Abstract
This paper proposes Deep-Discovery, an Intrusion Detection System (IDS), to perform Anomaly Discovery in Software-Defined Networking (SDN) using Artificial Neural Network (ANN). The proposed IDS framework utilizes the Multi-Layer Perceptron (MLP), a Feedforward (FF) ANN, to detect volume-based and protocol-based Distributed Denial of Service (DDoS) attacks on the data plane of SDN. The proposed model considers the attack detection a multi-class classification problem and classifies the network traffic into six attack classes with an accuracy of 98.81% and a minimal False Alarm Rate (FAR) of 0.002. The proposed classification model addresses the binary classification problem to compare and analyze the classification performance metrics. The Deep-Discovery that deals with the binary classification problem categorizes the network traffic into anomalous and normal traffic with 99.79% accuracy and a nominal FAR of 0.0001. The novelty of this work is its emphasis on obtaining the optimal performance metrics with a simple neural network with minimal computational overhead rather than an intricate and complex model.
Original language | English |
---|---|
Article number | 103320 |
Journal | Computers and Security |
Volume | 132 |
DOIs | |
State | Published - Sep 2023 |
Externally published | Yes |
Bibliographical note
Publisher Copyright:© 2023 Elsevier Ltd
Keywords
- Artificial neural network (ANN)
- Attack detection
- Classification algorithms
- Deep learning (DL)
- Distributed denial of service (DDoS) attacks
- Security threats
- Software-defined networking (SDN)