flow routing scheme based on SDN |
[155] | DDoS Attack Detection | SDN Controller | Generative adversarial network-based adversarial training in SDN | Able to continuously monitor network traffic using IP flow analysis and enable anomaly detection in near real-time, used dataset was CICDoS2019 |
5. Discussion
6. Research Challenges
- The accuracy ratio of DL approaches is higher compared with ML approaches for intrusion detection. Unfortunately, accuracy comes at the expense of the time complexity issue due to the complex operations involved. For detecting an attack in real time, extensive research is required on DL approaches [155].
- Selecting an appropriate method for the selection of features is a predominant challenge by which redundancy between selected features and significance of features to the task of NID can be precisely determined. Therefore, improvement in computational realism and evaluation of the optimum no. of model parameters is a huge challenge for both ML and DL techniques [2].
- Appropriate methodologies for assessment and metrics is absent, and comparison of alternative techniques and evaluation of IDS is not possible due to the absence of a general framework. Deep analysis was conducted later, as this issue was very significant.
- For academic research, the accuracy of the existing dataset of intrusion detection is not suitable for prediction of research, as proper data classification is required by them. Synthetic datasets are used by network researchers for detection of intrusions in the network due to the lack of more accurate and realistic datasets. Datasets used for intrusion detection systems, e.g., NSL-KDD and KDD99, are outdated. KDD Cup 1999 is the most common dataset used to evaluate intrusion detection; NSL-KDD, which is the modified form of this dataset is used in IDS systems. It is very important to evaluate systems of network intrusion accurately and consistently by creating datasets [165]. New sets of data CSE-CIC-2018 are available for testing and evaluating intrusion detection; however, more research is required on these datasets.
- It was reported in [166] that attacks can easily affect most systems of intrusion detection, as their dependence power is poor. Descriptions of how IDS is eluded by different mechanisms is given in the literature [167]; the technology of intrusion detection needs to be improved in this aspect. Similarly, DDoS attack in SDN enabled cloud computing environment is also an active research area as discussed in [168].
- One of the most fundamental challenges from NIDS based on SDN is the efficient handling of packet processing flows because the implementation of NIDS using different approaches of ML and DL is significantly affected by this challenge with its high volumes of data.
- Different attacks (e.g., DDoS) may affect the software-defined network. In SDN, some basic potential vectors of threat include attacks on the control plane, forged traffic flows, and susceptibilities in switches. Devastating impact can be caused by all of these attacks on the overall network [6]. Thus, improvement in the security of SDN is required.
- For large networks, a performance bottleneck could be faced by controllers of the network applying SDN because of the large amounts of data (incoming and forwarding). Another big research challenge is to reduce this performance bottleneck of the controller, so that NIDS can be implemented [169].
- Usually, high data rates cause high costs and low throughput by which current wide-band transmission technologies can be characterized [155]. Optimization of intrusion detection is related to techniques of grid and paradigms of distributed detection.
7. Conclusions and Future Work
Author Contributions
Funding
Conflicts of Interest
Abbreviations
Notations | Descriptions |
AI | Artificial Intelligence |
AP | Application Plane |
API | Application Programming Interface |
BMU | Best Matching Unit |
CP | Control Plane |
CNN | Convolutional Neural Network |
CPS | Cyber-Physical Systems |
DA | Deep Autoencoder |
DL, TLS | Deep Learning, Transport Layer Security |
DP | Data Plane |
DBN | Deep Belief Network |
DNN | Deep Neural Networks |
DRL | Deep Reinforcement Learning |
DoS | Denial of Service |
DDoS | Distributed Denial of Service |
ELM | Extreme Learning Machine |
FFDNN | Feature Fusion Depth Neural Network |
GPUs | Graphics Processor Units |
HIDS | Host-based Intrusion Detection Systems |
H-ELM | Hierarchical Extreme Learning Machine |
IoT | Internet of Things |
k-NN | k-Nearest Neighbors |
LSTM | Long Short-Term Memory |
ML | Machine Learning |
NBI | North Bound Interface |
NIDS | Network Intrusion Detection Systems |
PCA | Principle Component Analysis |
RF | Random Forest |
RL | Reinforcement Learning |
RT | Random Tree |
RBF | Radial Based Function |
RBM | Restricted Boltzmann Machine |
RNN | Recurrent Neural Network |
SBI | South Bound Interface |
SDN | Software Defined Network |
SVM | Support Vector Machine |
SOM | Self-Organizing Map |
SCADA | Supervisory Control and Data Acquisition System |
SOHO | Small Office/Home Office |
QoS | Quality of Service |
References
- Mehdi, S.A.; Khalid, J.; Khayam, S.A. Revisiting Traffic Anomaly Detection Using Software Defined Networking. In International Workshop on Recent Advances in Intrusion Detection; Springer: Berlin/Heidelberg, Germany, 2011; pp. 161–180. [Google Scholar]
- Garcia-Teodoro, P.; Diaz-Verdejo, J.; Maciá-Fernández, G.; Vázquez, E. Anomaly-Based Network Intrusion Detection: Techniques, Systems and Challenges. Comput. Secur. 2009, 28, 18–28. [Google Scholar] [CrossRef]
- Ahmed, M.E.; Kim, H.; Park, M. Mitigating DNS Query-Based DDoS Attacks with Machine Learning on Software-Defined Networking. In Proceedings of the MILCOM 2017–2017 IEEE Military Communications Conference (MILCOM), Baltimore, MD, USA, 23–25 October 2017; pp. 11–16. [Google Scholar]
- Dawoud, A.; Shahristani, S.; Raun, C. Deep Learning and Software-Defined Networks: Towards Secure IoT Architecture. Internet Things 2018, 3, 82–89. [Google Scholar] [CrossRef]
- Herrera, A.; Camargo, J.E. A Survey on Machine Learning Applications for Software Defined Network Security. In Proceedings of the International Conference on Applied Cryptography and Network Security, Bogota, Colombia, 5–7 June 2019; Springer: Berlin/Heidelberg, Germany, 2019; pp. 70–93. [Google Scholar]
- Hu, F.; Hao, Q.; Bao, K. A Survey on Software-Defined Network and Openflow: From Concept to Implementation. IEEE Commun. Surv. Tutor. 2014, 16, 2181–2206. [Google Scholar] [CrossRef]
