On Efficiency of Selected Machine Learning Algorithms for Intrusion Detection in Software Defined Networks


  • Damian Jankowski Institute of Telecommunication, Faculty of Electronics, Military University of Technology
  • Marek Amanowicz Institute of Telecommunication, Faculty of Electronics, Military University of Technology


We propose a concept of using Software Defined Network (SDN) technology and machine learning algorithms for monitoring and detection of malicious activities in the SDN data plane. The statistics and features of network traffic are generated by the native mechanisms of SDN technology. In order to conduct tests and a verification of the concept, it was necessary to obtain a set of network workload test data. We present virtual environment which enables generation of the SDN network traffic. The article examines the efficiency of selected  machine learning methods: Self Organizing Maps and Learning Vector Quantization and their enhanced versions. The results are compared with other SDN-based IDS.

Author Biographies

Damian Jankowski, Institute of Telecommunication, Faculty of Electronics, Military University of Technology

Damian Jankowski received B.Sc. and M.Sc. degrees from
the Military University of Technology, Warsaw, Poland in 2010 and 2011, in Telecommunication Engineering. His research interests include programming, system virtualization, system administration, IT security, machine learning, and data mining.

Marek Amanowicz, Institute of Telecommunication, Faculty of Electronics, Military University of Technology

Marek Amanowicz received M.Sc., Ph.D. and D.Sc. degrees
from the Military University of mTechnology, Warsaw, Poland in 1970, 1978 and 1990, respectively, all in Telecommunication. Engineering. In 2001, he was promoted to the professor's title. He was engaged in many research projects, especially in the elds of communications and information systems engineering, mobile communications, satellite communications, antennas & propagation, communications & information systems modeling and simulation, communications and information systems interoperability, network management and electronics warfare.


D. Kreutz, F. M Ramos, P. Esteves Verissimo, C. Esteve Rothenberg, S. Azodolmolky, and S. Uhlig, "Software-defined networking: A comprehensive survey," in Proceedings of the IEEE 103.1, 2015, pp. 14-76. doi:10.1109/JPROC.2014.2371999

Scott-Hayward, Sandra, Sriram Natarajan, and Sakir Sezer. "A survey of security in software defined networks," 2015. doi:0.1109/COMST.2015.2474118.

C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel and M. Rajarajan,. “A survey of intrusion detection techniques in cloud,” Journal of Network and Computer Applications, vol 36(1), 2013, pp. 42-57. doi:0.1016/j.jnca.2012.05.003

H. J. Liao, C. H. R. Lin, Y. C.Lin, and K. Y. Tung, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36(1), 2013, pp. 16-24. doi:10.1016/j.jnca.2012.09.004

N. F. Haq, A. R. Onik, M. Avishek, K. Hridoy, M. Rafni, F. M. Shah, and D. M. Farid, “Application of Machine Learning Approaches in Intrusion Detection System: A Survey,” International Journal of Advanced Research in Artificial Intelligence, 2015. doi:10.14569/IJARAI.2015.040302

M. Kruczkowski, E. Niewiadomska-Szynkiewicz, and A. Kozakiewicz. "FP-tree and SVM for Malicious Web Campaign Detection," in Intelligent Information and Database Systems, Springer International Publishing, 2015, pp. 193-201. doi: 10.1007/978-3-319-15705-4_19

Mehdi, Syed Akbar, Junaid Khalid, and Syed Ali Khayam. "Revisiting traffic anomaly detection using software defined networking," in Recent Advances in Intrusion Detection, Springer Berlin Heidelberg, 2011, pp. 161-180. doi:10.1007/978-3-642-23644-0_9

S. Dotcenko, A. Vladyko, and I. Letenko, “A fuzzy logic-based information security management for software-defined networks,” In Advanced Communication Technology ,16th International Conference on IEEE, 2014, pp. 167-171. doi:10.1109/ICACT.2014.6778942

K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments,” in Computer Networks, vol 62, 2014, pp. 122-136. doi:10.1016/j.bjp.2013.10.014

R. Braga, Edjard Mota, E. Mota, Edjard, A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow,” in Local Computer Networks (LCN), 35th Conference on. IEEE, 2010. pp. 408-415. doi: 10.1109/LCN.2010.5735752

R. Sathya and R. Thangarajan, “Efficient Anomaly Detection And Mitigation In Software Defined Networking Environment,” Electronics and Communication Systems, 2nd International Conference on. IEEE. 2015, pp. 479-484. doi:10.1109/ECS.2015.7124952

A. Le, P. Dinh, H. Le, and N. C. Tran, “Flexible Network-Based Intrusion Detection and Prevention System on Software-Defined Networks,” presented at International Conference on Advanced Computing and Applications, November 2015, pp. 106-111. doi:10.1109/ACOMP.2015.19

OpenDaylight Platform [Online]. Available: https://www.opendaylight.org/

T. Kohonen, “Essentials of the self-organizing map,” Neural Networks, vol. 37, 2013, pp. 52-65. doi:10.1016/j.neunet.2012.09.01

T. Kohonen, “The self-organizing map,” Proceedings of the IEEE, vol. 78(9), 1990, pp. 1464-1480.

WEKA Classification Algorithms, A WEKA Plug-in, [Online]. Available: http://wekaclassalgos.sourceforge.net/

T. Kohonen,, “Learning vector quantization,” Springer Berlin Heidelberg, 1995, pp. 175-189.

Mininet, An Instant Virtual Network on your Laptop (or other PC), [Online]. Available: http://minimet.org

M. Hall, E. rank, G. Holmes, B. Pfahringer, P. Reutemann and I. H. Witten, “The WEKA data mining software: an update,” ACM SIGKDD explorations newsletter, vol. 11(1), 2009, pp. 10-18. doi:10.1145/1656274.1656278

G. Pölzlbauer, “Survey and comparison of quality measures for self-organizing maps,“, 2004.

A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, , and B. Stiller, “An overview of IP flow-based intrusion detection,” Communications Surveys & Tutorials, IEEE, 12(3), 2010, pp. 343-356. doi: 10.1109/SURV.2010.032210.00054






Security, Safety, Military