Software Defined Network-Based Intrusion Detection in Cloud Environment Using Machine Learning
Keywords:
Intrusion Detection Systems, Software-Defined Networking, Machine LearningAbstract
The continued adoption of cloud services has led to a surge in demand for more secure cloud environments — while our traditional Intrusion Detection Systems (IDS) are simply not cutting it when it comes to addressing the inherently multi-machine nature and seriously elastic business growth potential that modern day Cloud computing infrastructures enable. This feature proposes a novel technique by integrating machine learning (ML) with Software-Deined Networking principles to establish an eicient and reliable IDS framework applicable in cloud environments. With SDN controllers as a central system for network administration, the system facilitates real-time capture and analysis of packet data across an entire cloud infrastructure. The models are based on ML, which is trained to identify patterns and better find anomalies or abnormalities that could some underlying intrusion/ attack Africa in case. The framework improves cloud security by calibrating network policies on the fly and responding in real time to detected threats as well providing total, live visibility of their entire set-up across any Cloud. Extensive performance evaluations show that the proposed approach substantially outperforms previous methods, and produces 99.44% detection accuracy as well as much better precision recall F-score results compared to baseline methods in a real-world case study. Our results demonstrate the ability of proposed framework to tackle complexity faced in cloud security, and provide scaleable solution protecting clouds from new age cyber threats. The work presented in this article conclusively shows how to apply machine learning on network security monitoring using SDN (Software Defined Network) technologies which, I believe is a major new research direction for future secure cloud architecture developments.
Downloads
References
Kiswani, J. H., Dascalu, S. M., & Harris Jr, F. C. (2021). Cloud computing and its applications: A comprehensive survey. International Journal of Computer Applications IJCA, 28(1), 3-24.
Attou, H., Mohy-eddine, M., Guezzaz, A., Benkirane, S., Azrour, M., Alabdultif, A., & Almusallam, N. (2023). Towards an intelligent intrusion detection system to detect malicious activities in cloud computing. Applied Sciences, 13(17), 9588.
Alzahrani, A. O., & Alenazi, M. J. (2021). Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet, 13(5), 111.
Liu, Z., Xu, B., Cheng, B., Hu, X., & Darbandi, M. (2022). Intrusion detection systems in the cloud computing: A comprehensive and deep literature review. Concurrency and Computation: Practice and Experience, 34(4), e6646.
Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., & Rida, M. (2016, September). A survey of intrusion detection systems for cloud computing environment. In 2016 international conference on engineering & MIS (ICEMIS) (pp. 1-13). IEEE.
Ibrahim, O. J., & Bhaya, W. S. (2021, February). Intrusion detection system for cloud-based software-defined networks. In Journal of Physics: Conference Series (Vol. 1804, No. 1, p. 012007). IOP Publishing.
Vaid, P., Bhadu, S. K., & Vaid, R. M. (2021, July). Intrusion detection system in software defined network using machine learning approach-survey. In 2021 6th International Conference on Communication and Electronics Systems (ICCES) (pp. 803-807). IEEE.
Schueller, Q., Basu, K., Younas, M., Patel, M., & Ball, F. (2018, November). A hierarchical intrusion detection system using support vector machine for SDN network in cloud data center. In 2018 28th International Telecommunication Networks and Applications Conference (ITNAC) (pp. 1-6). IEEE.
Kranthi, S., Kanchana, M., & Suneetha, M. (2022). A study of IDS-based software-defined networking by using machine learning concept. In Advances in Data and Information Sciences: Proceedings of ICDIS 2021 (pp. 65-79). Singapore: Springer Singapore.
Hande, Y., & Muddana, A. (2021). A survey on intrusion detection system for software defined networks (SDN). In Research Anthology on Artificial Intelligence Applications in Security (pp. 467-489). IGI Global.
Abbasi, A. A., Abbasi, A., Shamshirband, S., Chronopoulos, A. T., Persico, V., & Pescapè, A. (2019). Software-defined cloud computing: A systematic review on latest trends and developments. Ieee Access, 7, 93294-93314.
Logeswari, G., Bose, S., & Anitha, T. J. I. A. (2023). An intrusion detection system for sdn using machine learning. Intelligent Automation & Soft Computing, 35(1), 867-880.
Sudar, K. M., & Deepalakshmi, P. (2020). Comparative study on IDS using machine learning approaches for software defined networks. International Journal of Intelligent Enterprise, 7(1-3), 15-27.
Rengaraju, P., Ramanan, V. R., & Lung, C. H. (2017, August). Detection and prevention of DoS attacks in Software-Defined Cloud networks. In 2017 IEEE Conference on Dependable and Secure Computing (pp. 217-223). IEEE.
Bhardwaj, A., Tyagi, R., Sharma, N., Khare, A., Punia, M. S., & Garg, V. K. (2022). Network intrusion detection in software defined networking with self-organized constraint-based intelligent learning framework. Measurement: Sensors, 24, 100580.
Iqbal, M., Iqbal, F., Mohsin, F., Rizwan, M., & Ahmad, F. (2019). Security issues in software defined networking (SDN): risks, challenges and potential solutions. International Journal of Advanced Computer Science and Applications, 10(10), 298-303.
