A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments
Received: 16 December 2023 | Revised: 2 January 2024 | Accepted: 10 January 2024 | Online: 12 February 2024
Corresponding author: Harman Yousif Ibrahim Khalid
Abstract
Software Defined Networking (SDN) threats make network components vulnerable to cyber-attacks, creating obstacles for new model development that necessitate innovative security countermeasures, like Intrusion Detection Systems (IDSs). The centralized SDN controller, which has global view and control over the whole network and the availability of processing and storing capabilities, makes the deployment of artificial intelligence-based IDS in controllers a hot topic in the research community to resolve security issues. In order to develop effective AI-based IDSs in an SDN environment, there must be a high-quality dataset for training the model to offer effective and accurate attack prediction. There are some intrusion detection datasets used by researchers, but those datasets are either outdated or incompatible with the SDN environment. In this survey, an overview of the published work was conducted using the InSDN dataset from 2020 to 2023. Also, research challenges and future work for further research on IDS issues when deployed in an SDN environment are discussed, particularly when employing machine learning and deep learning models. Moreover, possible solutions for each issue are provided to help the researchers carry out and develop new methods of secure SDN.
Keywords:
software defined networking, InSDN, intrusion detection systems, network security, datasetsDownloads
References
L. Kou, S. Ding, T. Wu, W. Dong, and Y. Yin, "An Intrusion Detection Model for Drone Communication Network in SDN Environment," Drones, vol. 6, no. 11, Nov. 2022, Art. no. 342.
H. Y. I. Khalid, P. M. Ismael, and A. B. Al-Khalil, "Efficient Mechanism for Securing Software Defined Network against Arp Spoofing Attack," The Journal of Duhok University, vol. 22, no. 1, pp. 124–131, Nov. 2019.
O. E. Tayfour and M. N. Marsono, "Collaborative detection and mitigation of DDoS in software-defined networks," The Journal of Supercomputing, vol. 77, no. 11, pp. 13166–13190, Nov. 2021.
T. A. Tang, D. McLernon, L. Mhamdi, S. A. R. Zaidi, and M. Ghogho, "Intrusion Detection in SDN-Based Networks: Deep Recurrent Neural Network Approach," in Deep Learning Applications for Cyber Security, M. Alazab and M. Tang, Eds. New York, NY, USA: Springer, 2019, pp. 175–195.
H. Y. Ibrahim, P. M. Ismael, A. A. Albabawat, and A. B. Al-Khalil, "A Secure Mechanism to Prevent ARP Spoofing and ARP Broadcasting in SDN," in International Conference on Computer Science and Software Engineering, Duhok, Iraq, Apr. 2020, pp. 13–19.
D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, "Software-Defined Networking: A Comprehensive Survey," Proceedings of the IEEE, vol. 103, no. 1, pp. 14–76, Jan. 2015.
M. S. ElSayed, N.-A. Le-Khac, M. A. Albahar, and A. Jurcut, "A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique," Journal of Network and Computer Applications, vol. 191, Oct. 2021, Art. no. 103160.
G. Logeswari, S. Bose, and T. Anitha, "An Intrusion Detection System for SDN Using Machine Learning," Intelligent Automation & Soft Computing, vol. 35, no. 1, pp. 867–880, 2023.
T. A. Tang, L. Mhamdi, D. McLernon, S. A. R. Zaidi, and M. Ghogho, "Deep learning approach for Network Intrusion Detection in Software Defined Networking," in International Conference on Wireless Networks and Mobile Communications, Fez, Morocco, Oct. 2016, pp. 258–263.
H.-M. Chuang, F. Liu, and C.-H. Tsai, "Early Detection of Abnormal Attacks in Software-Defined Networking Using Machine Learning Approaches," Symmetry, vol. 14, no. 6, Jun. 2022, Art. no. 1178.
S. Wang et al., "Detecting flooding DDoS attacks in software defined networks using supervised learning techniques," Engineering Science and Technology, an International Journal, vol. 35, Nov. 2022, Art. no. 101176.
M. Said Elsayed, N.-A. Le-Khac, S. Dev, and A. D. Jurcut, "Network Anomaly Detection Using LSTM Based Autoencoder," in 16th ACM Symposium on QoS and Security for Wireless and Mobile Networks, Alicante, Spain, Nov. 2020, pp. 37–45.
N. A. Alsharif, S. Mishra, and M. Alshehri, "IDS in IoT using Machine Learning and Blockchain," Engineering, Technology & Applied Science Research, vol. 13, no. 4, pp. 11197–11203, Aug. 2023.
A. D. Althobiti, R. M. Almohayawi, and O. O. Bamsag, "Machine Learning approach to Secure Software Defined Network: Machine Learning and Artificial Intelligence," in 4th International Conference on Future Networks and Distributed Systems, Saint Petersburg, Russian, Nov. 2020, pp. 1–8.
M. Latah and L. Toker, "An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks," CCF Transactions on Networking, vol. 3, no. 3, pp. 261–271, Dec. 2020.
E. M. Zeleke, H. M. Melaku, and F. G. Mengistu, "Efficient Intrusion Detection System for SDN Orchestrated Internet of Things," Journal of Computer Networks and Communications, vol. 2021, Nov. 2021, Art. no. e5593214.
