Statistical Analysis Based Intrusion Detection System for Ultra-High-Speed Software Defined Network

Abstract

Internet users and internet services are increasing day by day, which increases the internet traffic from zeta-bytes to petabytes with ultra-high-speed. Different types of architecture are implemented to handle high-speed data traffic. The two layers approach of the Software-Defined Network (SDN) architecture converts classical network architecture to consistent, centralized controllable network architecture with programming ability. On the other hand, network security is still the main concern for the network administrator and detection of malicious internet packets in ultra-high-speed traffic of the programmable network. Therefore, in this paper, we proposed a Statistical Analysis Based Intrusion Detection System (SABIDS) by using Machine Learning (ML) approach. The key idea is to implement the SABIDS inside the (RYU) controller that will statistically analyse the high-speed internet traffic flows and block the identified packet generator IP automatically. The SABIDS scheme consists of 3 modules, (1) fetch the runtime flow statistics, (2) Identify the nature of the flow by statistical and pattern match techniques, (3) Block the malicious flow’s source IP. Different types of ML classifiers are used to evaluate the performance of the scheme. This scheme enables the SDN controller to detect malicious traffic and avoid potential losses like system failure or risk of being an attack.