Kommunikationsnetze
Integrating Online Learning with Collaborative Machine Learning for Continuous Intrusion Detection in SDN | |
Key: | GZL+24 |
Author: | Pegah Golchin, Chengbo Zhou, Hengyu Liu, Björn Scheuermann, Ralf Kundel, Tobias Meuser |
Date: | September 2024 |
Kind: | In proceedings |
Abstract: | Software-Defined Networking (SDN) improves network management and flexibility by separating control and data plane functions. However, the centralized architecture of SDN can increase cybersecurity risks, such as an increased vulnerability to Denial of Service (DoS) attacks. While integrating machine learning (ML) models into Intrusion Detection Systems (IDSs) achieves high detection performance, these ML models must demonstrate strong generalization capabilities across new, previously unseen network traffic patterns, which is crucial for networks with dynamic traffic behavior. In our previously published work, Collaborative ML-based IDS (CML-IDS), different ML models are deployed in both the control and data plane to enhance detection performance while reducing network load and detection time. However, CML-IDS operates as an offline model, where ML models are trained once on a specific network traffic pattern, potentially limiting CML-IDS ability to generalize across diverse and new network traffic patterns effectively. To address this issue, we introduce COML-IDS, an online learning framework that automatically updates the ML model in the data plane when the detection performance degrades. Our results demonstrate that COML-IDS achieves an average increase of at least 25% in detection performance when encountering new network traffic patterns while reducing the need to forward the necessary flow feature data to the control plane compared to the CML-IDS. |
View Full paper (PDF) | Download Full paper (PDF) |
The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.