AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks

Software defined Internet of Things (SD-IoT) networks profit from centralized management and interactive resource sharing, which enhances the efficiency and scalability of Internet of Things applications. But with the rapid growth in services and applications, they are vulnerable to possible attacks and face severe security challenges. Intrusion detection has been widely used to ensure network security, but classical detection methods are usually signature-based or explicit-behavior-based and fail to detect unknown attacks intelligently, which makes it hard to satisfy the requirements of SD-IoT networks. In this paper, we propose an artificial intelligence-based two-stage intrusion detection empowered by software defined technology. It flexibly captures network flows with a global view and detects attacks intelligently. We first leverage Bat algorithm with swarm division and binary differential mutation to select typical features. Then, we exploit Random Forest through adaptively altering the weights of samples using the weighted voting mechanism to classify flows. Evaluation results prove that the modified intelligent algorithms select more important features and achieve superior performance in flow classification. It is also verified that our solution shows better accuracy with lower overhead compared with existing solutions.