SD-IIDS: intelligent intrusion detection system for software-defined networks

Software-Defined Networking (SDN) is susceptible to security threats despite all the network programmability and flexibility offered, and hence SDN must be safeguarded.This work proposes an Intelligent Intrusion Detection System for Software-Defined Networks (SD-IIDS) that creates two equally competent ensemble Machine Learning (ML) classification models for detecting Distributed Denial of Service (DDoS) attacks in SDN. The developed ensemble models act as binary and multi-class classification algorithms. The models are Support Vector Classifier bagged with Random Forest (SVC-RF), and Random Forest bagged with Logistic Regression (RF-LR). The multi-class SVC-RF and RF-LR detect the the DDoS attack types with 98.83% and 99.54% accuracy and minimal False Alarm Rate (FAR) of 0.0189 and 0.012, respectively. The binary SVC-RF and RF-LR algorithms classify the network traffic into malicious and legitimate classes, with 99.42% and 99.79% accuracy and a nominal FAR of 0.0005 and 0.002, respectively. This work’s core innovation is choosing the champion model among the two ensemble ML models based on its classification performance metrics and complexity analysis. The other major contribution of the work is botnet detection leveraging data mining techniques. The multi-class RF-LR ensemble outperformed multi-class SVC-RF with 99.45% precision and 99.46% sensitivity. The optimal performance metrics imply that the proposed ensemble models have greater efficacy than the individual ML models. This work paves the way for future research to detect the most potent volume-based and protocol-based DDoS attacks in SDN.