- Sultana, N.; Chilamkurti, N.; Peng, W.; Alhadad, R. Survey on SDN Based Network Intrusion Detection System Using Machine Learning Approaches. Peer-Peer Netw. Appl. 2019, 12, 493–501. [Google Scholar] [CrossRef]
- Hodo, E.; Bellekens, X.; Hamilton, A.; Tachtatzis, C.; Atkinson, R. Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey. arXiv 2017, arXiv:1701.02145. [Google Scholar]
- Tiwari, S.; Pandita, V.; Sharma, S.; Dhande, V.; Bendale, S. Survey on Sdn Based Network Intrusion Detection System Using Machine Learning Framework. IRJET 2019, 6, 1017–1020. [Google Scholar]
- Xie, J.; Richard, Y.F.; Huang, T.; Xie, R.; Liu, J.; Wang, C.; Liu, Y. A Survey of Machine Learning Techniques Applied to Software Defined Networking (SDN): Research Issues and Challenges. IEEE Commun. Surv. Tutor. 2018, 21, 393–430. [Google Scholar] [CrossRef]
- Chalapathy, R.; Chawla, S. Deep Learning for Anomaly Detection: A Survey. arXiv 2019, arXiv:1901.03407. [Google Scholar]
- Aldweesh, A.; Derhab, A.; Emam, A.Z. Deep Learning Approaches for Anomaly-Based Intrusion Detection Systems: A Survey, Taxonomy, and Open Issues. Knowl.-Based Syst. 2020, 189, 105124. [Google Scholar] [CrossRef]
- Ahmad, Z.; Khan, S.; Shiang, W.; Abdullah, J.; Ahmad, F. Network Intrusion Detection System: A Systematic Study of Machine Learning and Deep Learning Approaches. Trans. Emerg. Telecommun. Technol. 2021, 32, e4150. [Google Scholar] [CrossRef]
- Injadat, M.; Moubayed, A.; Nassif, A.B.; Shami, A. Systematic ensemble model selection approach for educational data mining. Knowl. -Based Syst. 2020, 200, 105992. [Google Scholar] [CrossRef]
- Singh, D.; Ng, B.; Lai, Y.-C.; Lin, Y.-D.; Seah, W.K. Modelling Software-Defined Networking: Software and Hardware Switches. J. Netw. Comput. Appl. 2018, 122, 24–36. [Google Scholar] [CrossRef]
- Krongbaramee, P.; Somchit, Y. Implementation of SDN Stateful Firewall on Data Plane Using Open VSwitch. In Proceedings of the 2018 15th International Joint Conference on Computer Science and Software Engineering (JCSSE), Nakhonpathom, Thailand, 11–13 July 2018; pp. 1–5. [Google Scholar]
- Lockwood, J.W.; McKeown, N.; Watson, G.; Gibb, G.; Hartke, P.; Naous, J.; Raghuraman, R.; Luo, J. NetFPGA–An Open Platform for Gigabit-Rate Network Switching and Routing. In Proceedings of the 2007 IEEE International Conference on Microelectronic Systems Education (MSE’07), San Diego, CA, USA, 3–4 June 2007; pp. 160–161. [Google Scholar]
- Lu, G.; Guo, C.; Li, Y.; Zhou, Z.; Yuan, T.; Wu, H.; Xiong, Y.; Gao, R.; Zhang, Y. ServerSwitch: A Programmable and High Performance Platform for Data Center Networks. In Proceedings of the 8th USENIX Symposium on Networked Systems Design and Implementation (NSDI 11), Boston, MA, USA, 30 March–1 April 2011. [Google Scholar]
- Anwer, M.B.; Motiwala, M.; Tariq, M.B.; Feamster, N. Switchblade: A Platform for Rapid Deployment of Network Protocols on Programmable Hardware. In Proceedings of the ACM SIGCOMM 2010 Conference, New Delhi, India, 30 August–3 September 2010; pp. 183–194. [Google Scholar]
- Medved, J.; Varga, R.; Tkacik, A.; Gray, K. Opendaylight: Towards a Model-Driven Sdn Controller Architecture. In Proceedings of the IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, Sydney, NSW, Australia, 19 June 2014; pp. 1–6. [Google Scholar]
- Itoh, T.; Sakai, M.; Okada, M. Floodlight. Google Patents Application CA 139471, 12 October 2011. [Google Scholar]
- Gude, N.; Koponen, T.; Pettit, J.; Pfaff, B.; Casado, M.; McKeown, N.; Shenker, S. NOX: Towards an Operating System for Networks. ACM SIGCOMM Comput. Commun. Rev. 2008, 38, 105–110. [Google Scholar]
- Tootoonchian, A.; Ganjali, Y. Hyperflow: A Distributed Control Plane for Openflow. In Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, San Jose, CA, USA, 27 April 2010; Volume 3, pp. 10–5555. [Google Scholar]
- Prakash, A.; Priyadarshini, R. An Intelligent Software Defined Network Controller for Preventing Distributed Denial of Service Attack. In Proceedings of the 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, India, 20–21 April 2018; pp. 585–589. [Google Scholar]
- Srivastava, R.; Richhariya, V. Survey of Current Network Intrusion Detection Techniques. J. Inf. Eng. Appl. 2013, 3, 27–33. [Google Scholar]
- Kumari, K.; Prasad, A.; Prasad, K. Dielectric, Impedance/Modulus and Conductivity Studies on [Bi0. 5 (Na1-XKx) 0.5] 0.94 Ba0. 06TiO3, (0.16 ≤ x ≤ 0.20) Lead-Free Ceramics. Am. J. Mater. Sci 2016, 6, 1–18. [Google Scholar]
- Wu, H.; Schwab, S.; Peckham, R.L. Signature Based Network Intrusion Detection System and Method. Google Patents Application US10/092,179, 9 September 2008. [Google Scholar]
- Yulianto, A.; Sukarno, P.; Suwastika, N.A. Improving Adaboost-Based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset. J. Phys. Conf. Ser. 2019, 1192, 012018. [Google Scholar] [CrossRef]
- Liao, H.-J.; Lin, C.-H.R.; Lin, Y.-C.; Tung, K.-Y. Intrusion Detection System: A Comprehensive Review. J. Netw. Comput. Appl. 2013, 36, 16–24. [Google Scholar] [CrossRef]
- Vigna, G.; Kemmerer, R.A. NetSTAT: A Network-Based Intrusion Detection System. J. Comput. Secur. 1999, 7, 37–71. [Google Scholar] [CrossRef] [Green Version]
- Sekar, R.; Guang, Y.; Verma, S.; Shanbhag, T. A High-Performance Network Intrusion Detection System. In Proceedings of the 6th ACM Conference on Computer and Communications Security, Singapore, 1–4 November 1999; pp. 8–17. [Google Scholar]
- Hoque, M.S.; Mukit, M.; Bikas, M.; Naser, A. An Implementation of Intrusion Detection System Using Genetic Algorithm. arXiv 2012, arXiv:1204.1336. [Google Scholar]
- Gales, G. Network Intrusion Detection System and Method. Google Patents Application US12/411,916, 1 May 2003. Available online: https://patents.google.com/patent/US20030084323A1/en (accessed on 7 October 2022).
- Brownlee, J. Supervised and Unsupervised Machine Learning Algorithms. Mach. Learn. Mastery 2016, 16. Available online: https://machinelearningmastery.com/supervised-and-unsupervised-machine-learning-algorithms/ (accessed on 26 August 2022).
- Bonaccorso, G. Machine Learning Algorithms; Packt Publishing Ltd.: Birmingham, UK, 2017. [Google Scholar]
- Zamani, M.; Movahedi, M. Machine Learning Techniques for Intrusion Detection. arXiv 2013, arXiv:1312.2177. [Google Scholar]
- Vishwanathan, S.; Narasimha, M.M. SSVM: A Simple SVM Algorithm. In Proceedings of the Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN’02 (Cat. No.02CH37290); Honolulu, HI, USA, 12–17 May 2002, Volume 3, pp. 2393–2398.
