<p>Modern network architecture is redesigned by Software Defined Networks (SDN), which separate the control plane and data plane. This SDN configuration provides centralized network control and offers flexible programmability; however, it introduces vulnerabilities, making it highly susceptible to cyber threats. This paper introduces a fusion-based multilayered SDN intrusion detection and mitigation framework called Layer-Based-InSDN Dataset-Intrusion Detection System (LB-ISD-IDS). Initially, data preprocessing is done on ISD using label encoding, Z-Score normalization, Recursive Feature Elimination (RFE), and SHapley Additive exPlanations (SHAP). ISD class imbalance is addressed by applying the K-means Synthetic Minority Over-sampling Technique (SMOTE) balancing strategy, which avoids noise amplification. The hybrid ISD attack classifier employs Temporal Convolutional Network (TCN) to extract sequential ISD attack patterns, a LightGradient Boosting Machine (LightGBM) for decision-tree-based rapid and interpretable ISD attack classification, and TabNet for selective attention-based ISD feature transformation. These machine learning and deep learning models in LB-ID-IDS are fused together by using weighted ensemble learning to generate a final ISD attack prediction vector. The ISD attack detection layer is followed by a mitigation layer, which calculates the ISD attack severity score based on which context-aware countermeasures are assigned. Experimental validation of LB-ISD-IDS on ISD achieves an accuracy of 97.57%, precision of 98.78%, recall of 98.78%, F1 score of 98.78%, False Alarm Rate (FAR) of 0.30% and specificity of 99.70%. The proposed LB-ISD-IDS outperforms the existing state-of-the-art SDN-IDS methods in terms of detection accuracy and system efficiency, making it ideal for real-time SDN deployments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Scalable and Explainable Hybrid Learning Framework for Cyber Threat Detection in SDN Environments

  • S. Sumathi

摘要

Modern network architecture is redesigned by Software Defined Networks (SDN), which separate the control plane and data plane. This SDN configuration provides centralized network control and offers flexible programmability; however, it introduces vulnerabilities, making it highly susceptible to cyber threats. This paper introduces a fusion-based multilayered SDN intrusion detection and mitigation framework called Layer-Based-InSDN Dataset-Intrusion Detection System (LB-ISD-IDS). Initially, data preprocessing is done on ISD using label encoding, Z-Score normalization, Recursive Feature Elimination (RFE), and SHapley Additive exPlanations (SHAP). ISD class imbalance is addressed by applying the K-means Synthetic Minority Over-sampling Technique (SMOTE) balancing strategy, which avoids noise amplification. The hybrid ISD attack classifier employs Temporal Convolutional Network (TCN) to extract sequential ISD attack patterns, a LightGradient Boosting Machine (LightGBM) for decision-tree-based rapid and interpretable ISD attack classification, and TabNet for selective attention-based ISD feature transformation. These machine learning and deep learning models in LB-ID-IDS are fused together by using weighted ensemble learning to generate a final ISD attack prediction vector. The ISD attack detection layer is followed by a mitigation layer, which calculates the ISD attack severity score based on which context-aware countermeasures are assigned. Experimental validation of LB-ISD-IDS on ISD achieves an accuracy of 97.57%, precision of 98.78%, recall of 98.78%, F1 score of 98.78%, False Alarm Rate (FAR) of 0.30% and specificity of 99.70%. The proposed LB-ISD-IDS outperforms the existing state-of-the-art SDN-IDS methods in terms of detection accuracy and system efficiency, making it ideal for real-time SDN deployments.