Deep Learning Approach for SDN-Enabled Intrusion Detection System in IoT Networks
<p>Proposed LSTM architecture for network attacks classification in SDN IoT Network.</p> "> Figure 2
<p>DS1 Features [<a href="#B41-information-14-00041" class="html-bibr">41</a>].</p> "> Figure 3
<p>Accuracy loss plots of DDN on Dataset DS1. (<b>a</b>) DNN binary classification; (<b>b</b>) DNN multi-class classification.</p> "> Figure 4
<p>Accuracy loss plots of CNN on Dataset DS1. (<b>a</b>) CNN binary classification; (<b>b</b>) CNN multi-class classification.</p> "> Figure 5
<p>Accuracy loss plots of LSTM on dataset DS1. (<b>a</b>) LSTM binary classification; (<b>b</b>) LSTM multi-class classification.</p> "> Figure 6
<p>Accuracy comparison of the SVM and DL models used on Dataset DS1. (<b>a</b>) Accuracy comparison of models for binary classification. (<b>b</b>) Accuracy comparison of models for multi-class classification.</p> "> Figure 7
<p>ROC Characteristics of the proposed model—binary classification.</p> "> Figure 8
<p>ROC Characteristics of the proposed model—multiclass classification.</p> "> Figure 9
<p>t-SNE of the proposed model for binary classification.</p> "> Figure 10
<p>t-SNE of the proposed model for multiclass classification.</p> ">
Abstract
:1. Introduction
- Utilize various DL architectures for detecting network attacks with SDN-based intrusion detection systems in IoT networks.
- Comparative performance analysis of DL architectures along with classical approach support vector machine (SVM) is performed for network attack detection.
- Detailed investigation and analysis of the proposed approach for effective detection and classification of IoT attacks.
- t-SNE feature visualization for the hidden layer of the proposed approach is conducted to ensure that the learned features are meaningful for the detection and classification of SDN IoT attacks.
- To show that the proposed method is generalizable to handle various SDN attacks and robust, the performance analysis was conducted on two different SDN IoT datasets.
2. Literature Survey
3. Proposed DL Based Approach for SDNIoT Environment
3.1. Selection of the Deep Learning Model
3.2. Description of Proposed Deep Learning Model
Algorithm 1: Network traffic multiclass classification in IoT network |
4. Datasets Description
5. Experimental Evaluation and Discussion
5.1. Software and Hardware Preliminaries
5.2. Evaluation Metrics
- True Positive (TP)—A sample belonging to the Attack class is correctly predicted as Attack by the model
- False Positive (FP)—A sample belonging to the Attack class is predicted as Normal by the model
- True Negative (TN)—A sample belonging to the Normal class is correctly predicted as Normal by the model
- False Negative (FN)—A sample belonging to Normal traffic is predicted as an Attack by the model.
5.3. t-SNE Feature Visualization
5.4. Generalization of Our Model
5.5. Performance Comparison with Existing Works
5.6. Advantages and Limitations of the Proposed Approach
6. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Maddikunta, P.K.R.; Gadekallu, T.R.; Kaluri, R.; Srivastava, G.; Parizi, R.M.; Khan, M.S. Green communication in IoT networks using a hybrid optimization algorithm. Comput. Commun. 2020, 159, 97–107. [Google Scholar] [CrossRef]
- Lee, I.; Lee, K. The Internet of Things (IoT): Applications, investments, and challenges for enterprises. Bus. Horizons 2015, 58, 431–440. [Google Scholar] [CrossRef]
- Farhady, H.; Lee, H.; Nakao, A. Software-defined networking: A survey. Comput. Netw. 2015, 81, 79–95. [Google Scholar] [CrossRef]
