Machine learning based intrusion detection system for software defined networks

Software-Defined Networks (SDN) is an emerging area that promises to change the way we design, build, and operate network architecture. It tends to shift from traditional network architecture of proprietary based to open and programmable network architecture. However, this new innovative and improved technology also brings another security burden into the network architecture, with existing and emerging security threats. The network vulnerability has become more open to intruders: the focus is now shifted to a single point of failure where the central controller is a prime target. Therefore, integration of intrusion detection system (IDS) into the SDN architecture is essential to provide a network with attack countermeasure. The work designed and developed a virtual testbed that simulates the processes of the real network environment, where a star topology is created with hosts and servers connected to the OpenFlow OVS-switch. Signature-based Snort IDS is deployed for traffic monitoring and attack detection, by mirroring the traffic destine to the servers. The vulnerability assessment shows possible attacks threat exist in the network architecture and effectively contain by Snort IDS except for the few which the suggestion is made for possible mitigation. In order to provide scalable threat detection in the architecture, a flow-based IDS model is developed. A flow-based anomaly detection is implemented with machine learning to overcome the limitation of signature-based IDS. The results show positive improvement for detection of almost all the possible attacks in SDN environment with our pattern recognition of neural network for machine learning using our trained model with over 97% accuracy

Using A One-Class Compound Classifier To Detect In-Vehicle Network Attacks

The Controller Area Network (CAN) in vehicles provides serial communication between electronic control units that manage en- gine, transmission, steering and braking. Researchers have recently demonstrated the vulnerability of the network to cyber-attacks which can manipulate the operation of the vehicle and compromise its safety. Some proposals for CAN intrusion detection systems, that identify attacks by detecting packet anomalies, have drawn on one-class classi cation, whereby the system builds a decision surface based on a large number of normal instances. The one-class approach is discussed in this paper, together with initial results and observations from implementing a classi er new to this eld. The Compound Classier has been used in image processing and medical analysis, and holds advantages that could be relevant to CAN intrusion detection.<br/