- El Naqa, I.; Murphy, M.J. What Is Machine Learning? Springer: Berlin/Heidelberg, Germany, 2015; pp. 3–11. [Google Scholar]
- Tsai, C.-F.; Hsu, Y.-F.; Lin, C.-Y.; Lin, W.-Y. Intrusion Detection by Machine Learning: A Review. Expert Syst. Appl. 2009, 36, 11994–12000. [Google Scholar] [CrossRef]
- Liaw, A.; Wiener, M. Classification and Regression by RandomForest. R News 2002, 2, 18–22. [Google Scholar]
- Vapnik, V.N.; Vapnik, V. Statistical Learning Theory; Wiley: Hoboken, NJ, USA, 1998. [Google Scholar]
- Yekkehkhany, B.; Safari, A.; Homayouni, S.; Hasanlou, M. A Comparison Study of Different Kernel Functions for SVM-Based Classification of Multi-Temporal Polarimetry SAR Data. Int. Arch. Photogramm. Remote Sens. Spat. Inf. Sci. 2014, 40, 281. [Google Scholar] [CrossRef] [Green Version]
- Bao, J.; Nie, J.; Liu, C.; Jiang, B.; Zhu, F.; He, J. Improved Blind Spectrum Sensing by Covariance Matrix Cholesky Decomposition and RBF-SVM Decision Classification at Low SNRs. IEEE Access 2019, 7, 97117–97129. [Google Scholar] [CrossRef]
- Steinwart, I.; Christmann, A. Support Vector Machines; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2008. [Google Scholar]
- Martínez-Ramón, M.; Christodoulou, C. Support Vector Machines for Antenna Array Processing and Electromagnetics. Synth. Lect. Comput. Electromagn. 2005, 1, 1–120. [Google Scholar]
- Zwane, S.; Tarwireyi, P.; Adigun, M. A Flow-Based IDS for SDN-Enabled Tactical Networks. In Proceedings of the 2019 International Multidisciplinary Information Technology and Engineering Conference (IMITEC), Vanderbijlpark, South Africa, 21–22 November 2019; pp. 1–6. [Google Scholar]
- Eid, H.F.; Darwish, A.; Hassanien, A.E.; Abraham, A. Principle Components Analysis and Support Vector Machine Based Intrusion Detection System. In Proceedings of the 2010 10th International Conference on Intelligent Systems Design and Applications, Cairo, Egypt, 29 November–1 December 2010; pp. 363–367. [Google Scholar]
- Zanero, S.; Savaresi, S.M. Unsupervised Learning Techniques for an Intrusion Detection System. In Proceedings of the 2004 ACM Symposium on Applied Computing, New York, NY, USA, 14–17 March 2004; pp. 412–419. [Google Scholar]
- Cover, T.; Hart, P. Nearest Neighbor Pattern Classification. IEEE Trans. Inf. Theory 1967, 13, 21–27. [Google Scholar] [CrossRef] [Green Version]
- Syarif, I.; Prugel-Bennett, A.; Wills, G. Unsupervised Clustering Approach for Network Anomaly Detection. In Proceedings of the International Conference on Networked Digital Technologies, Dubai, United Arab Emirates, 24–26 April 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 135–145. [Google Scholar]
- Kohonen, T. The Self-Organizing Map. Neurocomputing 1998, 21, 1–6. [Google Scholar] [CrossRef]
- Hulle, V. Self-Organizing Maps. Handb. Nat. Comput. 2012, 1, 585–622. [Google Scholar]
- Hastie, T.; Tibshirani, R.; Friedman, J. The Elements of Statistical Learning. Springer Series in Statistics; Springer: New York, NY, USA, 2001. [Google Scholar]
- Kanungo, T.; Mount, D.M.; Netanyahu, N.S.; Piatko, C.D.; Silverman, R.; Wu, A.Y. An Efficient K-Means Clustering Algorithm: Analysis and Implementation. IEEE Trans. Pattern Anal. Mach. Intell. 2002, 24, 881–892. [Google Scholar] [CrossRef]
- Haweliya, J.; Nigam, B. Network Intrusion Detection Using Semi Supervised Support Vector Machine. Int. J. Comput. Appl. 2014, 85, 27–31. [Google Scholar] [CrossRef] [Green Version]
- Chen, C.; Gong, Y.; Tian, Y. Semi-Supervised Learning Methods for Network Intrusion Detection. In Proceedings of the 2008 IEEE International Conference on Systems, Man and Cybernetics, Singapore, 12–15 October 2008; pp. 2603–2608. [Google Scholar]
- Lee, D.-H. Pseudo-Label: The Simple and Efficient Semi-Supervised Learning Method for Deep Neural Networks. In Proceedings of the Workshop on Challenges in Representation Learning, Atlanta, GA, USA, 20–21 June 2013; Volume 3, p. 896. [Google Scholar]
- Wu, H.; Prasad, S. Semi-Supervised Deep Learning Using Pseudo Labels for Hyperspectral Image Classification. IEEE Trans. Image Process. 2017, 27, 1259–1270. [Google Scholar] [CrossRef] [PubMed]
- Chapelle, O.; Scholkopf, B.; Zien, A. Semi-Supervised Learning. IEEE Trans. Neural Netw. 2009, 20, 542. [Google Scholar] [CrossRef]
- Vamvoudakis, K.G. Q-Learning for Continuous-Time Linear Systems: A Model-Free Infinite Horizon Optimal Control Approach. Syst. Control Lett. 2017, 100, 14–20. [Google Scholar] [CrossRef]
- Arulkumaran, K.; Deisenroth, M.P.; Brundage, M.; Bharath, A.A. Deep Reinforcement Learning: A Brief Survey. IEEE Signal Process. Mag. 2017, 34, 26–38. [Google Scholar] [CrossRef] [Green Version]
- Li, Y. Deep Reinforcement Learning: An Overview. arXiv 2017, arXiv:1701.07274. [Google Scholar]
- He, Y.; Liang, C.; Richard, Y.F.; Han, Z. Trust-Based Social Networks with Computing, Caching and Communications: A Deep Reinforcement Learning Approach. IEEE Trans. Netw. Sci. Eng. 2018, 7, 66–79. [Google Scholar] [CrossRef]
- D’Oro, S.; Galluccio, L.; Palazzo, S.; Schembra, G. A Game Theoretic Approach for Distributed Resource Allocation and Orchestration of Softwarized Networks. IEEE J. Sel. Areas Commun. 2017, 35, 721–735. [Google Scholar] [CrossRef]
- Narmanlioglu, O.; Zeydan, E. Learning in SDN-Based Multi-Tenant Cellular Networks: A Game-Theoretic Perspective. In Proceedings of the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), Lisbon, Portugal, 8–12 May 2017; pp. 929–934. [Google Scholar]
- Gao, Y.; Cheng, L.; Sang, L.; Yang, D. Spectrum Sharing for LTE and WiFi Coexistence Using Decision Tree and Game Theory. In Proceedings of the 2016 IEEE Wireless Communications and Networking Conference, Doha, Qatar, 3–6 April 2016; pp. 1–6. [Google Scholar]
- Shi, H.-Y.; Wang, W.-L.; Kwok, N.-M.; Chen, S.-Y. Game Theory for Wireless Sensor Networks: A Survey. Sensors 2012, 12, 9055–9097. [Google Scholar] [CrossRef] [Green Version]
- Agrawal, A.; Jaiswal, D. When Machine Learning Meets Ai and Game Theory. Comput. Sci. 2012, 2012, 1–5. [Google Scholar]
- Ranadheera, S.; Maghsudi, S.; Hossain, E. Mobile Edge Computation Offloading Using Game Theory and Reinforcement Learning. arXiv 2017, arXiv:1711.09012. [Google Scholar]