- Boppana, R.V.; Chaganti, R.; Vedula, V. Analyzing the vulnerabilities introduced by ddos mitigation techniques for software-defined networks. In National Cyber Summit; Springer: Berlin/Heidelberg, Germany, 2019; pp. 169–184. [Google Scholar]
- Kaur, N.; Singh, A.K.; Kumar, N.; Srivastava, S. Performance impact of topology poisoning attack in SDN and its countermeasure. In Proceedings of the 10th International Conference on Security of Information and Networks, Jaipur, India, 13–15 October 2017; pp. 179–184. [Google Scholar]
- Javed, A.R.; Ahmed, W.; Alazab, M.; Jalil, Z.; Kifayat, K.; Gadekallu, T.R. A Comprehensive Survey on Computer Forensics: State-of-the-Art, Tools, Techniques, Challenges, and Future Directions. IEEE Access 2022, 10, 11065–11089. [Google Scholar] [CrossRef]
- Agrawal, S.; Sarkar, S.; Alazab, M.; Maddikunta, P.K.R.; Gadekallu, T.R.; Pham, Q.V. Genetic CFL: Hyperparameter optimization in clustered federated learning. Comput. Intell. Neurosci. 2021, 2021, 7156420. [Google Scholar] [CrossRef] [PubMed]
- Agrawal, S.; Sarkar, S.; Aouedi, O.; Yenduri, G.; Piamrat, K.; Alazab, M.; Bhattacharya, S.; Maddikunta, P.K.R.; Gadekallu, T.R. Federated learning for intrusion detection system: Concepts, challenges and future directions. Comput. Commun. 2022, 195, 346–361. [Google Scholar] [CrossRef]
- RM, S.P.; Maddikunta, P.K.R.; Parimala, M.; Koppu, S.; Gadekallu, T.R.; Chowdhary, C.L.; Alazab, M. An effective feature engineering for DNN using hybrid PCA-GWO for intrusion detection in IoMT architecture. Comput. Commun. 2020, 160, 139–149. [Google Scholar]
- Rathore, H.; Agarwal, S.; Sahay, S.K.; Sewak, M. Malware detection using machine learning and deep learning. In Proceedings of the International Conference on Big Data Analytics, Warangal, India, 18–21 December 2018; Springer: Berlin/Heidelberg, Germany, 2018; pp. 402–411. [Google Scholar]
- Sangkatsanee, P.; Wattanapongsakorn, N.; Charnsripinyo, C. Practical real-time intrusion detection using machine learning approaches. Comput. Commun. 2011, 34, 2227–2235. [Google Scholar] [CrossRef]
- Ravi, V.; Chaganti, R.; Alazab, M. Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system. Comput. Electr. Eng. 2022, 102, 108156. [Google Scholar] [CrossRef]
- Ravi, V.; Chaganti, R.; Alazab, M. Deep Learning Feature Fusion Approach for an Intrusion Detection System in SDN-Based IoT Networks. IEEE Internet Things Mag. 2022, 5, 24–29. [Google Scholar] [CrossRef]
- Khan, R.U.; Zhang, X.; Kumar, R.; Sharif, A.; Golilarz, N.A.; Alazab, M. An adaptive multi-layer botnet detection technique using machine learning classifiers. Appl. Sci. 2019, 9, 2375. [Google Scholar] [CrossRef]
- Vinayakumar, R.; Alazab, M.; Soman, K.; Poornachandran, P.; Venkatraman, S. Robust intelligent malware detection using deep learning. IEEE Access 2019, 7, 46717–46738. [Google Scholar] [CrossRef]
- Chaganti, R.; Ravi, V.; Pham, T.D. Image-based malware representation approach with EfficientNet convolutional neural networks for effective malware classification. J. Inf. Secur. Appl. 2022, 69, 103306. [Google Scholar] [CrossRef]
- Chaganti, R.; Ravi, V.; Pham, T.D. Deep Learning based Cross Architecture Internet of Things malware Detection and Classification. Comput. Secur. 2022, 120, 102779. [Google Scholar] [CrossRef]
- Ravi, V.; Alazab, M.; Srinivasan, S.; Arunachalam, A.; Soman, K. Adversarial defense: DGA-based botnets and DNS homographs detection through integrated deep learning. IEEE Trans. Eng. Manag. 2021, 70, 249–266. [Google Scholar] [CrossRef]
