Flow Based Classification for Specification Based Intrusion Detection in Software Defined Networking: FlowClassify

Flow Based Classification for Specification Based Intrusion Detection in Software Defined Networking: FlowClassify

Nithya Sampath (Vellore Institute of Technology, Vellore, India) and Dinakaran M. (Vellore Institute of Technology, Vellore, India)
Copyright: © 2019 |Pages: 8
DOI: 10.4018/IJSI.2019040101
OnDemand PDF Download:
No Current Special Offers


Software defined networking assures the space for network management, SDNs will possibly replace traditional networks by decoupling the data plane and control plane which provides security by means of a global visibility of the network state. This separation provides a solution for developing secure framework efficiently. Open flow protocol provides a programmatic control over the network traffic by writing rules, which acts as a network attack defence. A robust framework is proposed for intrusion detection systems by integrating the feature ranking using information gain for minimizing the irrelevant features for SDN, writing fuzzy-association flow rules and supervised learning techniques for effective classification of intruders. The experimental results obtained on the KDD dataset shows that the proposed model performs with a higher accuracy, and generates an effective intrusion detection system and reduces the ratio of attack traffic.
Article Preview


Traditional network which is more complex, time consuming, hardware centric, tight coupling of network equipment with limited services because of its manufacture’s dependent. Its static nature of architecture is ill-suited to the dynamic computing which need a device level change, unlike Software Defined Networking (SDN) which is highly dynamic and configurable topology.

Software Defined Networking

SDN is layer independent, it has three layered architecture namely data plane, control plane and application plane. The vendor can manage and administrate the network affording to the network usage. Jarraya et al. (2014) discusses about the rule set instruction in control plane, the router will act as a forwarding media. The control logic is moved to an external entity, called SDN controller where the packets are moved according to the specified instructions. SDN Data plane, an infrastructure layer, it comprises of the Forwarding Elements (FEs) which are physical and virtual switches. SDN Controller comprises of Software Based SDN Controllers that determine the flow path of packets. Hence it is a software based SDN, flexible to program according to the application. It intellects and informs decision how to configure the packet and modifies the infrastructure layer conferring to the network usage. The network administrator can change any switch rules whenever it is necessary, the rule may be prioritizing, de-prioritizing or even blocking specific types of packets, access control lists management. SDN Application plane comprises of one or more end user applications by closely binding the interaction amid network services and devices. Applications are programs that explicitly, directly, and programmatically communicate their network device to the SDN Controller via interface.

Intrusion Detection System

Intrusion Detection System is used to monitor all outgoing and incoming network traffic. A set of protocol is designed to violate the malicious packets. Akhunzada et al. (2015) discusses about the security issues in Software defined Networking. The major functions of IDS monitor is to detect, respond to unauthorized activity and it monitors the flow of packets. Specification based intrusion detection is used for monitoring the network traffic by specifying the rule set. The deviations in network behaviour are analysed and rules can be enforced accordingly. The construction of rules may consume more time, but the high degree of false rate is avoided. Since this detection methodology is specification based, it has been applied for the privileged program, application oriented and several networks. The specification-based detection methodology can be adjusted based on the application.

Proposed Framework for Specification Based Intrusion Detection System

To achieve a robust intrusion detection system the framework has been designed as shown. This paper focus is on Specification based intrusion detection technique based on protocol standards. The evidence is collected for all the attacks and the specification is written for risk assessment phase. The detection engine has to be designed for detecting of attacks and decision making is done using a machine learning technique for the purpose of intrusion response.


This paper is organized as follows Chapter 2 briefly defines a survey on intrusion detection system in Software Defined Networking. Chapter 3 delineates feature ranking methods to rank the relevant features and investigation of various network attacks with respect to the control planes. The flow rules are written for the various control plane attacks. Chapter 4 defines a fuzzy inference engine and association rule mining for automatic execution of flow rules. This chapter concludes mined rules. Chapter 5 is Conclusion and future work.

Complete Article List

Search this Journal:
Open Access Articles
Volume 10: 4 Issues (2022): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2021): 3 Released, 1 Forthcoming
Volume 8: 4 Issues (2020)
Volume 7: 4 Issues (2019)
Volume 6: 4 Issues (2018)
Volume 5: 4 Issues (2017)
Volume 4: 4 Issues (2016)
Volume 3: 4 Issues (2015)
Volume 2: 4 Issues (2014)
Volume 1: 4 Issues (2013)
View Complete Journal Contents Listing