- Salama, M.A.; Eid, H.F.; Ramadan, R.A.; Darwish, A.; Hassanien, A.E. Hybrid Intelligent Intrusion Detection Scheme; Springer: Berlin/Heidelberg, Germany, 2011; pp. 293–303. [Google Scholar]
- Fiore, U.; Palmieri, F.; Castiglione, A.; Santis, D. Network Anomaly Detection with the Restricted Boltzmann Machine. Neurocomputing 2013, 122, 13–23. [Google Scholar] [CrossRef]
- Thaseen, S.; Kumar, C.A. An Analysis of Supervised Tree Based Classifiers for Intrusion Detection System. In Proceedings of the 2013 International Conference on Pattern Recognition, Informatics and MOBILE Engineering, Salem, India, 21–22 February 2013; pp. 294–299. [Google Scholar]
- Goodfellow, I.; Bengio, Y.; Courville, A. Deep Learning; MIT Press: Cambridge, MA, USA, 2016. [Google Scholar]
- Bengio, Y.; Goodfellow, I.; Courville, A. Deep Learning; MIT Press: Cambridge, MA, USA, 2017; Volume 1. [Google Scholar]
- Bharati, A.; Singh, R.; Vatsa, M.; Bowyer, K.W. Detecting Facial Retouching Using Supervised Deep Learning. IEEE Trans. Inf. Secur. 2016, 11, 1903–1913. [Google Scholar] [CrossRef]
- Ren, Z.; Yan, J.; Ni, B.; Liu, B.; Yang, X.; Zha, H. Unsup75ervised Deep Learning for Optical Flow Estimation. In Proceedings of the Thirty-First AAAI Conference on Artificial Intelligence, San Francisco, CA, USA, 4–9 February 2017. [Google Scholar]
- Taylor, A.; Leblanc, S.; Japkowicz, N. Anomaly Detection in Automobile Control Network Data with Long Short-Term Memory Networks. In Proceedings of the 2016 IEEE International Conference on Data Science and Advanced Analytics (DSAA), Montreal, QC, Canada, 17–19 October 2016; pp. 130–139. [Google Scholar]
- Kang, M.-J.; Kang, J.-W. Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security. PLoS ONE 2016, 11, e0155781. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Kim, J.; Shin, Y.; Choi, E. An Intrusion Detection Model Based on a Convolutional Neural Network. J. Multimed. Inf. Syst. 2019, 6, 165–172. [Google Scholar] [CrossRef]
- Kasongo, S.M.; Sun, Y. A Deep Learning Method with Filter Based Feature Engineering for Wireless Intrusion Detection System. IEEE Access 2019, 7, 38597–38607. [Google Scholar] [CrossRef]
- Kim, J.; Kim, J.; Huong, T.; Kim, H. Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection. In Proceedings of the International Conference on Platform Technology and Service (PlatCon), Jeju, Korea, 15–17 February 2016; pp. 1–5. [Google Scholar]
- Yin, C.; Zhu, Y.; Fei, J.; He, X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access 2017, 5, 21954–21961. [Google Scholar] [CrossRef]
- Tang, T.A.; Mhamdi, L.; McLernon, D.; Raza, A.; Ghogho, M. Deep Recurrent Neural Network for Intrusion Detection in Sdn-Based Networks. In Proceedings of the 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), Montreal, QC, Canada, 25-29 June 2018; pp. 202–206. [Google Scholar]
- Nasr, M.; Bahramali, A.; Houmansadr, A. Deepcorr: Strong Flow Correlation Attacks on Tor Using Deep Learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 1962–1976. [Google Scholar]
- Zhang, Y.; Chen, X.; Jin, L.; Wang, X.; Guo, D. Network Intrusion Detection: Based on Deep Hierarchical Network and Original Flow Data. IEEE Access 2019, 7, 37004–37016. [Google Scholar] [CrossRef]
- Yu, Y.; Long, J.; Cai, Z. Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders. Secur. Commun. Netw. 2017, 2017, 4184196. [Google Scholar] [CrossRef]
- Alrawashdeh, K.; Purdy, C. Toward an Online Anomaly Intrusion Detection System Based on Deep Learning. In Proceedings of the 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA), Anaheim, CA, USA, 18–20 December 2016; pp. 195–200. [Google Scholar]
- Egerstedt, M. From algorithms to architectures in cyber-physical networks. Cyber-Phys. Syst. 2015, 1, 67–75. [Google Scholar] [CrossRef]
- Gao, N.; Gao, L.; Gao, Q.; Wang, H. An Intrusion Detection Model Based on Deep Belief Networks. In Proceedings of the 2017 VI International Conference on Network, Communication and Computing Huangshan, China, 20–22 November 2014; pp. 247–252. [Google Scholar]
- Otoum, S.; Kantarci, B.; Mouftah, H.T. On the Feasibility of Deep Learning in Sensor Network Intrusion Detection. IEEE Netw. Lett. 2019, 1, 68–71. [Google Scholar] [CrossRef]
- Inayat, U.; Zia, M.F.; Mahmood, S.; Khalid, H.M.; Benbouzid, M. Learning-Based Methods for Cyber Attacks Detection in IoT Systems: A Survey on Methods, Analysis, and Future Prospects. Electronics 2020, 11, 1502. [Google Scholar] [CrossRef]
- Thamilarasu, G.; Chawla, S. Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things. Sensors 2019, 19, 1977. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- He, Y.; Mendis, G.J.; Wei, J. Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism. IEEE Trans. Smart Grid 2017, 8, 2505–2516. [Google Scholar] [CrossRef]
- Shone, N.; Ngoc, T.N.; Phai, V.D.; Shi, Q. A Deep Learning Approach to Network Intrusion Detection. IEEE Trans. Emerg. Top. Comput. Intell. 2018, 2, 41–50. [Google Scholar] [CrossRef]
- Musleh, A.S.; Khalid, H.M.; Muyeen, S.M.; Al-Durra, A. A Prediction Algorithm to Enhance Grid Resilience Toward Cyber Attacks in WAMCS Applications. IEEE Syst. J. 2019, 13, 710–719. [Google Scholar] [CrossRef]
- Zhang, H.; Yu, X.; Ren, P.; Luo, C.; Min, G. Deep Adversarial Learning in Intrusion Detection: A Data Augmentation Enhanced Framework. arXiv 2019, arXiv:1901.07949. [Google Scholar]
- Zhou, L.; Ouyang, X.; Ying, H.; Han, L.; Cheng, Y.; Zhang, T. Cyber-Attack Classification in Smart Grid via Deep Neural Network. In Proceedings of the 2nd International Conference on Computer Science and Application Engineering, Hohhot, China 22–24 October 2018; pp. 1–5. [Google Scholar]
- Feng, F.; Liu, X.; Yong, B.; Zhou, R.; Zhou, Q. Anomaly Detection in Ad-Hoc Networks Based on Deep Learning Model: A Plug and Play Device. Ad Hoc Netw. 2019, 84, 82–89. [Google Scholar] [CrossRef]
- Zhang, Y.; Li, P.; Wang, X. Intrusion Detection for IoT Based on Improved Genetic Algorithm and Deep Belief Network. IEEE Access 2019, 7, 31711–31722. [Google Scholar] [CrossRef]
- Jiang, F.; Fu, Y.; Gupta, B.B.; Liang, Y.; Rho, S.; Lou, F.; Meng, F.; Tian, Z. Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security. IEEE Trans. Sustain. Comput. 2018, 5, 204–212. [Google Scholar] [CrossRef]
