Designing a SDN-Based Intrusion Detection and Mitigation System Using Machine Learning Techniques

SDN is a network architectural approach that enables networks to be managed or designed in an intelligent, centralized manner via software applications. SDN enables network experts to efficiently monitor the network, control it from a single location, and rapidly identify malicious traffic and connection failure. Although it provides greater flexibility, security is also a concern with this software-based approach as intrusions could potentially shut down the entire network. Network intrusion detection and prevention systems can help protect networks from malicious data packets. Monitoring of real-time traffic is important to determine whether any suspicious activity is taking place on the network. The system looks for unusual patterns and behaviors, to identify potentially malicious packets, and prevents them from entering the network. Using machine learning techniques, a method is proposed to recognize and eliminate the intrusion presumably DDoS flood attacks from network traffic. The aim of this work is to replicate an SDN environment, find anomalies, and manage them. The dataset is built by extracting network features. The created SDN dataset is trained using various machine learning techniques. It is believed that this approach will be helpful in supporting future developments in the SDN and assuring network security. It is clear from the experimental results that the proposed system has the highest testing accuracy of 98.8%, the lowest false alarm rate, and the largest decision region when classifying traffic.