- Sriram, S.; Vinayakumar, R.; Alazab, M.; Soman, K. Network flow based IoT botnet attack detection using deep learning. In Proceedings of the IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Toronto, ON, Canada, 6–9 July 2020; pp. 189–194. [Google Scholar]
- Ravi, N.; Shalinie, S.M. Semisupervised-learning-based security to detect and mitigate intrusions in IoT network. IEEE Internet Things J. 2020, 7, 11041–11052. [Google Scholar] [CrossRef]
- Zhao, Y.; Li, Y.; Zhang, X.; Geng, G.; Zhang, W.; Sun, Y. A survey of networking applications applying the software defined networking concept based on machine learning. IEEE Access 2019, 7, 95397–95417. [Google Scholar] [CrossRef]
- Sultana, N.; Chilamkurti, N.; Peng, W.; Alhadad, R. Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 2019, 12, 493–501. [Google Scholar] [CrossRef]
- Mohammed, A.R.; Mohammed, S.A.; Shirmohammadi, S. machine learning and deep learning based traffic classification and prediction in software defined networking. In Proceedings of the 2019 IEEE International Symposium on Measurements & Networking (M&N), Catania, Italy, 8–10 July 2019; pp. 1–6. [Google Scholar]
- Dey, S.K.; Uddin, R.; Rahman, M. Performance analysis of SDN-based intrusion detection model with feature selection approach. In Proceedings of the International Joint Conference on Computational Intelligence, Budapest, Hungary, 2–4 November 2020; Springer: Berlin/Heidelberg, Germany, 2020; pp. 483–494. [Google Scholar]
- Nguyen, T.G.; Phan, T.V.; Nguyen, B.T.; So-In, C.; Baig, Z.A.; Sanguanpong, S. Search: A collaborative and intelligent nids architecture for sdn-based cloud iot networks. IEEE Access 2019, 7, 107678–107694. [Google Scholar] [CrossRef]
- Alzahrani, A.O.; Alenazi, M.J. Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet 2021, 13, 111. [Google Scholar] [CrossRef]
- Birkinshaw, C.; Rouka, E.; Vassilakis, V.G. Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks. J. Netw. Comput. Appl. 2019, 136, 71–85. [Google Scholar] [CrossRef]
- Sebbar, A.; Zkik, K.; Baddi, Y.; Boulmalf, M.; Kettani, M.D.E.C.E. MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context. J. Ambient. Intell. Humaniz. Comput. 2020, 11, 5875–5894. [Google Scholar] [CrossRef]
- Tang, T.A.; Mhamdi, L.; McLernon, D.; Zaidi, S.A.R.; Ghogho, M. Deep learning approach for network intrusion detection in software defined networking. In Proceedings of the 2016 IEEE International Conference on Wireless Networks and Mobile Communications (WINCOM), Fez, Morocco, 26–29 October 2016; pp. 258–263. [Google Scholar]
- Hannache, O.; Batouche, M.C. Neural network-based approach for detection and mitigation of DDoS attacks in SDN environments. Int. J. Inf. Secur. Priv. (IJISP) 2020, 14, 50–71. [Google Scholar] [CrossRef]
- Hande, Y.; Muddana, A. Intrusion detection system using deep learning for software defined networks (SDN). In Proceedings of the 2019 IEEE International Conference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, India, 27–29 November 2019; pp. 1014–1018. [Google Scholar]
- Tang, T.A.; Mhamdi, L.; McLernon, D.; Zaidi, S.A.R.; Ghogho, M.; El Moussa, F. DeepIDS: Deep learning approach for intrusion detection in software defined networking. Electronics 2020, 9, 1533. [Google Scholar] [CrossRef]
- Vailshery, L.S. Global IoT and Non-IoT Connections 2010–2025|Statista. 2021. Available online: https://www.statista.com/statistics/1101442/iot-number-of-connected-devices-worldwide/ (accessed on 13 September 2022).
