Article Preview
TopIntroduction
The public and private cloud have gain popularity in recent years. The complexity of network infrastructure is rapidly increasing in deployment. The existing traditional networks, on the other hand, have become very slow and too complex. This would make it harder for network administrators to manage and maintain the network, in the context of modification for rapid innovation and cost-efficient development. Open Network Foundation (ONF) developed a new approach called Software-Defined Networking (SDN) in 2011. SDN is an innovative network architecture in which the control planes are decoupled from the data planes of every network device within the network. The control logic of every networking device shifts to the centralized control units that are located at the control plane within the network. The data plane consists of the simple packet forwarding devices that execute the instructions from the control plane and traffic forwarding. The most widely used protocol in SDNs is OpenFlow. SDN enables the programmability to directly control the networks, centrally manageable that make more flexible and simpler troubleshooting. SDN becomes popular in both academic and industrial research. SDN enables dynamic and scalable ways to manage the networks.
Although SDN can have many advantages, it still has certain challenges to overcome, such as scalability, performance, and security. The most challenging issue is security. According to Kreutz et al., (2013), seven kinds of threat vectors target SDN components and the communication between them. The DDoS attack is one of the utmost challenges and has the highest impact in SDN environments for its centralized control nature. CAIDA, DARPA, KDD, and NSLKDD are the standard datasets used by the researchers for Intrusion Detection System (IDS) in both SDN and traditional networks. The features in these datasets are generalized traffics collected from network simulation or laboratory. Therefore, specific features are essential to improving classification accuracy. For traffic generation, normal, DDoS, LAND, and Smurf attacks, traffic are generated in their previous work (Lwin et al.,2021). Due to the flow-based nature of SDN, the authors proposed hybrid IPS, Snort with the flow-based anomaly approach. Six specific features are extracted from the flow and stored as a labeled dataset. The authors used the error backpropagation algorithm to train and evaluate their model by accuracy, false alarm rate, and detection rate. For real-time DDoS prediction, the controller will collect flow statistics from switches suspected of that on the attacker’s pathways.
This article provides flow-based anomaly detection using Backpropagation Neural Network (BNN) on SDN environments. The rest of the paper is organized as follows. The theoretical background is introduced in the second section. Related works are presented in the third section. This article gives the design and evaluation of flow-based anomaly detection in the fourth section. The conclusion is done in the final section.