Preprocessing-Based Approach for Prompt Intrusion Detection in SDN Networks

Abstract

Software Defined Networking (SDN) has emerged as a network platform that enables centralized network management, providing network operators with the ability to manage the entire network uniformly and comprehensively, regardless of the complexity of the underlying infrastructure devices. Nevertheless, it remains vulnerable to emerging security threats that can be maliciously exploited by attackers. If the SDN controller is compromised, the entire system becomes susceptible to severe risks. Previous research has focused on proposing flow-based IDSs using Machine-Learning/Deep-Learning models distinguishing between benign traffic and attacks. However, these solutions require periodic message exchanges, containing requests and responses, between the control plane and the data plane. Once the required flow features are extracted from the responses transmitted by the OpenFlow switches, these features undergo preprocessing before being fed to a classifier. This pre-training process consumes a significant amount of time and resources, which is inadequate for early intrusion detection. The study presented in this paper introduces an efficient classification solution based essentially on preprocessing raw input data, eliminating the need for retrieving flow information from the OpenFlow switches. We evaluated our approach on the public InSDN dataset, achieving an accuracy of 99.91% and 99.99% for multiclass and binary classification respectively.