RADS: a real-time anomaly detection model for software-defined networks using machine learning

Software-defined networks (SDN) are no more a new technology as many industries are adopting it in a hybrid or full stack mode. SDN has already proved its technological advantages compared to the traditional networking technologies. The proposed work RADS leverages the architectural advantages of SD...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security 2023-12, Vol.22 (6), p.1881-1891
Main Authors: Sneha, M., Kumar, A. Keerthan, Hegde, Nikhil V., Anish, A. S., Shobha, G.
Format: Article
Language:English
Subjects:
Accuracy
Algorithms
Anomalies
Autoregressive models
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Datasets
Deep learning
Denial of service attacks
Machine learning
Management of Computing and Information Systems
Networks
New technology
Operating Systems
Real time
Regression models
Regular Contribution
Software
Software-defined networking
Statistical analysis
Topology
Traffic flow
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-defined networks (SDN) are no more a new technology as many industries are adopting it in a hybrid or full stack mode. SDN has already proved its technological advantages compared to the traditional networking technologies. The proposed work RADS leverages the architectural advantages of SDN and employs a flexible dynamic threshold approach to detect the anomalies in near real time using machine learning algorithms (ARIMA), and within 150 ms, the user is alerted about the attack so that necessary actions can be taken. A proof of concept for RADS is developed using mininet to create the SDN topology, Elasticsearch as the database to store the packet information and result of machine learning model. ARIMA, linear regression and Prophet models are considered for detecting anomalies, and the resulting graphs show the time taken to detect the attack is achieved in near real time.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-023-00724-9