An Efficient Signature and Flow Statistics-Based Anomaly Detection System by Using Software-Defined Networking for the Internet Of Things

Abstract

Software Defined Networking (SDN) decouples the control and data plane. SDN approach enables the network administrator to respond quickly to the essential requirements from a centralized controller. SDN provides a novel networking structure of network flow management, which has made precise and accurate anomaly detection. In SDN the whole network can be managed by only one command. Hence, if an SDN switch is compromised by the attacker then the whole network can be compromised by the command of an attacker. The problem with the signature-based anomaly detector is that it can be fooled by an unknown attack. However, the conventional machine learning based anomaly identifier resides at central controller may overload the controller, as it is inefficient to process each and every packet at the central controller. This research proposes a 2-stage anomaly identifier by using machine-learning techniques. The 2-stage anomaly identifier approach reduces the packet level processing and anomaly detection at the central controller. For evaluation, the proposed model compares with several supervised machine-learning algorithms by using a publicly available dataset. The experimental result shows support for the DPTCM-KNN algorithm for stage-1 FB (flow-based) anomaly identifier. A decision-tree-based machine learning approach is used for Classification and Regression Tree (CART) for stage-2 PB (packet-based) anomaly identifier and proved that the proposed solution promises a reduction in false positive marked anomalous flow by processing its packets at anomaly identifier stage 2 compared to a single stage anomaly identifier.