Statistical Analysis Based Intrusion Detection System for Ultra-High-Speed Software Defined Network

IF 0.9 4区计算机科学 Q3 COMPUTER SCIENCE, THEORY & METHODS

International Journal of Parallel Programming Pub Date : 2021-08-09 DOI:10.1007/s10766-021-00715-0

Talha Naqash, Sajjad Hussain Shah, Muhammad Najam Ul Islam

{"title":"Statistical Analysis Based Intrusion Detection System for Ultra-High-Speed Software Defined Network","authors":"Talha Naqash, Sajjad Hussain Shah, Muhammad Najam Ul Islam","doi":"10.1007/s10766-021-00715-0","DOIUrl":null,"url":null,"abstract":"<p>Internet users and internet services are increasing day by day, which increases the internet traffic from zeta-bytes to petabytes with ultra-high-speed. Different types of architecture are implemented to handle high-speed data traffic. The two layers approach of the Software-Defined Network (SDN) architecture converts classical network architecture to consistent, centralized controllable network architecture with programming ability. On the other hand, network security is still the main concern for the network administrator and detection of malicious internet packets in ultra-high-speed traffic of the programmable network. Therefore, in this paper, we proposed a Statistical Analysis Based Intrusion Detection System (SABIDS) by using Machine Learning (ML) approach. The key idea is to implement the SABIDS inside the (RYU) controller that will statistically analyse the high-speed internet traffic flows and block the identified packet generator IP automatically. The SABIDS scheme consists of 3 modules, (1) fetch the runtime flow statistics, (2) Identify the nature of the flow by statistical and pattern match techniques, (3) Block the malicious flow’s source IP. Different types of ML classifiers are used to evaluate the performance of the scheme. This scheme enables the SDN controller to detect malicious traffic and avoid potential losses like system failure or risk of being an attack.</p>","PeriodicalId":14313,"journal":{"name":"International Journal of Parallel Programming","volume":"9 S1","pages":""},"PeriodicalIF":0.9000,"publicationDate":"2021-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Parallel Programming","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10766-021-00715-0","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 2

Abstract

Internet users and internet services are increasing day by day, which increases the internet traffic from zeta-bytes to petabytes with ultra-high-speed. Different types of architecture are implemented to handle high-speed data traffic. The two layers approach of the Software-Defined Network (SDN) architecture converts classical network architecture to consistent, centralized controllable network architecture with programming ability. On the other hand, network security is still the main concern for the network administrator and detection of malicious internet packets in ultra-high-speed traffic of the programmable network. Therefore, in this paper, we proposed a Statistical Analysis Based Intrusion Detection System (SABIDS) by using Machine Learning (ML) approach. The key idea is to implement the SABIDS inside the (RYU) controller that will statistically analyse the high-speed internet traffic flows and block the identified packet generator IP automatically. The SABIDS scheme consists of 3 modules, (1) fetch the runtime flow statistics, (2) Identify the nature of the flow by statistical and pattern match techniques, (3) Block the malicious flow’s source IP. Different types of ML classifiers are used to evaluate the performance of the scheme. This scheme enables the SDN controller to detect malicious traffic and avoid potential losses like system failure or risk of being an attack.

查看原文本刊更多论文

基于统计分析的超高速软件定义网络入侵检测系统

互联网用户和互联网服务日益增加，使得互联网流量从zeta字节以超高速增长到pb字节。实现了不同类型的体系结构来处理高速数据流量。SDN (Software-Defined Network)体系结构的两层方法将经典的网络体系结构转化为一致的、集中的、可控的、具有编程能力的网络体系结构。另一方面，在可编程网络的超高速流量中，网络安全仍然是网络管理员和恶意互联网数据包检测的主要关注点。因此，本文采用机器学习的方法，提出了一种基于统计分析的入侵检测系统(SABIDS)。关键思想是在(RYU)控制器内部实现SABIDS，该控制器将统计分析高速互联网流量并自动阻止识别的数据包生成器IP。SABIDS方案由3个模块组成，(1)获取运行时流量统计信息，(2)通过统计和模式匹配技术识别流量性质，(3)阻断恶意流量的源IP。使用不同类型的ML分类器来评估方案的性能。该方案使SDN控制器能够检测恶意流量，避免系统故障或被攻击的风险等潜在损失。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Parallel Programming 工程技术-计算机：理论方法

CiteScore

4.40

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： International Journal of Parallel Programming is a forum for the publication of peer-reviewed, high-quality original papers in the computer and information sciences, focusing specifically on programming aspects of parallel computing systems. Such systems are characterized by the coexistence over time of multiple coordinated activities. The journal publishes both original research and survey papers. Fields of interest include: linguistic foundations, conceptual frameworks, high-level languages, evaluation methods, implementation techniques, programming support systems, pragmatic considerations, architectural characteristics, software engineering aspects, advances in parallel algorithms, performance studies, and application studies.