CML-IDS: Enhancing Intrusion Detection in SDN through Collaborative Machine Learning
Key: GZA+23
Author: Pegah Golchin, Chengbo Zhou, Pratyush Agnihotri, Mehrdad Hajizadeh, Ralf Kundel, Ralf Steinmetz
Date: October 2023
Kind: In proceedings
Abstract: The centralized control plane in Software-Defined Networking (SDN) offers significant advancements in network management capabilities. However, SDN is also susceptible to cybersecurity risks and vulnerabilities. Deploying the Machine Learning (ML) approach in an Intrusion Detection System (IDS) can facilitate early detection of potential vulnerabilities. However, deploying an ML-based IDS solely in either the SDN control plane or the data plane has its benefits and drawbacks. For instance, a high-capacity ML model deployed in the control plane can enhance the detection performance but may increase network latency and the risk of overwhelming the control plane. In contrast, lightweight ML models deployed in the data plane could accelerate intrusion detection with lower detection performance. However, a functional IDS should provide a good detection performance at a line rate. To accomplish these objectives, we introduce a novel method called Collaborative ML-based IDS (CML-IDS), which involves deploying ML models in both the control and data planes to detect network attacks collaboratively. To facilitate this collaboration, we assess the confidence of the classification model, which is flexibly deployed within the programmable data plane. Our evaluation results demonstrate that the CML-IDS enhances the average intrusion detection performance to 93.46% and reduces the misclassification rate by 54.66% when compared to an IDS that solely relies on the ML model deployed in the data plane. Furthermore, CML-IDS effectively reduces network latency caused by forwarding flows to the control plane.
View Full paper (PDF) | Download Full paper (PDF)

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.