- Zhang, H.; Wang, Y.; Chen, H.; Zhao, Y.; Zhang, J. Exploring Machine-Learning-Based Control Plane Intrusion Detection Techniques in Software Defined Optical Networks. Opt. Fiber Technol. 2017, 39, 37–42. [Google Scholar] [CrossRef]
- Aldwairi, T.; Perera, D.; Novotny, M.A. An Evaluation of the Performance of Restricted Boltzmann Machines as a Model for Anomaly Network Intrusion Detection. Comput. Netw. 2018, 144, 111–119. [Google Scholar] [CrossRef]
- Alom, M.Z.; Taha, T.M.; Yakopcic, C.; Westberg, S.; Sidike, P.; Nasrin, M.S.; Hasan, M.; Essen, V.; Awwal, A.A.; Asari, V.K. A State-of-The-Art Survey on Deep Learning Theory and Architectures. Electronics 2019, 8, 292. [Google Scholar] [CrossRef] [Green Version]
- Yang, J.; Deng, J.; Li, S.; Hao, Y. Improved Traffic Detection with Support Vector Machine Based on Restricted Boltzmann Machine. Soft Comput. 2017, 21, 3101–3112. [Google Scholar] [CrossRef]
- Zhao, G.; Zhang, C.; Zheng, L. Intrusion Detection Using Deep Belief Network and Probabilistic Neural Network. In Proceedings of the 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) Guangzhou, China, 21–24 July 2017; Volume 1, pp. 639–642. [Google Scholar]
- Khan, F.A.; Gumaei, A.; Derhab, A.; Hussain, A. A Novel Two-Stage Deep Learning Model for Efficient Network Intrusion Detection. IEEE Access 2019, 7, 30373–30385. [Google Scholar] [CrossRef]
- Papamartzivanos, D.; Mármol, F.G.; Kambourakis, G. Introducing Deep Learning Self-Adaptive Misuse Network Intrusion Detection Systems. IEEE Access 2019, 7, 13546–13560. [Google Scholar] [CrossRef]
- Marotta, A.; Carrozza, G.; Avallone, S.; Manetti, V. An OpenFlow-Based Architecture for IaaS Security. In Proceedings of the ATACCS ‘13: International Conference on Application and Theory of Automation in Command and Control Systems, Naples, Italy, 28–30 May 2013; pp. 118–121. [Google Scholar]
- Yasrebi, P.; Monfared, S.; Bannazadeh, H.; Leon-Garcia, A. Security Function Virtualization in Software Defined Infrastructure. In Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, Canada, 11–15 May 2015; pp. 778–781. [Google Scholar]
- Carvalho, L.F.; Abrão, T.; Leonardo; Lemes, M. An Ecosystem for Anomaly Detection and Mitigation in Software-Defined Networking. Expert Syst. Appl. 2018, 104, 121–133. [Google Scholar] [CrossRef]
- Leland, W.E.; Willinger, W.; Taqqu, M.S.; Wilson, D.V. On the Self-Similar Nature of Ethernet Traffic. ACM SIGCOMM Comput. Commun. Rev. 1995, 25, 202–213. [Google Scholar] [CrossRef] [Green Version]
- Tang, T.A.; Mhamdi, L.; McLernon, D.; Raza, A.; Ghogho, M. Deep Learning Approach for Network Intrusion Detection in Software Defined Networking. In Proceedings of the 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), Fez, Morocco, 26–29 October 2016; pp. 258–263. [Google Scholar]
- Latah, M.; Toker, L. Towards an Efficient Anomaly-Based Intrusion Detection for Software-Defined Networks. IET Netw. 2018, 7, 453–459. [Google Scholar] [CrossRef] [Green Version]
- Prasath, M.K.; Perumal, B. A Meta-Heuristic Bayesian Network Classification for Intrusion Detection. Int. J. Netw. Manag. 2019, 29, e2047. [Google Scholar] [CrossRef]
- Kannadiga, P.; Zulkernine, M. DIDMA: A Distributed Intrusion Detection System Using Mobile Agents. In Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network, Towson, MD, USA, 23–25 May 2005; pp. 238–245. [Google Scholar]
- Wang, B.; Sun, Y.; Yuan, C.; Xu, X. LESLA: A Smart Solution for SDN-Enabled MMTC E-Health Monitoring System. In Proceedings of the 8th ACM MobiHoc 2018 Workshop on Pervasive Wireless Healthcare Workshop, Los Angeles, CA, USA, 26–25 June 2018; pp. 1–6. [Google Scholar]
- Ashraf, S.; Shawon, M.H.; Khalid, H.M.; Muyeen, S.M. Denial-of-Service Attack on IEC 61850-Based Substation Automation System: A Crucial Cyber Threat towards Smart Substation Pathways. Sensors 2021, 21, 6415. [Google Scholar] [CrossRef] [PubMed]
- Ashraf, J.; Latif, S. Handling Intrusion and DDoS Attacks in Software Defined Networks Using Machine Learning Techniques. In Proceedings of the 2014 National Software Engineering Conference, Rawalpindi, Pakistan, 11–12 November 2014; pp. 55–60. [Google Scholar]
- Kokila, R.; Thamarai, S.S.; Govindarajan, K. DDoS Detection and Analysis in SDN-Based Environment Using Support Vector Machine Classifier. In Proceeding of the 2014 Sixth International Conference on Advanced Computing (ICoAC), Chennai, India, 17–19 December 2014; pp. 205–210. [Google Scholar]
- Wang, P.; Chao, K.-M.; Lin, H.-C.; Lin, W.-H.; Lo, C.-C. An Efficient Flow Control Approach for SDN-Based Network Threat Detection and Migration Using Support Vector Machine. In Proceedings of the 2016 IEEE 13th International Conference on e-Business Engineering (ICEBE), Macau, China, 4–6 November 2016; pp. 56–63. [Google Scholar]
- Shiravi, A.; Shiravi, H.; Tavallaee, M.; Ghorbani, A.A. Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Comput. Secur. 2012, 31, 357–374. [Google Scholar] [CrossRef]
- Gangadhar, S.; Sterbenz, J.P. Machine Learning Aided Traffic Tolerance to Improve Resilience for Software Defined Networks. In Proceedings of the 2017 9th International Workshop on Resilient Networks Design and Modeling (RNDM), Alghero, Italy, 4–6 September 2017; pp. 1–7. [Google Scholar]
- Neupane, R.L.; Neely, T.; Chettri, N.; Vassell, M.; Zhang, Y.; Calyam, P.; Durairajan, R. Dolus: Cyber Defense Using Pretense against DDoS Attacks in Cloud Platforms. In Proceedings of the 19th International Conference on Distributed Computing and Networking, Varanasi, India, 4–7 January 2018; pp. 1–10. [Google Scholar]
- Nanda, S.; Zafari, F.; DeCusatis, C.; Wedaa, E.; Yang, B. Predicting Network Attack Patterns in SDN Using Machine Learning Approach. In Proceedings of the 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Palo Alto, CA, USA, 7–10 November 2016; pp. 167–172. [Google Scholar]
- Song, C.; Park, Y.; Golani, K.; Kim, Y.; Bhatt, K.; Goswami, K. Machine-Learning Based Threat-Aware System in Software Defined Networks. In Proceedings of the 2017 26th International Conference on Computer Communication and Networks (ICCCN), Vancouver, BC, Canada, 31 July–3 August 2017; pp. 1–9. [Google Scholar]
- Alshamrani, A.; Chowdhary, A.; Pisharody, S.; Lu, D.; Huang, D. A Defense System for Defeating DDoS Attacks in SDN Based Networks. In Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, Miami, FL, USA, 21–25 November 2017; pp. 83–92. [Google Scholar]