- Wani, A.; Khaliq, R. SDN-based intrusion detection system for IoT using deep learning classifier (IDSIoT-SDL). CAAI Trans. Intell. Technol. 2021, 6, 281–290. [Google Scholar] [CrossRef]
- Li, J.; Zhao, Z.; Li, R.; Zhang, H. Ai-based two-stage intrusion detection for software defined iot networks. IEEE Internet Things J. 2018, 6, 2093–2102. [Google Scholar] [CrossRef] [Green Version]
- Tian, Q.; Han, D.; Hsieh, M.Y.; Li, K.C.; Castiglione, A. A two-stage intrusion detection approach for software-defined IoT networks. Soft Comput. 2021, 25, 10935–10951. [Google Scholar] [CrossRef]
- Vinayakumar, R.; Alazab, M.; Srinivasan, S.; Pham, Q.V.; Padannayil, S.K.; Simran, K. A visualized botnet detection system based deep learning for the internet of things networks of smart cities. IEEE Trans. Ind. Appl. 2020, 56, 4436–4456. [Google Scholar] [CrossRef]
- ElSayed, M.S.; Le-Khac, N.A.; Albahar, M.A.; Jurcut, A. A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique. J. Netw. Comput. Appl. 2021, 191, 103160. [Google Scholar] [CrossRef]
- Ye, J.; Cheng, X.; Zhu, J.; Feng, L.; Song, L. A DDoS attack detection method based on SVM in software defined network. Secur. Commun. Netw. 2018, 2018, 9804061. [Google Scholar] [CrossRef]
- Hadem, P.; Saikia, D.K.; Moulik, S. An SDN-based Intrusion Detection System using SVM with Selective Logging for IP Traceback. Comput. Netw. 2021, 191, 108015. [Google Scholar] [CrossRef]
- Sarica, A.K.; Angin, P. A Novel SDN Dataset for Intrusion Detection in IoT Networks. In Proceedings of the 2020 16th IEEE International Conference on Network and Service Management (CNSM), Izmir, Turkey, 2–6 November 2020; pp. 1–5. [Google Scholar]
- Jafarian, T. SDN-NF-TJ|IEEE DataPort. 2019. Available online: https://ieee-dataport.org/documents/sdn-nf-tj (accessed on 13 September 2022).
- Othman, S.M.; Ba-Alwi, F.M.; Alsohybe, N.T.; Al-Hashida, A.Y. Intrusion detection model using machine learning algorithm on Big Data environment. J. Big Data 2018, 5, 34. [Google Scholar] [CrossRef]
- Aiken, J.; Scott-Hayward, S. Investigating adversarial attacks against network intrusion detection systems in sdns. In Proceedings of the 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Dallas, TX, USA, 12–14 November 2019; pp. 1–7. [Google Scholar]
- Abusnaina, A.; Khormali, A.; Nyang, D.; Yuksel, M.; Mohaisen, A. Examining the robustness of learning-based ddos detection in software defined networks. In Proceedings of the 2019 IEEE Conference on Dependable and Secure Computing (DSC), Hangzhou, China, 18–20 November 2019; pp. 1–8. [Google Scholar]
- Qiu, H.; Dong, T.; Zhang, T.; Lu, J.; Memmi, G.; Qiu, M. Adversarial attacks against network intrusion detection in iot systems. IEEE Internet Things J. 2020, 8, 10327–10335. [Google Scholar] [CrossRef]
Network Environment | Dataset | Technique | Accuracy |
---|---|---|---|
SDN-based non-IoT [24] | NSL-KDD | Gain ratio, Random Forest | 81.9% |
SDN-based non-IoT [26] | NSL-KDD | XGBoost | 95.5% |
SDN-based noN-IoT [29] | NSL-KDD | DNN | 75.75% |
SDN-based non-IoT [38] | InSDN | CNN+RF | 97% |
SDN-based non-IoT [39] | Custom dataset | SVM | 95.24% |
SDN-based non-IoT [40] | NSL-KDD | SVM | 95.98% |
SDN-based non-IoT [30] | Custom dataset | Neural Network | 96.13% |
SDN-based non-IoT [34] | CSE-CIC-IDS2018 | IDSIoT-SDL | 96.05% |
SDN-based non-IoT [35] | KDDCup-99 | Bat Algorithm, Random Forest | 96.03% |
