Skip to main content
Springer Nature Link
Log in

Multi-class intrusion detection system in SDN based on hybrid BiLSTM model

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Software-defined networking (SDN) is a new network paradigm, which is highly decoupled compared to traditional networks, and makes it easier to operate by separating the data and control planes of the network, promoting logical centralization of network control, and introducing the ability to program the network. Due to the feature of logically centralized control, the attack on the controller will lead to the paralysis of the entire network, so the intrusion detection is particularly important for SDN. With the rise of artificial intelligence network, machine learning technology and deep learning technology have been applied in all aspects of life. Due to the advantages of high accuracy, light weight, and fast response speed, deep learning is beneficial for intrusion detection. However, the methods proposed at this stage are mainly concentrated in traditional networks, and they are often used to detect DDoS (Distributed Denial of Service) attacks only, which cannot be applied to SDN directly to classify different attack types specific to this new network paradiam. In this work, we propose a hybrid Long Short Term Memory (LSTM)-based multi-class intrusion detection method, i.e., Convolutional Neural Network with Attention (CNNA)-BiLSTM to detect 8 common intrusion types on the InSDN dataset. Firstly, a feature selection method is proposed for the high-dimensional data of SDN network data traffic to extract the positive features that are effective for model decision-making, reduce the misleading of the model by unfavorable and negative features, and decrease the computational cost. Secondly, a multi-class intrusion detection model based on multi-output nodes and hybrid BiLSTM with attention is proposed to improve the accuracy of the model for emerging detection. The proposed deep learning model provides a better classification result in two-class and multi-class problems compared with other methods. It achieves an accuracy of 99.86% and 99.31% on two-class and multi-class scenarios, respectively. Moreover, our proposed model can accurately detect each category in multi-classification detection, while other standard models cannot detect Botnet, Web, and U2R attacks accurately because of their small sample scales.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Algorithm 1
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Adrichem, N.L.M.V., Asten, B.J.V., Kuipers, F.A.: Fast Recovery in Software-Defined Networks. In: 2014 Third European Workshop on Software Defined Networks. pp. 61–66. IEEE, Budapest (2014)

  2. Chen, X., Wang, X., Yi, B., He, Q., Huang, M.: Deep learning-based traffic prediction for energy efficiency optimization in software-defined networking. IEEE Syst. J. 15, 5583–5594 (2021). https://doi.org/10.1109/JSYST.2020.3009315

    Article  Google Scholar 

  3. Jazaeri, S.S., Jabbehdari, S., Asghari, P., Haj, S.J.H.: Edge computing in SDN-IoT networks: a systematic review of issues, challenges and solutions. Clust. Comput. 24, 3187–3228 (2021). https://doi.org/10.1007/s10586-021-03311-6

    Article  Google Scholar 

  4. Pajouh, H.H., Javidan, R., Khayami, R., Dehghantanha, A., Choo, K.-K.R.: A Two-Layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Trans. Emerg. Topics Comput. 7, 314–323 (2019). https://doi.org/10.1109/TETC.2016.2633228

    Article  Google Scholar 

  5. Gumus, F., Sakar, C.O., Erdem, Z., Kursun, O.: Online Naive Bayes classification for network intrusion detection. In: 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014). pp. 670–674. IEEE, China (2014)

  6. Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access. 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418

    Article  Google Scholar 

  7. Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for Network Intrusion Detection in Software Defined Networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM). pp. 258–263. IEEE, Fez (2016)

  8. Susilo, B., Sari, R.F.: Intrusion Detection in Software Defined Network Using Deep Learning Approach. In: 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). pp. 0807–0812. IEEE (2021)

  9. Althubiti, S.A., Jones, E.M., Roy, K.: LSTM for Anomaly-based network intrusion detection. In: 2018 28th International Telecommunication Networks and Applications Conference (ITNAC). pp. 1–3. IEEE, Sydney (2018)

  10. Corsini, A., Yang, S.J., Apruzzese, G.: On the evaluation of sequential machine learning for network intrusion detection. In: The 16th international conference on availability, reliability and security. pp. 1–10. ACM, Vienna (2021)

  11. Tran, B., Xue, B., Zhang, M.: Variable-length particle swarm optimization for feature selection on high-dimensional classification. IEEE Trans. Evol. Computat. 23, 473–487 (2019). https://doi.org/10.1109/TEVC.2018.2869405

    Article  Google Scholar 

  12. Kasongo, S.M., Sun, Y.: A deep learning method with filter based feature engineering for wireless intrusion detection system. IEEE Access. 7, 38597–38607 (2019). https://doi.org/10.1109/ACCESS.2019.2905633