Q.-V. Dang, "Intrusion Detection in Software-Defined Networks," in Future Data and Security Engineering, Nov. 2021, pp. 356–371.
A. Mzibri, R. Benaini, and M. B. Mamoun, "Case Study on the Performance of ML-Based Network Intrusion Detection Systems in SDN," in International Conference on Networked Systems, Benguerir, Morocco, Dec. 2023, pp. 90–95.
S. Singh and S. Banerjee, "Machine Learning Mechanisms for Network Anomaly Detection System: A Review," in International Conference on Communication and Signal Processing, Chennai, India, Jul. 2020, pp. 976–980.
M. S. E. Sayed, N.-A. Le-Khac, M. A. Azer, and A. D. Jurcut, "A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs," IEEE Transactions on Cognitive Communications and Networking, vol. 8, no. 4, pp. 1862–1880, Sep. 2022.
M. S. Elsayed, N.-A. Le-Khac, and A. D. Jurcut, "InSDN: A Novel SDN Intrusion Dataset," IEEE Access, vol. 8, pp. 165263–165284, 2020.
M. Ring, S. Wunderlich, D. Scheuring, D. Landes, and A. Hotho, "A survey of network-based intrusion detection data sets," Computers & Security, vol. 86, pp. 147–167, Sep. 2019.
"Index of /datasets/SDN." https://aseados.ucd.ie/datasets/SDN/.
M. H. H. Khairi, S. H. S. Ariffin, N. M. A. Latiff, A. S. Abdullah, and M. K. Hassan, "A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)," Engineering, Technology & Applied Science Research, vol. 8, no. 2, pp. 2724–2730, Apr. 2018.
N. Abbas, Y. Nasser, M. Shehab, and S. Sharafeddine, "Attack-Specific Feature Selection for Anomaly Detection in Software-Defined Networks," in 3rd IEEE Middle East and North Africa COMMunications Conference, Agadir, Morocco, Dec. 2021, pp. 142–146.
A. Almazyad, L. Halman, and A. Alsaeed, "Probe Attack Detection Using an Improved Intrusion Detection System," Computers, Materials & Continua, vol. 74, no. 3, pp. 4769–4784, 2023.
J. Wang and L. Wang, "SDN-Defend: A Lightweight Online Attack Detection and Mitigation System for DDoS Attacks in SDN," Sensors, vol. 22, no. 21, Jan. 2022, Art. no. 8287.
V. Hnamte and J. Hussain, "An efficient DDoS attack detection mechanism in SDN environment," International Journal of Information Technology, vol. 15, no. 5, pp. 2623–2636, Jun. 2023.
A. S. Alshra’a, A. Farhat, and J. Seitz, "Deep Learning Algorithms for Detecting Denial of Service Attacks in Software-Defined Networks," Procedia Computer Science, vol. 191, pp. 254–263, Jan. 2021.
P. Krishnan, S. Duttagupta, and K. Achuthan, "VARMAN: Multi-plane security framework for software defined networks," Computer Communications, vol. 148, pp. 215–239, Dec. 2019.
M. Abdallah, N. An Le Khac, H. Jahromi, and A. Delia Jurcut, "A Hybrid CNN-LSTM Based Approach for Anomaly Detection Systems in SDNs," in 16th International Conference on Availability, Reliability and Security, Vienna, Austria, Aug. 2021, pp. 1–7.
O. M. Ahmed, L. M. Haji, A. M. Ahmed, and N. M. Salih, "Bitcoin Price Prediction using the Hybrid Convolutional Recurrent Model Architecture," Engineering, Technology & Applied Science Research, vol. 13, no. 5, pp. 11735–11738, Oct. 2023.
R. Alsulami, B. Alqarni, R. Alshomrani, F. Mashat, and T. Gazdar, "IoT Protocol-Enabled IDS based on Machine Learning," Engineering, Technology & Applied Science Research, vol. 13, no. 6, pp. 12373–12380, Dec. 2023.
R. A. Elsayed, R. A. Hamada, M. I. Abdalla, and S. A. Elsaid, "Securing IoT and SDN systems using deep-learning based automatic intrusion detection," Ain Shams Engineering Journal, vol. 14, no. 10, Oct. 2023, Art. no. 102211.
M. S. Towhid and N. Shahriar, "Early Detection of Intrusion in SDN," in IEEE/IFIP Network Operations and Management Symposium, Miami, FL, USA, Dec. 2023, pp. 1–6.
A. Abubakar and B. Pranggono, "Machine learning based intrusion detection system for software defined networks," in Seventh International Conference on Emerging Security Technologies, Canterbury, UK, Sep. 2017, pp. 138–143.
S. Kumar et al., "DDoS Detection in SDN using Machine Learning Techniques," Computers, Materials & Continua, vol. 71, no. 1, pp. 771–789, 2022.
A. O. Alzahrani and M. J. F. Alenazi, "Designing a Network Intrusion Detection System Based on Machine Learning for Software Defined Networks," Future Internet, vol. 13, no. 5, May 2021, Art. no. 111.
Downloads
How to Cite
License
Copyright (c) 2024 Harman Yousif Ibrahim Khalid, Najla Badie Ibrahim Aldabagh
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
