z-logo
Premium
Security anomaly detection in software‐defined networking based on a prediction technique
Author(s) -
Jafarian Tohid,
Masdari Mohammad,
Ghaffari Ali,
Majidzadeh Kambiz
Publication year - 2020
Publication title -
international journal of communication systems
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.344
H-Index - 49
eISSN - 1099-1131
pISSN - 1074-5351
DOI - 10.1002/dac.4524
Subject(s) - computer science , openflow , denial of service attack , anomaly detection , software defined networking , malware , netflow , data mining , constant false alarm rate , vulnerability (computing) , software , network security , controller (irrigation) , real time computing , computer network , artificial intelligence , computer security , the internet , world wide web , programming language , biology , agronomy
Summary Nowadays, software‐defined networking (SDN) is regarded as the best solution for the centralized handling and monitoring of large networks. However, it should be noted that SDN architecture suffers from the same security issues, which are the case with common networks. As a case in point, one of the shortcomings of SDNs is related to its high vulnerability to distributed denial of service (DDoS) attacks and other similar ones. Indeed, anomaly detection systems have been considered to deal with these attacks. The challenges are related to designing these systems including gathering data, extracting effective features, and selecting the best model for anomaly detection. In this paper, a novel combined approach is proposed; this method uses NetFlow protocol for gathering information and generating dataset, information gain ratio (IGR), in order to select the effective and relevant features and ensemble learning scheme (Stacking) for developing a structure with desirable performance and efficiency for detecting anomaly in SDN environment. The results obtained from the experiments revealed that the proposed method performs better than other methods in terms of enhancing accuracy (AC) and detection rate (DR) and reducing classification error (CE) and false alarm rate (FAR). The AC, DR, CE, and FAR of the proposed model were measured as 99.92%, 99.83%, 0.08%, and 0.03%, respectively. Furthermore, the proposed method prevents the occurrence of excessive overload on the controller and OpenFlow.

This content is not available in your region!

Continue researching here.

Having issues? You can contact us here