SDN-based non-IoT [36] | UNSW-NB15 | Improved firefly Algorithm, ensemble classifier | 88.46% |
SDN-based IoT (Proposed) | SDN-IoT, SDN-NF-TJ | LSTM | 97.1% |
Dataset | Attack | Normal |
---|---|---|
DS1 | 175,000 | 35,000 |
DS2 | 94,500 | 63,000 |
Label | Sample Count |
---|---|
Normal | 35,000 |
DoS | 35,000 |
DDoS | 35,000 |
Port Scanning | 35,000 |
OS Fingerprinting | 35,000 |
Fuzzing | 35,000 |
Architecture | Precision | Recall | F1-Score | Score |
---|---|---|---|---|
Binary | ||||
CNN-LSTM | 0.76 | 0.78 | 0.77 | Macro |
0.86 | 0.86 | 0.86 | Weighted | |
DNN | 0.97 | 0.94 | 0.95 | Macro |
0.97 | 0.97 | 0.97 | Weighted | |
CNN | 0.96 | 0.94 | 0.95 | Macro |
0.97 | 0.97 | 0.97 | Weighted | |
LSTM1 | 0.94 | 0.88 | 0.91 | Macro |
0.95 | 0.95 | 0.95 | Weighted | |
LSTM2 | 0.95 | 0.91 | 0.93 | Macro |
0.96 | 0.96 | 0.96 | Weighted | |
LSTM3 | 0.95 | 0.95 | 0.95 | Macro |
0.97 | 0.97 | 0.97 | Weighted | |
LSTM4 | 0.97 | 0.95 | 0.96 | Macro |
0.98 | 0.98 | 0.98 | Weighted | |
Multiclass | ||||
SVM | 0.86 | 0.86 | 0.86 | Macro |
0.86 | 0.86 | 0.86 | Weighted | |
DNN | 0.95 | 0.95 | 0.95 | Macro |
0.95 | 0.95 | 0.95 | Weighted | |
CNN | 0.96 | 0.96 | 0.96 | Macro |
0.96 | 0.96 | 0.96 | Weighted | |
LSTM1 | 0.78 | 0.77 | 0.76 | Macro |
0.78 | 0.77 | 0.76 | Weighted | |
LSTM2 | 0.88 | 0.88 | 0.88 | Macro |
0.88 | 0.88 | 0.88 | Weighted | |
LSTM3 | 0.95 | 0.95 | 0.95 | Macro |
0.95 | 0.95 | 0.95 | Weighted | |
LSTM4 | 0.97 | 0.97 | 0.97 | Macro |
0.97 | 0.97 | 0.97 | Weighted |
Predicted Classes | |||||||
---|---|---|---|---|---|---|---|
0 | 1 | 2 | 3 | 4 | 5 | ||
Actual Classes | 0 | 7320 | 161 | 85 | 593 | 297 | 1956 |
1 | 28 | 10,169 | 162 | 12 | 13 | 2 | |
2 | 109 | 146 | 10,261 | 20 | 26 | 101 | |
3 | 49 | 0 | 7 | 7606 | 2621 | 125 | |
4 | 517 | 10 | 1 | 1411 | 8348 | 348 | |
5 | 162 | 0 | 0 | 0 | 0 | 10,334 |
Predicted Classes | |||||||
---|---|---|---|---|---|---|---|
0 | 1 | 2 | 3 | 4 | 5 | ||
Actual Classes | 0 | 9602 | 2 | 10 | 346 | 282 | 170 |
1 | 0 | 10,351 | 33 | 1 | 1 | 0 | |
2 | 0 | 39 | 10,622 | 1 | 1 | 0 | |
3 | 193 | 2 | 0 | 9935 | 273 | 5 | |
4 | 335 | 2 | 2 | 36 | 10,251 | 9 | |
5 | 33 | 0 | 0 | 5 | 4 | 10,454 |
Precision | Recall | F1-Score | |
---|---|---|---|
0 | 1.00 | 1.00 | 1.00 |
1 | 1.00 | 1.00 | 1.00 |
macro avg | 1.00 | 1.00 | 1.00 |
weighted avg | 1.00 | 1.00 | 1.00 |
Precision | Recall | F1-Score | |
---|---|---|---|
0 | 0.60 | 1.00 | 0.75 |
1 | 0.00 | 0.00 | 0.00 |
macro avg | 0.30 | 0.50 | 0.37 |
weighted avg | 0.36 | 0.60 | 0.45 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Chaganti, R.; Suliman, W.; Ravi, V.; Dua, A. Deep Learning Approach for SDN-Enabled Intrusion Detection System in IoT Networks. Information 2023, 14, 41. https://doi.org/10.3390/info14010041
Chaganti R, Suliman W, Ravi V, Dua A. Deep Learning Approach for SDN-Enabled Intrusion Detection System in IoT Networks. Information. 2023; 14(1):41. https://doi.org/10.3390/info14010041
Chicago/Turabian StyleChaganti, Rajasekhar, Wael Suliman, Vinayakumar Ravi, and Amit Dua. 2023. "Deep Learning Approach for SDN-Enabled Intrusion Detection System in IoT Networks" Information 14, no. 1: 41. https://doi.org/10.3390/info14010041
APA StyleChaganti, R., Suliman, W., Ravi, V., & Dua, A. (2023). Deep Learning Approach for SDN-Enabled Intrusion Detection System in IoT Networks. Information, 14(1), 41. https://doi.org/10.3390/info14010041