Development of a Novel Intrusion Detection System and Architecture-specific Datasets in Software-Defined Networking
Software Defined Network (SDN) technology allows for more efficient scaling of networks though central programming of network behaviour using software applications with open APIs. The separation of the control plane from the forwarding plane of the physical hardware allows for a consistent network management strategy regardless of network size or complexity. Unfortunately, as with any new technology, these benefits are accompanied by a host of new threats with the revised infrastructure providing new attack vectors for malicious actors intent on penetrating and/or disrupting network activity. The relatively nascent status of SDN technologies makes development of effective Intrusion Detection Systems (IDS) difficult. There is a lack of available SDN specific datasets, resulting in the deployment of IDS software, which has been developed using unsuitable data collected from traditional networks and hence, ignoring the architectural differences of SDN networks. The aim of this research is to focus specifically on the novel architecture of SDN technologies and to develop an appropriate IDS framework that is tailored to the unique architectures of SDN, effectively identifying and blocking attacks that focus on SDN-specific characteristics, in addition to the range of attacks to which standard networks are prone. The intended research will focus on generating new SDN specific datasets by deploying different SDN architectures, both in the virtual format and using physical devices, allowing for the collection of more intrinsic data. Effective IDS can then be developed by training Machine Learning (ML) models on these new datasets. Standard Supervised ML Models as well as unsupervised Deep Neural Network (DNN) and Reinforcement Learning (RL) models will be developed and evaluated. There are a series of expected challenges to be addressed within the proposed body of work. The specific points of difference in architecture between traditional networks and SDN networks will have to be identified and attack vectors designed and/or replicated. Appropriate test bed architectures must be chosen and implemented. The choice of ML model will depend on the dataset structure and will need to be tailored to this specific use case. Finally, appropriate validation systems will need to be crafted to comprehensively test the effectiveness of candidate IDS frameworks once developed.