Towards a high-performance threat-aware system for software-defined networks

Abstract

With the rapid development of intelligent devices and high-speed networks, the popularity of Internet services and the Internet of Things (IoT) has been increasing significantly in the last decade. This leads to the explosion of data exchanged over the Internet, also known as the Big Data era, which has posed several challenges in preventing security threats, especially for intrusion detection systems (IDS) due to high data velocity. In this paper, we propose a Distributed Network Intrusion Detection System (DisIDS) that accurately detects security threats by gathering statistical information about flows from software-defined network (SDN) switches in real-time and identifying abnormal traffic patterns using a distributed machine learning model. Evaluation results on a simulated system show that our proposal could identify several security threats with high accuracy (94.7% f1-score) and a relatively low false alarm rate …