Deep Learning SDN Intrusion Detection Scheme Based on TW-Pooling
Qingyue Meng*, Shihui Zheng*, and Yongmei Cai**
*School of Cyberspace Security, Beijing University of Posts and Telecommunications
West TuCheng Road 10, Haidian, Beijing 100876, China
**School of Computer Science and Engineering, Xinjiang University of Finance and Economics
No.449 Beijing Middle Road, Urumqi, Xinjiang Uygur Autonomous Region 830026, China
The numerical control separation in the Software-Defined Network (SDN) allows the control plane to have the absolute management rights of the network. As a new management plane of the SDN, once it is attacked, it will cause the entire network to face flaws. For this reason, this paper proposes a SDN control plane attack detection scheme based on deep learning, which can detect and respond to attacks on the SDN control plane in time. In this scenario, we propose a new pooling scheme that uses the TF-IDF idea to weight the characteristics of network traffic. Ultimately, our method achieved an accuracy of 99.8% in the SDN network’s traffic data set including 24 attack types.
-  I. Ahmad, S. Namal, M Ylianttila et al., “Security in Software Defined Networks: A Survey,” IEEE Communications Surveys & Tutorials, Vol.17, No.4, pp. 2317-2346, 2015.
-  J. M. Dover, “A denial of service attack against the Open Floodlight SDN controller,” Dover Networks, Tech. Rep., 2013.
-  T. V. Tran and H. Ahn, “Flowtracker: A SDN Stateful Firewall Solution with Adaptive Connection Tracking and Minimized Controller Processing,” Int. Conf. on Software Networking, IEEE, pp. 1-5, 2016.
-  N. N. Dao, J. Park, M. Park et al., “A feasible method to combat against DDoS attack in SDN network,” Int. Conf. on Information Networking, IEEE, pp. 309-311, 2015.
-  S. Padmaja and V. Vetriselvi, “Mitigation of switch-DoS in software defined network,” Int. Conf. on Information Communication and Embedded Systems, IEEE, 2016.
-  Hou, “Research on DoS Attack Detection Technology Based on SDN,” Beijing Jiaotong University, 2016.
-  L. Dridi and M. F. Zhani, “SDN-Guard: DoS Attacks Mitigation in SDN Networks,” IEEE Int. Conf. on Cloud Networking, IEEE, 2016.
-  T. Wang and H. Chen, “SGuard: A lightweight SDN safe-guard architecture for DoS attacks,” China Communications, Vol.14, No.6, pp. 113-125, 2017.
-  K. He, G. Gkioxari, P. Dollár et al., “Mask R-CNN,” arXiv:1703.06870, 2017.
-  Y. Huang, X. Sun, M. Lu et al., “Channel-Max, Channel-Drop and Stochastic Max-pooling,” 2015 IEEE Conf. on Computer Vision and Pattern Recognition Workshops (CVPRW), pp. 9-17, 2015.
-  M. Cai, Y. Shi, and J. Liu, “Stochastic pooling maxout networks for low-resource speech recognition,” 2014 IEEE Int. Conf. on Acoustics, Speech and Signal Processing (ICASSP), pp. 3266-3270, 2014.
-  Y. Li and B. Shen, “Research on sentiment analysis of microblogging based on LSA and TF-IDF,” IEEE Int. Conf. on Computer and Communications, IEEE, pp. 2584-2588, 2017.
-  N. Paulauskas and J. Auskalnis, “Analysis of data pre-processing influence on intrusion detection using NSL-KDD dataset,” Electrical, Electronic and Information Sciences, IEEE, pp. 1-5, 2017.
-  M. S. Pervez and D. M. Farid, “Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs,” Int. Conf. on Software, Knowledge, Information Management and Applications, IEEE, pp. 1-6, 2015.
-  B. Ingre and A. Yadav, “Performance analysis of NSL-KDD dataset using ANN,” Int. Conf. on Signal Processing and Communication Engineering Systems, IEEE, pp. 92-96, 2015.
-  M. F. Azeem and A. Banakar, “Recurrent Sigmoid-Wavelet Neurons for Forecasting of Dynamic Systems,” IEEE Int. Conf. on Information Reuse and Integration, IEEE, pp. 556-562, 2007.
-  A. Krizhevsky, I. Sutskever, and G. E. Hinton, “ImageNet classification with deep convolutional neural networks,” Int. Conf. on Neural Information Processing Systems, Curran Associates Inc., pp. 1097-1105, 2012.