Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach
| dc.authorid | Zavrak, Sultan/0000-0001-6950-8927 | |
| dc.contributor.author | Zavrak, Sultan | |
| dc.contributor.author | Iskefiyeli, Murat | |
| dc.date.accessioned | 2023-07-26T11:58:19Z | |
| dc.date.available | 2023-07-26T11:58:19Z | |
| dc.date.issued | 2023 | |
| dc.department | DÜ, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümü | en_US |
| dc.description.abstract | In this study, we present and implement the SAnDet (SDN anomaly detector) architecture, an anomaly-based intrusion detection system designed to take advantage of the capabilities offered by software-defined networking (SDN) architecture, as a controller application. The SAnDet system is composed of three modules: statistics collection, anomaly detection, and anomaly prevention. In particular, we utilize replicator neural networks (RNN), which is a specialized variant of the autoencoder, and the LSTM-based encoder-decoder (EncDecAD) method, which is a special type of long short-term memory (LSTM) network that has demonstrated a strong performance on data series particularly, to identify unknown attacks using flow features collected from OpenFlow switches. In our experiments, we utilize flow-based features extracted from network traffic data containing various types of attacks as input to our models in the form of time series. We evaluate the performance of our methods using the accuracy and area under the receiver operating characteristic curve (AUC) metrics. Our experimental results demonstrate that EncDecAD outperforms RNN and that our approach offers several benefits over previously conducted research. | en_US |
| dc.description.sponsorship | Scientific and Technological Research Council of Turkey (TUBITAK) [2211/C] | en_US |
| dc.description.sponsorship | S. Zavrak is supported by The Scientific and Technological Research Council of Turkey (TUBITAK) under 2211/C Ph.D. Scholarship Programme for Priority Areas. | en_US |
| dc.identifier.doi | 10.1007/s00521-023-08376-5 | |
| dc.identifier.issn | 0941-0643 | |
| dc.identifier.issn | 1433-3058 | |
| dc.identifier.scopus | 2-s2.0-85149292972 | en_US |
| dc.identifier.scopusquality | Q1 | en_US |
| dc.identifier.uri | https://doi.org/10.1007/s00521-023-08376-5 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12684/13458 | |
| dc.identifier.wos | WOS:000943603500001 | en_US |
| dc.identifier.wosquality | Q2 | en_US |
| dc.indekslendigikaynak | Web of Science | en_US |
| dc.indekslendigikaynak | Scopus | en_US |
| dc.institutionauthor | Zavrak, Sultan | |
| dc.language.iso | en | en_US |
| dc.publisher | Springer London Ltd | en_US |
| dc.relation.ispartof | Neural Computing & Applications | en_US |
| dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
| dc.rights | info:eu-repo/semantics/openAccess | en_US |
| dc.snmz | $2023V1Guncelleme$ | en_US |
| dc.subject | Intrusion Detection; Anomaly Detection; Deep Learning; Semi-Supervised Learning; Software-Defined Networks; Time Series Anomaly Detection | en_US |
| dc.subject | Detection System; Neural-Networks; Sdn; Mitigation | en_US |
| dc.title | Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach | en_US |
| dc.type | Article | en_US |
Dosyalar
Orijinal paket
1 - 1 / 1
Yükleniyor...
- İsim:
- 13458.pdf
- Boyut:
- 606.9 KB
- Biçim:
- Adobe Portable Document Format
- Açıklama:
- Tam Metin / Full Text
