Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach
Yükleniyor...
Dosyalar
Tarih
2023
Yazarlar
Dergi Başlığı
Dergi ISSN
Cilt Başlığı
Yayıncı
Springer London Ltd
Erişim Hakkı
info:eu-repo/semantics/openAccess
Özet
In this study, we present and implement the SAnDet (SDN anomaly detector) architecture, an anomaly-based intrusion detection system designed to take advantage of the capabilities offered by software-defined networking (SDN) architecture, as a controller application. The SAnDet system is composed of three modules: statistics collection, anomaly detection, and anomaly prevention. In particular, we utilize replicator neural networks (RNN), which is a specialized variant of the autoencoder, and the LSTM-based encoder-decoder (EncDecAD) method, which is a special type of long short-term memory (LSTM) network that has demonstrated a strong performance on data series particularly, to identify unknown attacks using flow features collected from OpenFlow switches. In our experiments, we utilize flow-based features extracted from network traffic data containing various types of attacks as input to our models in the form of time series. We evaluate the performance of our methods using the accuracy and area under the receiver operating characteristic curve (AUC) metrics. Our experimental results demonstrate that EncDecAD outperforms RNN and that our approach offers several benefits over previously conducted research.
Açıklama
Anahtar Kelimeler
Intrusion Detection; Anomaly Detection; Deep Learning; Semi-Supervised Learning; Software-Defined Networks; Time Series Anomaly Detection, Detection System; Neural-Networks; Sdn; Mitigation
Kaynak
Neural Computing & Applications
WoS Q Değeri
Q2
Scopus Q Değeri
Q1
