A Novel Machine Learning Framework for Advanced Attack Detection using SDN

Recently, software defined networks (SDN) has emerged as novel technology that leverages network programmability to facilitate network management. SDN provides a global view of the network, through a logically centralized component, called SDN controller, to strengthen network security. SDN separates the control plane from the data plane, which allows for a more control over the network and brings new capabilities to cope with the new emerging security threats (i.e., zero-day attacks). Existing attack detection schemes are facing obstacles due to high false positive rates, low detection performances, and high computational costs. To address these issues, we propose a multi-module Machine Learning (ML) framework that combines unsupervised ML techniques with a scalable feature collection and selection scheme to effectively/timely detect network security threats in the context of SDN. In particular, our proposed framework consists of: (1) a data flow collection module (DFC) to gather the features of network data in a scalable and efficient way using sFlow protocol; (2) an Information gain Feature Selection (IGF) module to select the most informative/relevant features to reduce training and testing time complexity; and (3) a novel unsupervised ML module that uses a novel outlier detection scheme, called Isolation Forest (ML-IF), to effectively/timely detect network security threats in SDN. The experimental results using the well-known public network security dataset UNSW-NB15, show that our proposed framework outperforms state-of-the-art contributions in terms of accuracy and detection rate while significantly reducing computational complexity; making it a promising framework to mitigate the new emerging network security threats in SDN.