Efficient Malicious Packet Detection in Software Defined Networks

The emergence of software defined networking is proving to be a strong platform for future networks due to its advantages with regards to management of enterprise networks. One of the key areas where SDN is altering the management of networks is in the area of security. Additionally, the use of machine learning methods for network security is becoming increasingly investigated by both academia and industry. However, existing machine learning based intrusion detection systems can be highly computationally intensive. This forms the motivation for this research that combines the SDN architecture with machine learning to provide greater efficiency for intrusion detection. In this work, a novel solution using a hierarchical machine learning approach based on a SDN topology is presented. In the proposed solution, the SDN architecture uses machine learning at the controller that allows an efficient malicious packet detection mechanism at the edge of the network when compared to a flat traditional architecture. The methodology deployed includes a unique sub-flow classification based on supervised learning. The solution is demonstrated with the widely used CICIDS 2017 and the CICIDS 2018 datasets. The thesis shows significant savings in the traffic processed at the edge for the purposes of intrusion detection. Results show as much as a 74-98% savings in traffic processed for intrusion detection resulting in as much as 1000 times decrease in processing time (or increase in prediction rate) for malicious packet detection. The results also demonstrate that the savings have no significant impact on the overall accuracy of the system. This represents significant savings in network resources allowing for scarce network/computing resources to be deployed to other services. This work is a significant contribution to machine learning based network security research and forms a strong basis for future research in the security of next generation networks