- Smith, R.J.; Zincir-Heywood, A.N.; Heywood, M.I.; Jacobs, J.T. Initiating a Moving Target Network Defense with a Real-Time Neuro-Evolutionary Detector. In Proceedings of the 2016 on Genetic and Evolutionary Computation Conference Companion, Denver, CO, USA, 20–24 July 2016; pp. 1095–1102. [Google Scholar]
- Narayanadoss, A.R.; Truong-Huu, T.; Mohan, P.M.; Gurusamy, M. Crossfire Attack Detection Using Deep Learning in Software Defined ITS Networks. Proceeding of the 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring), Kuala Lumpur, Malaysia, 28 April–1 May 2019; pp. 1–6. [Google Scholar]
- Anderson, S.; Wickboldt, J.A.; Granville, L.Z.; Schaeffer-Filho, A. ATLANTIC: A Framework for Anomaly Traffic Detection, Classification, and Mitigation in SDN. In Proceedings of the NOMS 2016—2016 IEEE/IFIP Network Operations and Management Symposium, Istanbul, Turkey, 25–29 April 2016; pp. 27–35. [Google Scholar]
- Kreutz, D.; Ramos, F.M.; Verissimo, P. Towards Secure and Dependable Software-Defined Networks. In Proceedings of the HotSDN ‘13: Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Hong Kong China, 16 August 2013; pp. 55–60. [Google Scholar]
- Akhunzada, A.; Gani, A.; Anuar, N.B.; Abdelaziz, A.; Khan, M.K.; Hayat, A.; Khan, S.U. Secure and Dependable Software Defined Networks. J. Netw. Comput. Appl. 2016, 61, 199–221. [Google Scholar] [CrossRef]
- Wang, Y.; Cai, W.; Wei, P. A Deep Learning Approach for Detecting Malicious JavaScript Code. Secur. Commun. Netw. 2016, 9, 1520–1534. [Google Scholar] [CrossRef] [Green Version]
- Sommer, R.; Paxson, V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 16–19 May 2010; pp. 305–316. [Google Scholar]
- Petroulakis, N.E.; Spanoudakis, G.; Askoxylakis, I.G. Patterns for the Design of Secure and Dependable Software Defined Networks. Comput. Netw. 2016, 109, 39–49. [Google Scholar] [CrossRef] [Green Version]
- Prete, L.R.; Shinoda, A.A.; Schweitzer, C.M.; Santos. Simulation in an SDN Network Scenario Using the POX Controller. In Proceedings of the 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), Bogota, Colombia, 4–6 June 2014; pp. 1–6. [Google Scholar]
- Wehrle, K.; Günes, M.; Gross, J. Modeling and Tools for Network Simulation; Springer Science & Business Media: Berlin, Germany, 2010. [Google Scholar]
- Fontes, R.R.; Afzal, S.; Brito, S.H.; Santos, M.A.; Rothenberg, C.E. Mininet-WiFi: Emulating Software-Defined Wireless Networks. In Proceedings of the 2015 11th International Conference on Network and Service Management (CNSM), Barcelona, Spain, 9–13 November 2015; pp. 384–389. [Google Scholar]
- Hande, Y.; Muddana, A. A Survey on Intrusion Detection System for Software Defined Networks (SDN); IGI Global: Hershey, PA, USA, 2021; pp. 467–489. [Google Scholar]
- Elsayed, M.S.; Le-Khac, N.-A.; Dev, S.; Jurcut, A.D. Ddosnet: A Deep-Learning Model for Detecting Network Attacks. In Proceedings of the 2020 IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), Cork, Ireland, 31 August–3 September 2020; pp. 391–396. [Google Scholar]
- Zargar, S.T.; Joshi, J.; Tipper, D. A Survey of Defense Mechanisms against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Commun. Surv. Tutor. 2013, 15, 2046–2069. [Google Scholar] [CrossRef]
- Kolias, C.; Kambourakis, G.; Stavrou, A.; Voas, J. DDoS in the IoT: Mirai and Other Botnets. Computer 2017, 50, 80–84. [Google Scholar] [CrossRef]
- Su, A.-J.; Choffnes, D.R.; Kuzmanovic, A.; Bustamante, F.E. Drafting behind Akamai (Travelocity-Based Detouring). ACM SIGCOMM Comput. Commun. Rev. 2006, 36, 435–446. [Google Scholar] [CrossRef] [Green Version]
- Khalid, H.M.; Muyeen, S.M.; Peng, J.C.-H. Cyber-Attacks in a Looped Energy-Water Nexus: An Inoculated Sub-Observer-Based Approach. IEEE Syst. J. 2020, 14, 2054–2065. [Google Scholar] [CrossRef]
- Giotis, K.; Argyropoulos, C.; Androulidakis, G.; Kalogeras, D.; Maglaris, V. Combining OpenFlow and SFlow for an Effective and Scalable Anomaly Detection and Mitigation Mechanism on SDN Environments. Comput. Netw. 2014, 62, 122–136. [Google Scholar] [CrossRef]
- Lim, S.; Ha, J.; Kim, H.; Kim, Y.; Yang, S. A SDN-Oriented DDoS Blocking Scheme for Botnet-Based Attacks. In Proceedings of the 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN), Shanghai, China, 8–11 July 2014; pp. 63–68. [Google Scholar]
- Liu, Z.; He, Y.; Wang, W.; Zhang, B. DDoS Attack Detection Scheme Based on Entropy and PSO-BP Neural Network in SDN. China Commun. 2019, 16, 144–155. [Google Scholar] [CrossRef]
- Winter, P.; Hermann, E.; Zeilinger, M. Inductive Intrusion Detection in Flow-Based Network Data Using One-Class Support Vector Machines. In Proceedings of the 2011 4th IFIP International Conference on New Technologies, Mobility and Security, Paris, France, 7–10 February 2011; pp. 1–5. [Google Scholar]
- Trung, V.; Huong, T.T.; Tuyen, V.; Duc, D.M.; Thanh, N.H.; Marshall, A. A Multi-Criteria-Based DDoS-Attack Prevention Solution Using Software Defined Networking. In Proceedings of the 2015 International Conference on Advanced Technologies for Communications (ATC), Ho Chi Minh City, Vietnam, 14–16 October 2015; pp. 308–313. [Google Scholar]
- Jadidi, Z.; Muthukkumarasamy, V.; Sithirasenan, E.; Sheikhan, M. Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm. In Proceedings of the 33rd International Conference on Distributed Computing System, Philadelphia, PA, USA, 8–11 July 2013; pp. 76–81. [Google Scholar]
- Niyaz, Q.; Sun, W.; Javaid, A.Y. A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN). arXiv 2016, arXiv:1611.07400. [Google Scholar] [CrossRef] [Green Version]
- Dawoud, A.; Shahristani, S.; Raun, C. A Deep Learning Framework to Enhance Software Defined Networks Security. In Proceedings of the 32nd IEEE International Conference on Advanced Information Networking and Applications Workshops: IEEE WAINA 2018, Krakow, Poland, 16–18 May 2018; pp. 709–714. [Google Scholar]
- Khalid, H.M.; Peng, J.C.-H. A Bayesian Algorithm to Enhance the Resilience of WAMS Applications Against Cyber Attacks. IEEE Trans. Smart Grid 2016, 7, 2026–2037. [Google Scholar] [CrossRef]
- Team, M. Mininet an Instant Virtual Network on Your Laptop (or Other PC). 2012. Available online: https://ic.unicamp.br (accessed on 26 August 2022).
