Detection and Multi-Class Classification of Intrusion in Software Defined Networks Using Stacked Auto-Encoders and CICIDS2017 Dataset

Software Defined Networks (SDNs) is an emerging concept in network architectures, which divides the network operations into two, control and data, layers. In this concept, control and management operations are moved from the network devices to the controller and inside the control plane. This separation makes it possible to incorporate network devices for different applications, while on the other hand leads to vulnerabilities in the network. In fact, the controller becomes the bottleneck of the network, and it is vulnerable to intrusions. Various approaches have been proposed to detect intrusion in these networks, which among them using deep learning methods has gained the majority of attention in the past decade. In this paper, an intrusion detection system based on the SDN model is presented which is executed as an application module in the controller. The proposed system consists of three phases: in the first phase, for pre-training, sparse stacked auto-encoders are incorporated which learn the features in an unsupervised manner. In the second phase, to train the system, the SoftMax classifier is used and in the third phase, system parameters are optimized. Performance of the proposed system is evaluated according to two datasets, namely NSL-KDD and CICIDS2017, for classification of attacks. To implement the proposed method, the Mininet software and Keras framework, which is based on Tensorflow, are incorporated. The average accuracy in detection and classification of attacks using the proposed method is 98.5%, which is promising in comparison with previous methods.