An optimization-inspired intrusion detection model for software-defined networking

Hui Xu; Longtan Bai; Wei Huang; Hui Xu; Longtan Bai; Wei Huang

doi:10.3934/era.2025012

Electronic Research Archive

2025, Volume 33, Issue 1: 231-254. doi: 10.3934/era.2025012

Previous Article Next Article

Research article Special Issues

An optimization-inspired intrusion detection model for software-defined networking

School of Computer Science, Hubei University of Technology, Wuhan 430068, China

Received: 28 September 2024 Revised: 03 December 2024 Accepted: 10 December 2024 Published: 20 January 2025

As an emerging network architecture, software-defined networking (SDN) has the core concept of separating the control plane from the network hardware and unifying its management by a central controller. Since the centralized control of SDN is such that an attack on the controller can lead to the paralysis of the entire network, intrusion detection has become particularly significant for SDN. Currently, more and more intrusion detection systems based on machine learning and deep learning are being applied to SDN, but most have drawbacks such as complex models and low detection accuracy. This paper proposes an enhanced spider wasp optimizer (ESWO) algorithm for feature dimensionality reduction of intrusion detection datasets and constructs a new intrusion detection model (IDM), namely ESWO-IDM, for SDN. The ESWO algorithm integrates multiple strategies, including tent chaotic map strategy and elite opposition learning strategy to improve the diversity of the population, Lévy flight strategy to prevent the algorithm from falling into local optimum in the early stage, and dynamic adjustment strategy of control parameters to balance exploration and exploitation of the algorithm. ESWO was empirically evaluated using eight benchmark test functions and four UCI datasets to comprehensively demonstrate its advantages. Binary and multiclassification experiments were conducted using the InSDN dataset to analyze the ESWO-IDM performance and compare it with other IDMs. The experimental results show that the ESWO-IDM achieves the best performance in all the metrics in both binary classification and multiclassification and has the most prominent effect on the detection of normal, denial of service (DoS), distributed DoS, and Brute Force Attack types, which effectively improves SDN intrusion detection from the viewpoint of optimization.
- software-defined networking,
- intrusion detection,
- optimization,
- spider wasp optimizer
Citation: Hui Xu, Longtan Bai, Wei Huang. An optimization-inspired intrusion detection model for software-defined networking[J]. Electronic Research Archive, 2025, 33(1): 231-254. doi: 10.3934/era.2025012

Related Papers:

Abstract

As an emerging network architecture, software-defined networking (SDN) has the core concept of separating the control plane from the network hardware and unifying its management by a central controller. Since the centralized control of SDN is such that an attack on the controller can lead to the paralysis of the entire network, intrusion detection has become particularly significant for SDN. Currently, more and more intrusion detection systems based on machine learning and deep learning are being applied to SDN, but most have drawbacks such as complex models and low detection accuracy. This paper proposes an enhanced spider wasp optimizer (ESWO) algorithm for feature dimensionality reduction of intrusion detection datasets and constructs a new intrusion detection model (IDM), namely ESWO-IDM, for SDN. The ESWO algorithm integrates multiple strategies, including tent chaotic map strategy and elite opposition learning strategy to improve the diversity of the population, Lévy flight strategy to prevent the algorithm from falling into local optimum in the early stage, and dynamic adjustment strategy of control parameters to balance exploration and exploitation of the algorithm. ESWO was empirically evaluated using eight benchmark test functions and four UCI datasets to comprehensively demonstrate its advantages. Binary and multiclassification experiments were conducted using the InSDN dataset to analyze the ESWO-IDM performance and compare it with other IDMs. The experimental results show that the ESWO-IDM achieves the best performance in all the metrics in both binary classification and multiclassification and has the most prominent effect on the detection of normal, denial of service (DoS), distributed DoS, and Brute Force Attack types, which effectively improves SDN intrusion detection from the viewpoint of optimization.

