Enhancing SDN Traffic Analysis Through Machine Learning on Preprocessed Controller Flow Statistics and Packet Analysis Data
연구 분야: Networking
학회: SN Computer Science
초록
As an emerging technology, Software Defined Networks (SDN) has led to several vulnerabilities and risks, making it adoption challenging. Cyber threats in SDN include a wide range of malicious activities intended to exploit the architecture's centralized control and programming ability vulnerabilities. Adequate safety precautions for maintaining the stability of networks are required. Establishing an Intrusion Detection System (IDS) is vital in solving such issues, enabling real-time monitoring and classification of suspicious activity. Very few SDN-based datasets are available for attack detection. Hence, this study aims to generate two SDN-specific datasets, CSOR_SDN (Controller Statistics with Oftcl_Rest application for SDN) and WSCF_SDN (Wireshark Statistics with CicFlowmeter for SDN), from the network environment emulated using the Mininet and RYU controller by utilizing controller statistics and packet analysis data. The dataset generated with normal, DDoS (Distributed Denial of Service), DoS (Denial of Service), and probe attack flows is evaluated with multiple feature selection methods and Machine Learning (ML) classifiers to assess the complexity of the dataset. Correlation Coefficient-based feature selection (CFS) of filter methods is selected out of others with a Decision Tree (DT) classifier, capable of producing 100% results for the CSOR_SDN dataset with the least execution time in attack detection. For the proposed IDS, tenfold stratified cross-validation is performed with confidence interval assessment for the test dataset created on an enterprise network use case to highlight the scalability support of the model. A comparative analysis of both the dataset and its resource utilization is conducted to evaluate its feasibility.
📄 논문 정보
| 발행 연도 | 2025년 |
|---|---|
| 인용수 | 0 |
| 출판 국가 | Andorra |
| 사이트 | Springer |
| 좋아요 수 | 0 |