Machine Learning for Software-Defined Networking-

Based Intrusion Detection

Subjects: Computer Science, Cybernetics
Contributor: Abdul Razaque, Joon Yoo, Gulnara Bektemyssova, Majid Alshammari, Tolganay T. Chinibayeva, Saule Amanzholova, Aziz
Alotaibi, Dauren Umutkulov

Low-speed internet can negatively impact incident response by causing delayed detection, ineffective response, poor
collaboration, inaccurate analysis, and increased risk. Slow internet speeds can delay the receipt and analysis of data,
making it difficult for security teams to access the relevant information and take action, leading to a fragmented and
inadequate response. All of these factors can increase the risk of data breaches and other security incidents and their
impact on IoT-enabled communication.

Keywords: IoT ; 6G technology ; cyberattack ; blockchain technology ; software-defined networking ; virtual network
function ; edge computing

1. Introduction
Slow internet speeds during an incident response time can be caused by obsolete technology, network congestion, and a
large number of network-connected devices [1]. This can result in slow download and upload speeds, high latency, and
[2]
poor network stability, which can significantly impact the incident response . Slow internet can lead to delayed response
[3]
times, missed opportunities, customer dissatisfaction, and decreased productivity for the IoT devices . Several solutions
are available to address the issue of slow internet speeds in incident response. One solution is to use software-defined
networking (SDN), which can improve the network efficiency, flexibility, and scalability for the IoT devices [4]. SDN allows
for the centralized management of network resources, which can lead to a more efficient use of the available bandwidth
[5]
. Additionally, upgrading hardware and software and optimizing network configurations are effective ways to enhance
[6]
network performance . Another promising solution to improve internet speed is the use of virtual network functions
(VNFs), which can be deployed on virtual machines to optimize the network infrastructure and enhance the overall
[7]
network performance . VNFs enable organizations to scale and manage their network resources effectively, allocate
[8].
resources more efficiently, and improve network performance for IoT devices Internet speed is crucial in incident
responses; however, a slow internet connection can result in sluggish reaction times, missed opportunities, unhappy
clients, and diminished productivity. The causes of slow internet connections include outdated hardware, network
congestion, and a large number of devices connected to a network [9]. Improving incident response times requires finding
practical solutions for sluggish internet speeds. It is anticipated that the deployment of 6G covers the development of
many new technologies and improves internet connection. Furthermore, 6G will perform a revolutionary role for new
technologies such as smart surfaces, zero-energy IoT devices, advanced AI techniques, AI-powered automated devices,
potential quantum computing systems, humanoid robots, AI-driven air interfaces, and self-sustained networks. Moreover,
[10].
future trends of digital societies, such as massive AI and self-sustained networks, will also benefit from 6G Therefore,
6G is attractive to numerous applications, including UAV-based mobility, smart Grid 2.0, connected autonomous vehicles
(CAV), hyper-intelligent healthcare, collaborative robots, Industry 5.0, Digital Twin, and Extended Reality. These
applications might support many stakeholders and call for various levels of 6G security requirements. The security
requirements and problems in 6G may vary greatly due to the novelty of these application domains and the potent
adversaries. A federated-learning supported intrusion detection system (FSIDS) makes use of 6G-enabling technologies
[11].
such software -defined networking, mobile edge computing, and network function virtualization DeepVulSeeker is a
completely automated vulnerability identification platform that uses both code graph structures and semantic elements to
find vulnerabilities. However, existing methods experience shortcomings [12].
 2. Machine Learning as a Solution for Software-Defined Networking-Based
Intrusion Detection
[13]
Abubakar and Pranggono proposed machine learning as a solution for SDN-based intrusion detection and prevention.
They further explored and highlighted the benefits and challenges of the proposed approach. They concluded that
although machine learning can improve the accuracy of intrusion detection and reduce false positives, challenges related
[14]
to scalability and training data availability still exist. Ahmed et al. proposed VNF chaining and network slicing as
possible solutions. The authors also mentioned their respective benefits and limitations. Research on the VNF sphere was
introduced by Wang and Zhao [15], who explored the use of edge computing to improve network performance and address
the challenges of latency and bandwidth requirements in incident responses. The authors provided an overview of edge
computing architectures, applications, and challenges, highlighting their potential to improve incident response times and
[16]
reduce network congestion. Karakus and Durresi contributed to the development of QoS in SDN networks and
identified its potential to improve network performance and response times. They explored various QoS techniques and
their effectiveness in addressing network congestion and improving the QoS in SDN. Another relevant study introduced by
[17]
Li et al. focused on blockchain-based collaborative software-defined networking (BCSDN) The authors proposed the
use of blockchain technology in SDN to improve network security and reduce the risk of cyberattacks. They discussed the
potential benefits of blockchain in providing a tamper-proof record of network activities and enhancing incident response
[18]
capabilities. Yang et al. provided an overview of current developments in network function virtualization (NFV)
resource allocation. The authors generalized and examined four typical resource allocation issues: the VNF placement
issue, the VNF placement and traffic routing problem, the VNF redeployment and consolidation issue, and the NFV traffic
routing issue. Following that, two crucial quality of service (QoS) parameters—delay calculation models and VNF
protection (availability) models—are investigated in NFV resource allocation.

