Intrusion Detection Using Extremely Limited Data Based on SDN

Matthew Banton, Nathan Shone, William Hurst, Qi Shi

Research output: Chapter in Book/Report/Conference proceedingConference paperAcademicpeer-review

Abstract

In Western Europe, the number of Internet connected devices is expected to increase from the 2.3 billion devices in 2017, to 4 billion in 2022. Dealing with this growth is an increasing problem for administrators attempting to ensure that Quality of Service levels are maintained. Software Defined Networking (SDN) has been proposed as one of the solutions to some of the problems caused by this increasing volume of data, such as the time it takes to manually reconfigure switches in response to changing network conditions. SDN moves the distributed networking paradigm to a centralised solution, which is easier to manage, but comes with other issues for security focused administrators. SDN can lead to a reduction in the amount of information available for Intrusion Detection Systems (IDSs). This is because IDSs still rely on direct packet sampling techniques, which can provide more information than the aggregated view of networks SDN flow tables provide. As deep learning and other artificial intelligence techniques look likely to become more commonplace in IDSs, this reduction in information becomes an increasing problem. Many of these methods require large training sets with many features. In this paper, we propose a method to correct this imbalance through the creation of a novel framework, which will allow upwards of 90% precision on the state of the art UNSW-NB15 dataset while only using a small fraction of the features available, matching those available within a SDN environment.

Original languageEnglish
Title of host publication2020 IEEE 10th International Conference on Intelligent Systems, IS 2020 - Proceedings
EditorsVassil Sgurev, Vladimir Jotsov, Rudolf Kruse, Mincho Hadjiski
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages304-309
Number of pages6
ISBN (Electronic)9781728154565
DOIs
Publication statusPublished - Aug 2020
Externally publishedYes
Event10th IEEE International Conference on Intelligent Systems, IS 2020 - Sofia, Bulgaria
Duration: 28 Aug 202030 Aug 2020

Publication series

Name2020 IEEE 10th International Conference on Intelligent Systems, IS 2020 - Proceedings

Conference

Conference10th IEEE International Conference on Intelligent Systems, IS 2020
CountryBulgaria
CitySofia
Period28/08/2030/08/20

Keywords

  • Deep Learning
  • IDS
  • SDN

Fingerprint Dive into the research topics of 'Intrusion Detection Using Extremely Limited Data Based on SDN'. Together they form a unique fingerprint.

Cite this