Novel Overload Reduction Framework for Intrusion Detection System in Software-Defined Networks

  • Ahmed Janabi

Student thesis: Doctoral Thesis

Abstract

This thesis aims to produce novel techniques for a Software-Defined Network (SDN) to reduce the networks’ overload when applying an Intrusion Detection System (IDS). IDSs are receiving growing attention due to the users’ daily usage of the internet and cloud storage expansion. The IDS applications are essential for institutions with many clients using cloud services. The new approaches seek to improve the latency and throughput of the network, thereby enhancing security and reliability. Performance issues in large-scale networks are addressed by the proposed model, which was evaluated using metrics such as Central Processing Unit (CPU) and memory utilisation, response times, and traffic flow processing efficiency to measure system overload and performance.
The current systems, involving centralised processing and multiple security functions, often suffer from overload and poor performance at the controller and OpenFlow switches level. This thesis presents a novel model that features decentralised processing and data exchanges over an independent channel to mitigate these issues. An appropriate feature selection method is employed to reduce the size of data transmitted over the channels. Flow classification is performed using the Naive Bayes (NB) and Convolutional Neural Network (CNN) algorithms, chosen for their effectiveness and efficiency.
The system was evaluated using the Mininet emulator, simulating a network environment that emulates the scale and complexity of large networks, encompassing various traffic patterns and attack vectors. Furthermore, the model’s real-world applicability was tested under operational conditions within an existing SDN infrastructure, ensuring its effectiveness in live environments. The experimental results indicate the model’s ability to detect various attacks with accuracy rates between 98.79% and 100%. When implemented in large networks, the throughput decreased by a nominal 1.5%, and latency by only 0.7%, demonstrating the model’s minimal impact on network performance. Comparison with state-of-the-art systems reveals these figures to be significant enhancements, particularly when considered alongside the achieved zero packet loss in a real SDN deployment. These results underscore the model’s advancement over contemporary methods, striking a balance between improved security and maintained network efficiency.

Date of Award28 Mar 2024
Original languageEnglish
Awarding Institution
  • University of Northampton
SupervisorTriantafyllos Kanakis (Supervisor) & Mark Johnson (Supervisor)

Keywords

  • IDS
  • SDN
  • ML
  • DL

Cite this

'