References

[1]	B. Alhijawi, S. Almajali, H. Elgala, H. B. Salameh, M. Ayyash, A survey on DoS/DDoS mitigation techniques in SDNs: Classification, comparison, solutions, testing tools and datasets, Comput. Electr. Eng. , 99 (2022), 107706.https://doi.org/10.1016/j.compeleceng.2022.107706 doi: 10.1016/j.compeleceng.2022.107706
[2]	R. U. Rasool, H. Wang, U. Ashraf, K. Ahmed, Z. Anwar, W. Rafique, A survey of link flooding attacks in software defined network ecosystems, J. Network Comput. Appl. , 172 (2020), 102803.https://doi.org/10.1016/j.jnca.2020.102803 doi: 10.1016/j.jnca.2020.102803
[3]	J. Ali, G. Shan, N. Gul, B. Roh, An intelligent blockchain-based secure link failure recovery framework for software-defined internet-of-things, J. Grid Comput. , 21 (2023), 57.https://doi.org/10.1007/s10723-023-09693-8 doi: 10.1007/s10723-023-09693-8
[4]	M. Madathi, R. Harini, R. Monikaa, N. Gowthami, Detection of DDoS attack in SDN environment using KNN algorithm, Int. J. Res. Anal. Rev. , 9 (2022), 252–257.
[5]	A. Maheshwari, B. Mehraj, M. S. Khan, M. S. Idrisi, An optimized weighted voting based ensemble model for DDoS attack detection and mitigation in SDN environment, Microprocessors Microsyst. , 89 (2022), 104412.https://doi.org/10.1016/j.micpro.2021.104412 doi: 10.1016/j.micpro.2021.104412
[6]	R. A. Elsayed, R. A. Hamada, M. I. Abdalla, S. A. Elsaid, Securing IoT and SDN systems using deep-learning based automatic intrusion detection, Ain Shams Eng. J. , 14 (2023), 102211.https://doi.org/10.1016/j.asej.2023.102211 doi: 10.1016/j.asej.2023.102211
[7]	M. Al-Zewairi, S. Almajali, M. Ayyash, Unknown security attack detection using shallow and deep ANN classifiers, Electronics, 9 (2020), 2006.https://doi.org/10.3390/electronics9122006 doi: 10.3390/electronics9122006
[8]	H. Wang, H. Chen, S. Liu, Intrusion detection system based on improved Naive Bayes algorithm, Comput. Sci. , 41 (2014), 111–115.
[9]	M. Cui, J. Chen, X. Qiu, W. Lv, H. Qin, X. Zhang, Multi-class intrusion detection system in SDN based on hybrid BiLSTM model, Cluster Comput. , 27 (2024), 9937–9956.https://doi.org/10.1007/s10586-024-04477-5 doi: 10.1007/s10586-024-04477-5
[10]	P. Wang, Z. Wang, F. Ye, X. Chen, ByteSGAN: a semi-supervised generative adversarial network for encrypted traffic classification in SDN Edge Gateway, Comput. Networks, 200 (2021), 108535.https://doi.org/10.1016/j.comnet.2021.108535 doi: 10.1016/j.comnet.2021.108535
[11]	A. K. Sarica, P. Angin, Explainable security in SDN-Based IoT Networks, Sensors, 20 (2020), 7326.https://doi.org/10.3390/s20247326 doi: 10.3390/s20247326
[12]	L. Zhang, J. Wang, A hybrid method of entropy and SSAE-SVM based DDoS detection and mitigation mechanism in SDN, Comput. Secur. , 115 (2022), 102604.https://doi.org/10.1016/j.cose.2022.102604 doi: 10.1016/j.cose.2022.102604
[13]	H. Xu, X. Chai, H. Liu, A multi-controller placement strategy for hierarchical management of software-defined networking, Symmetry, 15 (2023), 1520.https://doi.org/10.3390/sym15081520 doi: 10.3390/sym15081520
[14]	H. Xu, Y. Hu, W. Cao, L. Han, An improved jump spider optimization for network traffic identification feature selection, Comput. Mater. Continua, 76 (2023), 3239–3255.https://doi.org/10.32604/cmc.2023.039227 doi: 10.32604/cmc.2023.039227