- Shu, J.; Zhou, L.; Zhang, W.; Du, X.; Guizani, M. Collaborative Intrusion Detection for VANETs: A Deep Learning-Based Distributed SDN Approach. IEEE Trans. Intell. Transp. Syst. 2020, 22, 4519–4530. [Google Scholar] [CrossRef]
- Mauro, D.; Galatro, G.; Liotta, A. Experimental Review of Neural-Based Approaches for Network Intrusion Management. IEEE Trans. Netw. Serv. Manag. 2020, 17, 2480–2495. [Google Scholar] [CrossRef]
- Garg, S.; Kaur, K.; Kumar, N.; Rodrigues, J.J. Hybrid Deep-Learning-Based Anomaly Detection Scheme for Suspicious Flow Detection in SDN: A Social Multimedia Perspective. IEEE Trans. Multimed. 2019, 21, 566–578. [Google Scholar] [CrossRef]
- Creech, G.; Hu, J. Generation of a New IDS Test Dataset: Time to Retire the KDD Collection. In Proceedings of the 2013 IEEE Wireless Communications and Networking Conference (WCNC), Shanghai, China, 7–10 April 2013; pp. 4487–4492. [Google Scholar]
- Moustafa, N.; Slay, J. The Evaluation of Network Anomaly Detection Systems: Statistical Analysis of the UNSW-NB15 Data Set and the Comparison with the KDD99 Data Set. Inf. Secur. J. A Glob. Perspect. 2016, 25, 18–31. [Google Scholar] [CrossRef]
- Lee, J.; Pak, J.; Lee, M. Network Intrusion Detection System Using Feature Extraction Based on Deep Sparse Autoencoder. In Proceedings of the 2020 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, Korea, 21–23 October 2020; pp. 1282–1287. [Google Scholar]
- Mauro, D.; Galatro, G.; Fortino, G.; Liotta, A. Supervised Feature Selection Techniques in Network Intrusion Detection: A Critical Review. Eng. Appl. Artif. Intell. 2021, 101, 104216. [Google Scholar] [CrossRef]
- Coates, A.; Ng, A.; Lee, H. An Analysis of Single-Layer Networks in Unsupervised Feature Learning. In Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, Fort Lauderdale, FL, USA, 11–13 April 2011; pp. 215–223. [Google Scholar]
- Lu, Y.; Cohen, I.; Zhou, X.S.; Tian, Q. Feature Selection Using Principal Feature Analysis. In Proceedings of the Proceedings of the 15th ACM International Conference on Multimedia, Augsburg, Germany, 25–29 September 2007; pp. 301–304. [Google Scholar]
- Eid, H.F.; Salama, M.A.; Hassanien, A.E.; Kim, T. Bi-Layer Behavioral-Based Feature Selection Approach for Network Intrusion Classification; Springer: Berlin/Heidelberg, Germany, 2011; pp. 195–203. [Google Scholar]
- Kloft, M.; Brefeld, U.; Düessel, P.; Gehl, C.; Laskov, P. Automatic Feature Selection for Anomaly Detection. 2008, pp. 71–76. Available online: https://ml.cs.uni-kl.de/publications/aisec08-kloft.pdf (accessed on 26 August 2022).
- Gogoi, P.; Bhuyan, M.H.; Bhattacharyya, D.; Kalita, J.K. Packet and Flow Based Network Intrusion Dataset; Springer: Berlin/Heidelberg, Germany, 2012; pp. 322–334. [Google Scholar]
- Axelsson, S. Research in Intrusion-Detection Systems: A Survey; Technical Report 98-17; Department of Computer Engineering, Chalmers: Gothenburg, Sweden, 1998. [Google Scholar]
- Alom, M.Z.; Bontupalli, V.; Taha, T.M. Intrusion Detection Using Deep Belief Networks. In Proceedings of the 2015 National Aerospace and Electronics Conference (NAECON), Dayton, OH, USA, 15–19 June 2015; pp. 339–344. [Google Scholar]
- Yan, Q.; Richard, Y.F.; Gong, Q.; Li, J. Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. IEEE Commun. Surv. Tutor. 2015, 18, 602–622. [Google Scholar] [CrossRef]
- Aburomman, A.A.; Reaz, M.B. Survey of Learning Methods in Intrusion Detection Systems. In Proceedings of the 2016 International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES), Putrajaya, Malaysia, 14–16 November 2016; pp. 362–365. [Google Scholar]
Review Paper | Year | Review NIDS | SDN Focused | Include ML | Include DL | Contribution | Limitation |
---|---|---|---|---|---|---|---|
[8] | 2017 | Yes | No | Yes | No | This research classified IDS. IDS complexity was classified. Compared shallow and deep network learning techniques. Experiments showed deeper networks spot threats better. | Signature-based techniques were used; however, they could not detect all forms of assault, particularly if the IDS signature list was missing the proper signature. |
[10] | 2018 | Yes | Yes | Yes | No | ||
[5] | 2019 | Yes | Yes | Yes | No | ML techniques and IDS frameworks for SDN were examined. The second category included data collecting and mitigation strategies. Standard datasets, testbeds, and research tools were included. | The authors provided an overview of obstacles and potential of employing ML with emerging technologies such as SDN; however, it was not thorough. |
[7] | 2019 | Yes | Yes | Yes | No | This paper looked at ML techniques using SDN to generate NIDS. Deep learning was used in SDN-based NIDS. This research examined SDN NIDS modelling tools. | When it comes to network-based IDS, sensors are deliberately deployed around the network to pick up on reconnaissance assaults. |
[9] | 2019 | Yes | Yes | Yes | No | In this overview, machine learning methods helped SDN-based NIDS. This survey included NIDS model-building tools. The two strategies used in this study may enhance network intrusion detection. | Acquiring a new management tool and providing everyone with the necessary instruction is a priority. The lack of security is a major obstacle for the SDN. |
[11] | 2019 | Yes | No | No | Yes | Anomaly-detection applications were evaluated. Categorized deep anomaly detection systems. | Robust features need manual extraction. The frequency of insurance fraud is significantly smaller than the number of claims, and each scam is unique. Such techniques cannot identify fresh failure signals. |
[12] | 2020 | Yes | No | No | Yes | Categorized deep learning-based IDS by input data, detection, deployment, and assessment methodologies. This survey compared and examined deep learning-based IDS experiments. | Due to limited datasets, IDS systems lack real-world dependability and applicability. Benchmark datasets are not real-time. |