Chi, Y., Jiang, T., Li, X., & Gao, C. (2017, March). Design and implementation of cloud platform intrusion prevention system based on SDN. In 2017 IEEE 2nd international conference on big data analysis (ICBDA) (pp. 847-852). IEEE.
Brugman, J., Khan, M., Kasera, S., & Parvania, M. (2019, November). Cloud based intrusion detection and prevention system for industrial control systems using software defined networking. In 2019 Resilience Week (RWS) (Vol. 1, pp. 98-104). IEEE.
Danish Raza. (2021). Software Defined Networking (SDN) and Cloud Computing. URL: https://medium.com/@danish_raza/software-defined-networks-sdn-7b5e3c25ba97 [Accessed on 19-07-2024].
What Is Software Defined Networking? Definition & FAQs. URL: https://medium.com/@danish_raza/software-defined-networks-sdn-7b5e3c25ba97 [Accessed on 19-07-2024].
Ribeiro, A. D. R. L., Santos, R. Y. C., & Nascimento, A. C. A. (2021, April). Anomaly detection technique for intrusion detection in sdn environment using continuous data stream machine learning algorithms. In 2021 IEEE international systems conference (SysCon) (pp. 1-7). IEEE.
Kumar, G., & Alqahtani, H. (2023). Machine Learning Techniques for Intrusion Detection Systems in SDN-Recent Advances, Challenges and Future Directions. CMES-Computer Modeling in Engineering & Sciences, 134(1).
Melvin, A., Kathrine, G. J., & Johnraja, J. I. (2021, January). The practicality of using virtual machine introspection technique with machine learning algorithms for the detection of intrusions in cloud. In Proceedings of the First International Conference on Advanced Scientific Innovation in Science, Engineering and Technology, ICASISET 2020, 16-17 May 2020, Chennai, India.
Isa, M. M., & Mhamdi, L. (2020, October). Native SDN intrusion detection using machine learning. In 2020 IEEE eighth international conference on communications and networking (ComNet) (pp. 1-7). IEEE.
Le, L. T., & Thinh, T. N. (2021, December). On the improvement of machine learning based intrusion detection system for SDN networks. In 2021 8th NAFOSTED Conference on Information and Computer Science (NICS) (pp. 464-469). IEEE.
Ma, R., Wang, Q., Bu, X., & Chen, X. (2023). Real-Time Detection of DDoS Attacks Based on Random Forest in SDN. Applied Sciences, 13(13), 7872.
Indira, K., & Sakthi, U. (2020). A hybrid intrusion detection system for sdwsn using random forest (RF) machine learning approach. International Journal of Advanced Computer Science and Applications, 11(2).
Dey, S. K., & Rahman, M. M. (2019). Effects of machine learning approach in flow-based anomaly detection on software-defined networking. Symmetry, 12(1), 7.
Wang, P., Chao, K. M., Lin, H. C., Lin, W. H., & Lo, C. C. (2016, November). An efficient flow control approach for SDN-based network threat detection and migration using support vector machine. In 2016 IEEE 13th international conference on e-business engineering (ICEBE) (pp. 56-63). IEEE.
Phan, T. V., & Park, M. (2019). Efficient distributed denial-of-service attack defense in SDN-based cloud. IEEE Access, 7, 18701-18714.
RM, B., K Mewada, H., & BR, R. (2022). Hybrid machine learning approach based intrusion detection in cloud: A metaheuristic assisted model. Multiagent and Grid Systems, 18(1), 21-43.
Devi, D. N., Sreenivasulu, K., & Janardhan, M. (2024). Detection and Prevention of DDoS Attacks in Software-Defined Cloud Networks Using Advanced Support Vector Machine. In Disruptive technologies in Computing and Communication Systems (pp. 46-51). CRC Press.
Sultana, N., Chilamkurti, N., Peng, W., & Alhadad, R. (2019). Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Networking and Applications, 12(2), 493-501.
Shaji, N. S., Muthalagu, R., & Pawar, P. M. (2024). SD-IIDS: intelligent intrusion detection system for software-defined networks. Multimedia Tools and Applications, 83(4), 11077-11109.
Abou El Houda, Z., Senhaji Hafid, A., & Khoukhi, L. (2021). A novel unsupervised learning method for intrusion detection in software-defined networks. In Computational Intelligence in Recent Communication Networks (pp. 103-117). Cham: Springer International Publishing.
Peng, H., Sun, Z., Zhao, X., Tan, S., & Sun, Z. (2018). A detection method for anomaly flow in software defined network. IEEE Access, 6, 27809-27817.
Xie, J., Yu, F. R., Huang, T., Xie, R., Liu, J., Wang, C., & Liu, Y. (2018). A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges. IEEE Communications Surveys & Tutorials, 21(1), 393-430.
Ashraf, J., & Latif, S. (2014, November). Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques. In 2014 National software engineering conference (pp. 55-60). IEEE.
Braga, R., Mota, E., & Passito, A. (2010, October). Lightweight DDoS flooding attack detection using NOX/OpenFlow. In IEEE local computer network conference (pp. 408-415). IEEE.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.
