A Deep Transfer Learning Approach for Flow-Based Intrusion Detection in SDN-Enabled Network

Revolutionizing operation model of traditional network in programmability, scalability, and orchestration, Software-Defined Networking (SDN) has considered as a novel network management approach for a massive network with heterogeneous devices. However, it is also highly susceptible to security attacks like conventional network. Inspired from the success of different machine learning algorithms in other domains, many intrusion detection systems (IDS) are presented to identify attacks aiming to harm the network. In this paper, leveraging the flow-based nature of SDN, we introduce DeepFlowIDS, a deep learning (DL)-based approach for anomaly detection using the flow analysis method in SDN. Furthermore, instead of using a lot of network properties, we only utilize essential characteristics of traffic flows to analyze with deep neural networks in IDS. This is to reduce the computational and time cost of attack traffic detection. Besides, we also study the practical benefits of applying deep transfer learning from computer vision to intrusion detection. This method can inherit the knowledge of an effective DL model from other contexts to resolve another task in cybersecurity. Our DL-based IDSs are built and trained with the NSL-KDD and CICIDS2018 dataset in both fine-tuning and feature extractor strategy of transfer learning. Then, it is integrated with the SDN controller to analyze traffic flows retrieved from OpenFlow statistics to recognize the anomaly action in the network.