    Article  Google Scholar 

  13. Singh, K., Kumar, B., Kumar, S., Singh, V.P., Singh, A.: Mitigation of cyber attacks in SDN-based IoT systems using machine learning techniques. Int. J. Intell. Syst. Appl. Eng. 12, 482–492 (2024)

    Google Scholar 

  14. Shaji, N.S., Muthalagu, R., Pawar, P.M.: SD-IIDS: intelligent intrusion detection system for software-defined networks. Multimed Tools Appl. 83, 11077–11109 (2024). https://doi.org/10.1007/s11042-023-15725-y

    Article  Google Scholar 

  15. Hadem, P., Saikia, D.K., Moulik, S.: An SDN-based intrusion detection system using SVM with selective logging for IP traceback. Comput. Netw. 191, 108015 (2021). https://doi.org/10.1016/j.comnet.2021.108015

    Article  Google Scholar 

  16. Long, Z., Jinsong, W.: A hybrid method of entropy and SSAE-SVM based DDoS detection and mitigation mechanism in SDN. Comput. Secur. 115, 102604 (2022). https://doi.org/10.1016/j.cose.2022.102604

    Article  Google Scholar 

  17. Ma, W., Zhou, X., Zhu, H., Li, L., Jiao, L.: A two-stage hybrid ant colony optimization for high-dimensional feature selection. Pattern Recogn. 116, 107933 (2021). https://doi.org/10.1016/j.patcog.2021.107933

    Article  Google Scholar 

  18. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., Alazab, A.: A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks. Electronics 8, 1210 (2019). https://doi.org/10.3390/electronics8111210

    Article  Google Scholar 

  19. Imrana, Y., Xiang, Y., Ali, L., Abdul-Rauf, Z.: A bidirectional LSTM deep learning approach for intrusion detection. Expert Syst. Appl. 185, 115524 (2021). https://doi.org/10.1016/j.eswa.2021.115524

    Article  Google Scholar 

  20. Liu, J., Gao, Y., Hu, F.: A fast network intrusion detection system using adaptive synthetic oversampling and LightGBM. Comput. Secur. 106, 102289 (2021). https://doi.org/10.1016/j.cose.2021.102289

    Article  Google Scholar 

  21. Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. 31, 541–553 (2019). https://doi.org/10.1016/j.jksuci.2018.03.011

    Article  Google Scholar 

  22. ElSayed, M.S., Le-Khac, N.-A., Albahar, M.A., Jurcut, A.: A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique. J. Netw. Comput. Appl. 191, 103160 (2021). https://doi.org/10.1016/j.jnca.2021.103160

    Article  Google Scholar 

  23. Devan, P., Khare, N.: An efficient XGBoost–DNN-based classification model for network intrusion detection system. Neural Comput. Appl. 32, 12499–12514 (2020). https://doi.org/10.1007/s00521-020-04708-x

    Article  Google Scholar 

  24. Jiajia, F., Jiangfeng, X., Junfeng, Z.: Intrusion Detection Model Based on SAE and BALSTM. In: 2021 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA). pp. 1192–1197. IEEE, Dalian (2021)

  25. Elsayed, M.S., Le-Khac, N.-A., Jurcut, A.D.: InSDN: a novel SDN intrusion dataset. IEEE Access. 8, 165263–165284 (2020). https://doi.org/10.1109/ACCESS.2020.3022633

    Article  Google Scholar 

  26. Razib, M.A., Javeed, D., Khan, M.T., Alkanhel, R., Muthanna, M.S.A.: Cyber threats detection in smart environments using SDN-enabled DNN-LSTM hybrid framework. IEEE Access. 10, 53015–53026 (2022). https://doi.org/10.1109/ACCESS.2022.3172304

    Article  Google Scholar 

  27. Jiang, K., Wang, W., Wang, A., Wu, H.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access. 8, 32464–32476 (2020). https://doi.org/10.1109/ACCESS.2020.2973730

    Article  Google Scholar 

  28. Priyadarshini, I., Mohanty, P., Alkhayyat, A., Sharma, R., Kumar, S.: SDN and application layer DDoS attacks detection in IoT devices by attention‐based Bi‐LSTM‐CNN. Trans Emerging Tel Tech. e4758 (2023). https://doi.org/10.1002/ett.4758

  29. Sahu, S.K., Mohapatra, D.P., Rout, J.K., Sahoo, K.S., Pham, Q.-V., Dao, N.-N.: A LSTM-FCNN based multi-class intrusion detection using scalable framework. Comput. Electr. Eng. 99, 107720 (2022). https://doi.org/10.1016/j.compeleceng.2022.107720