[15]	F. Li, H. Xu, F. Qiu, Modified artificial rabbits optimization combined with bottlenose dolphin optimizer in feature selection of network intrusion detection, Electron. Res. Ach. , 32 (2024), 1770–1800.https://doi.org/10.3934/era.2024081 doi: 10.3934/era.2024081
[16]	F. Qiu, H. Xu, F. Li, Applying modified golden jackal optimization to intrusion detection for software-defined networking, Electron. Res. Ach. , 32 (2024), 418–444.https://doi.org/10.3934/era.2024021 doi: 10.3934/era.2024021
[17]	M. Abdel-Basset, R. Mohamed, M. Jameel, M. Abouhawwash, Spider wasp optimizer: A novel meta-heuristic optimization algorithm, Artif. Intell. Rev., 56 (2023), 11675–11738.https://doi.org/10.1007/s10462-023-10446-y doi: 10.1007/s10462-023-10446-y
[18]	M. Shtayat, M. K. Hasan, A. K. Budhati, R. Solaiman, S. Islam, B. Pandey, et al., An improved binary spider wasp optimization algorithm for intrusion detection for industrial internet of things, IEEE Open J. Commun. Soc., (2024), 1.https://doi.org/10.1109/OJCOMS.2024.3421647
[19]	E. A. Mohamed, M. S. Braik, M. A. Al-Betar, M. A. Awadallah, Boosted spider wasp optimizer for high-dimensional feature selection, J. Bionic Eng. , 21 (2024), 2424–2459.https://doi.org/10.1007/s42235-024-00558-8 doi: 10.1007/s42235-024-00558-8
[20]	E. Ott, K Wiesenfeld, Chaos in dynamical systems, Phys. Today, 47 (1994), 45.https://doi.org/10.1063/1.2808369 doi: 10.1063/1.2808369
[21]	Y. Lai, H. Chen, F. Gu, A multitask optimization algorithm based on elite individual transfer, Math. Biosci. Eng, 20 (2023), 8261–8278.https://doi.org/10.3934/mbe.2023360 doi: 10.3934/mbe.2023360
[22]	H. Haklı, H. Uğuz, A novel particle swarm optimization algorithm with Levy flight, Appl. Soft Comput. , 23 (2014), 333–345.https://doi.org/10.1016/j.asoc.2014.06.034 doi: 10.1016/j.asoc.2014.06.034
[23]	Q. Liu, M. Li, N. Cao, Z. Zhang, G. Yang, Improved harris combined with clustering algorithm for data traffic classification, IEEE Access, 10 (2022), 72815–72824.https://doi.org/10.1109/ACCESS.2022.3188866 doi: 10.1109/ACCESS.2022.3188866
[24]	M. Injadat, A. Moubayed, A. B. Nassif, A. Shami, Multi-stage optimized machine learning framework for network intrusion detection, IEEE Trans. Network Serv. Manage. , 18 (2021), 1803–1816.https://doi.org/10.1109/TNSM.2020.3014929 doi: 10.1109/TNSM.2020.3014929
[25]	R. Cheng, Y. Jin, A social learning particle swarm optimization algorithm for scalable optimization, Inf. Sci. , 291 (2015), 43–60.https://doi.org/10.1016/j.ins.2014.08.039 doi: 10.1016/j.ins.2014.08.039
[26]	I. H. Hassan, M. Abdullahi, M. M. Aliyu, S. A. Yusuf, A. Abdulrahim, An improved binary manta ray foraging optimization algorithm based feature selection and random forest classifier for network intrusion detection, Intell. Syst. Appl. , 16 (2022), 200114.https://doi.org/10.1016/j.iswa.2022.200114 doi: 10.1016/j.iswa.2022.200114
[27]	M. S. Elsayed, N. A. Le-Khac, A. D. Jurcut, InSDN: a novel SDN intrusion dataset, IEEE Access, 8 (2020), 165263–165284.https://doi.org/10.1109/ACCESS.2020.3022633 doi: 10.1109/ACCESS.2020.3022633
[28]	M. Abdallah, N. A. L. Khac, H. Jahromi, A. D. Jurcut, A hybrid CNN-LSTM based approach for anomaly detection systems in SDNs, in ARES'21: Proceedings of the 16th International Conference on Availability, Reliability and Security, (2021), 1–7.https://doi.org/10.1145/3465481.3469190

Reader Comments

Your name:*

Email:*
© 2025 the Author(s), licensee AIMS Press. This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0)