[13] | 2020 | Yes | No | Yes | Yes | This article described IDS and proposed a taxonomy for ML and DL-based network-based IDS (NIDS) systems. The examined articles described IDS classification systems. | In general, ANNs tend to overfit to their training data. Due to the iterative nature of selecting the size and structure of an ANN, overfitting occurs all too often. |
This Article | 2022 | Yes | Yes | Yes | Yes | ML/DL algorithms on the SDN platform could find and resolve system problems and monitor the whole network. To utilize ML tactics in SDN, we categorized ML frameworks and methods. |
Machine Learning Approach | Type of Problem | Advantages | Disadvantages |
---|---|---|---|
Random forest | Regression and classification | Instability is reduced. Overfitting of DT model is mitigated. Accurate for huge training sets. | Does not give accurate results for imbalanced training datasets. Training speed is low. |
Support vector machine | Regression and classification | High-dimensional datasets can be effectively handled. Valid for both separable datasets (linear and non-linear). | Training of large datasets is difficult. Not good for noisier datasets. |
K-nearest neighbor | Regression and classification | Implementation is easy. Flexible. | It is memory-intensive. Computationally expensive. |
Self-organizing map | Clustering | Understanding of data mapping is easy. High-dimensional datasets can be effectively handled. | For large maps, it is computationally expensive. |
K-means | Clustering | Clustering results can be easily interpreted. Implementation is easy. | Linear computational cost. Sensitive to first outliers. |
Semi-supervised learning | Clustering, regression, and classification | Labeled and unlabeled data are used. | Fully depends on assumptions, such as smoothness assumptions and manifold. |
Reinforcement learning | Decision-making | Fast decision-making after training. Prior knowledge is not required to work properly. | High-dimensional problems cannot be handled. Low convergence rate |
Deep reinforcement learning | Decision-making | More computational resources are required to train datasets. |
Deep Learning Approach | Model Detail | Dataset | Ref. |
---|---|---|---|
DNN | Using DNN for SDN-based IDS | NSL-KDD | [76] |
Using DNN to handle huge data for large network | NSL-KDD | [77] | |
Using DNN for intrusion detection system in vehicular networks | Vehicular network communication | [78] | |
Using DNN for network intrusion detection system to classify cyber attacks | PROBING, U2R, R2L, and DoS | [96] | |
Using DNN to detect privacy attacks and DoS in ad hoc networks | KDD C’99 | [97] | |
Using DNN to detect network intrusions | KDD C’99 | [98] | |
Using DNN to evolve network attacks | KDD C’99 | [99] | |
FFDNN | Using FFDNN to detect network intrusions | NSL-KDD | [79] |
RNN | Using RNN to detect network intrusions | KDD C’99 | [80] |
Using RNN to detect attack against vehicle | Attacks against vehicles | [81] | |
Using RNN to detect network intrusions | NSL-KDD | [77] | |
Using RNN for intrusion detection system in SDN | NSL-KDD | [82] | |
Using RNN for multi-channel intrusion detection system | NSL-KDD | [83] | |
CNN | Using CNN to detect network intrusions | UMASS dataset | [100] |
Using CNN to anomaly traffic detection | CICIDS2017 | [84] | |
Using CNN for intrusion detection, encrypted traffic classification, and detection of novel attacks | ISCX 2012 IDS | [85] | |
Using CNN to evaluate network intrusions | Contagio-CTU-UNB | [101] | |
Machine Learning Approach | Type of Problem | Advantages | Disadvantages |
RBM | Using RBM to evaluate network intrusions | KDD C’99 | [86] |
Using RBM to detect cyber security intrusions | ISCX dataset | [87] | |
Using RBM for intrusion recognition domain | KDD C’99 | [102] | |
Using RBM to detect anomalous activities | NSL-KDD | [66] | |
Using RBM to traffic detection | Real online network traffic | [103] | |
Using RBM for clustered intrusion IDS in wireless sensor networks | KDD C’99 | [104] | |
DBN | Using DBN for intrusion detection in IoT | IoT simulation dataset | [90] |
Using DBN and probabilistic neural network for IDS | KDD Cup 1999 | [92] | |
Using DBN for cyber security intrusion detection | NSL-KDD | [105] | |
Using DBN for IDS in SCADA | IEEE 118-bus and 300-bus | [96] | |
DA | Using DA for cyber security intrusion detection | NSL-KDD | [93] |
Using DA in IDS | UNSW-NB15 and KDD C’99 | [94] | |
Using DA autonomous and self-adaptive misuse IDS | NSL-KDD | [106] | |
Using DA for cyber security intrusion detection | KDD C’99 | [107] |
Reference | Method of Detection | Dataset Used | Detected Attack | Feature Selection |
---|---|---|---|---|
[112] | NEAT | Owned: 800000+Packets | DDoS and worm | 3-packet-level features |
[127] | ANN, LSTM, and CNN | Owned | Crossfire | 3-flow-based features |
[128] | DT, NB, and SVM | KDD-Cup 1999 | DDoS | 4-flow-based features |
[4] | MHBNC | NSL-KDD | DoS, R2L, U2R, and probe | Extraction of features and pre-processing |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ahmed, N.; Ngadi, A.b.; Sharif, J.M.; Hussain, S.; Uddin, M.; Rathore, M.S.; Iqbal, J.; Abdelhaq, M.; Alsaqour, R.; Ullah, S.S.; et al. Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction. Sensors 2022, 22, 7896. https://doi.org/10.3390/s22207896
Ahmed N, Ngadi Ab, Sharif JM, Hussain S, Uddin M, Rathore MS, Iqbal J, Abdelhaq M, Alsaqour R, Ullah SS, et al. Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction. Sensors. 2022; 22(20):7896. https://doi.org/10.3390/s22207896
Chicago/Turabian StyleAhmed, Naveed, Asri bin Ngadi, Johan Mohamad Sharif, Saddam Hussain, Mueen Uddin, Muhammad Siraj Rathore, Jawaid Iqbal, Maha Abdelhaq, Raed Alsaqour, Syed Sajid Ullah, and et al. 2022. "Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction" Sensors 22, no. 20: 7896. https://doi.org/10.3390/s22207896
APA StyleAhmed, N., Ngadi, A. b., Sharif, J. M., Hussain, S., Uddin, M., Rathore, M. S., Iqbal, J., Abdelhaq, M., Alsaqour, R., Ullah, S. S., & Zuhra, F. T. (2022). Network Threat Detection Using Machine/Deep Learning in SDN-Based Platforms: A Comprehensive Analysis of State-of-the-Art Solutions, Discussion, Challenges, and Future Research Direction. Sensors, 22(20), 7896. https://doi.org/10.3390/s22207896