    Article  Google Scholar 

  30. Zainudin, A., Akter, R., Kim, D.-S., Lee, J.-M.: Federated Learning Inspired Low-Complexity Intrusion Detection and Classification Technique for SDN-Based Industrial CPS. IEEE Trans. Netw. Serv. Manage. 1, 1 (2023). https://doi.org/10.1109/TNSM.2023.3299606

    Article  Google Scholar 

  31. Han, J., Pak, W.: Hierarchical LSTM-based network intrusion detection system using hybrid classification. Appl. Sci. 13, 3089 (2023). https://doi.org/10.3390/app13053089

    Article  Google Scholar 

  32. Elsayed, R.A., Hamada, R.A., Abdalla, M.I., Elsaid, S.A.: Securing IoT and SDN systems using deep-learning based automatic intrusion detection. Ain Shams Eng. J. 14, 102211 (2023). https://doi.org/10.1016/j.asej.2023.102211

    Article  Google Scholar 

  33. Chen, J., Xiong, Y.-J., Qiu, X., He, D., Yin, H., Xiao, C.: A cross entropy based approach to minimum propagation latency for controller placement in Software Defined Network. Comput. Commun. 191, 133–144 (2022). https://doi.org/10.1016/j.comcom.2022.04.030

    Article  Google Scholar 

  34. Samriya, J.K., Tiwari, R., Cheng, X., Singh, R.K., Shankar, A., Kumar, M.: Network intrusion detection using ACO-DNN model with DVFS based energy optimization in cloud framework. Sustain. Comput. 35, 100746 (2022). https://doi.org/10.1016/j.suscom.2022.100746

    Article  Google Scholar 

  35. Gong, R.H., Zulkernine, M., Abolmaesumi, P.: A software implementation of a genetic algorithm based approach to network intrusion detection. In: Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network. pp. 246–253 (2005)

  36. Hoque, M.S., Mukit, M.A., Bikas, M.A.N.: An implementation of intrusion detection system using genetic algorithm. IJNSA. 4, 109–120 (2012). https://doi.org/10.5121/ijnsa.2012.4208

    Article  Google Scholar 

  37. Lambora, A., Gupta, K., Chopra, K.: Genetic Algorithm- A Literature Review. In: 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon). pp. 380–384 (2019)

  38. Zhang, Y., Ren, X., Zhang, J.: Intrusion detection method based on information gain and ReliefF feature selection. In: 2019 International Joint Conference on Neural Networks (IJCNN). pp. 1–5. IEEE, Budapest (2019)

  39. Homoliak, I.: Convergence optimization of backpropagation artificial neural network used for dichotomous classification of intrusion detection dataset. JCP. 4, 143–155 (2017). https://doi.org/10.17706/jcp.12.2.143-155

    Article  Google Scholar 

  40. Kumar, C., Biswas, S., Ansari, Md.S.A., Govil, M.C.: Nature-inspired intrusion detection system for protecting software-defined networks controller. Comput. Secur. 134, 103438 (2023). https://doi.org/10.1016/j.cose.2023.103438

    Article  Google Scholar 

Download references

Funding

This work was supported in part by the National Natural Science Foundation of China Youth Fund Program (62102241), “Science and Technology Innovation Action Plan” Natural Science Foundation Upper-level Program (23ZR1425400).

Author information

Authors and Affiliations

  1. School of Electrical and Electronic Engineering, Shanghai University of Engineering Science, Shanghai, 201620, China

    Meng Cui, Jue Chen, Xihe Qiu, Wenjing Lv, Haijun Qin & Xinyu Zhang

Authors
  1. Meng Cui
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Jue Chen
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Xihe Qiu
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Wenjing Lv
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Haijun Qin
    View author publications

    You can also search for this author inPubMed Google Scholar

  6. Xinyu Zhang
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

Meng Cui: Conceptualization, Methodology, Validation, Investigation, Writing - original draft, Writing - review & editing, Formal analysis. Jue Chen: Conceptualization, Methodology, Validation, Investigation, Writing - original draft, Writing - review & editing, Formal analysis, Supervision, Project administration. Xihe Qiu: Conceptualization, Methodology, Writing - review & editing, Formal analysis. Wenjing Lv: Conceptualization, Methodology, Formal analysis, Investigation. Haijun Qin: Conceptualization, Methodology, Investigation. Xinyu Zhang: Conceptualization, Methodology.

Corresponding author

Correspondence to Jue Chen.

Ethics declarations

Competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cui, M., Chen, J., Qiu, X. et al. Multi-class intrusion detection system in SDN based on hybrid BiLSTM model. Cluster Comput 27, 9937–9956 (2024). https://doi.org/10.1007/s10586-024-04477-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-024-04477-5

Keywords