[19]
Xu et al. proposed a hybrid-assisted dynamic intrusion detection system (HADIDS) for improving network
performance. This research focused on the potential benefits of hybrid cloud computing in terms of scalability and cost
efficiency and discussed the challenges related to security, privacy, and interoperability. Research in the sphere of VNF by
[20]
Basu et al. addressed the problem of limited network capacity and storage that can hinder QoS in a network. To
optimize the placement of VNF instances over the service function chains (SFCs) for superior service delivery, the authors
[21]
proposed a dynamic VNF sharing approach called FlexShare-VNF. According to Kim and Kim’s research, the VNF
placement approach was based on VNF characteristics and used information about each node’s resources to assign
VNFs more efficiently. Furthermore, the authors suggested a method for identifying an appropriate node for placement
through periodic searching of information concerning resource updates prior to VNF placement, subsequently assigning
[22]
VNFs quickly upon request. Taniguchi and Shinomiya proposed virtualized networks to minimize computing and
network resources in the event of VNF failures. The proposed method aims to ensure sustainability against multiple VNF
failures, which can cause significant damage to the network, by minimizing the cost of computing and network resources.
The integration of VNFs with SDN technology can significantly improve the performance and efficiency of 6G networks. By
leveraging the flexibility and programmability of SDN, VNFs can be dynamically deployed and managed to meet the
specific requirements of different network functions and services. This approach improves resource allocation, reduces
network congestion, and enhances security by enabling the implementation of advanced network policies and protocols.
[23]
Yao et al. proposed an anomaly detection with intrusion network framework (DINF). An anomaly detection approach
leveraged both signature-based and anomaly-based techniques to enhance IoT devices. The authors recognized the
limitations of using only one approach and suggested that combining them would lead to a more effective and efficient
IDS. Their proposed system incorporated a signature-based approach to detect known attacks and an anomaly-based
[24]
approach to identify unknown attacks. Zheng et al. proposed a solution to mitigate the security risks associated with
the Internet of Things (IoT) by dynamically creating and deploying firewalls based on the network traffic patterns. The
solution employs machine learning algorithms to analyze network traffic patterns and identify potential security threats.
The identified threats are then mitigated by dynamically creating and deploying firewalls on the affected devices in the IoT
network. Table 1 shows comparison of the state-of-the-art approaches.

Table 1. Contemporary related works and their limitations.

Related
Solutions Characteristics Limitations
Works

Machine learning-
Rani et al. basedintrusion detection Predicts network traffic Requires a large amountof data to
[13]
system forsoftware-defined andoptimizes network performance train the algorithms
networking
 Related
Solutions Characteristics Limitations
Works

Provides a comprehensive
overview ofnetwork virtualization
A survey on The proposed solutions maynot be
Ahmed et techniques andtheir potential
networkvirtualization applicable to allnetwork virtualization
al. [14] benefits inimproving network
techniques andchallenges scenarios
performance,flexibility, and
management

A survey of mobile
Reduces latency and Limited processing power
Wang and edgeComputing for the
bandwidthrequirements and andstorage capacity at thenetwork
Zhao [15] Metaverse:architectures,
improves networkperformance edge
applications, and challenges

Karakus Quality of service (QoS)in Prioritizes network traffic

Complexity in designing
and Durresi software-defined andallocates bandwidth more
[16] andimplementing QoS policies
networkingsurvey effectively

BlockCSDN:blockchain-based
collaborativeintrusion
Li et al. [17]
detection insoftware-defined
networking
Decentralized and tamper-
High computational overheadand
proofrecord of network activity
scalability issues
andimproved network security

Generalized and examined

Advances in resource
Yang et al. fourtypical resource allocation The proposed solutions maynot be
[18] allocationin network function
issuesfor QoS improvement and applicable to allNFV scenarios
virtualization
delaycalculation

Hybrid cloud computing:state- Improves the security, privacy,and Requires additional resources
Xu et al. [19] of-the-art, challenges,and performance of hybridcloud andexpertise to implement
future directions systems andmaintain

The MILP-based
QoS-aware dynamic Offers significant benefits interms optimizationapproach may pose
Basu et al. networkslicing and VNF of energy-efficientservice delivery, computationalchallenges in larger
[20]
embeddingin softwarized 5G low latency,and optimized network networkscenarios, and the
networks efficiency approachmay require further
validationin real-world deployments

Efficient VNF placement

Increased complexity in termsof
usinginformation about the
resource monitoring andupdating, as
Kim and VNF placement methodbased resources of eachnode, which can
well as potentialscalability issues if
Kim [21] on VNF Characteristics lead to improvednetwork
thenumber of nodes and
performance and
VNFsincrease significantly
resourceutilization

A method of service Reduces the computing The proposed method maynot be

Taniguchfi
functionchain configuration to resourcesrequired for SFC suitable for alltypes of virtualized
and
minimizecomputing and configurationcompared to previous networks,and further research
Shinomiya
[22] network resourcesfor VNF studies,which can lead to cost isneeded to evaluate itseffectiveness
failures savingsfor network operators in different contexts

This approach improves the

detectionaccuracy and reduces
Yao et al. Anomaly-based approach false positives.The main advantage
[23]
forIoT of this approachis its ability to
detect both knownand unknown
attacks
Potential for higher
resourceconsumption due to running
multipledetection methods
simultaneously

The approach improves

securityand reduces the potential
Network firewall for The potential for higher
Zheng et al. for falsepositives. The main
[24] cybersecurity in an IoT resourceconsumption due to
advantage of thisapproach is its
environment continuousanalysis and rule updates
ability to adaptto changing network
conditions

Increased complexity
Improved network performance andmanagement overhead due to
Our Work VNFSDN andscalability and increased theneed for specialized skills
networkefficiency andtools to manage the
virtualizednetwork functions

References
1. D’Angelo, G.; Eslam, F.; Massimo, F.; Francesco, P.; Antonio, R. Privacy-preserving malware detection in Android-
based IoT devices through federated Markov chains. Future Gener. Comput. Syst. 2023, 148, 93–105.
 2. Sánchez-Zas, C.; Víctor, A.V.; Vega-Barbas, M.; Larriva-Novo, X.; Moreno, J.I.; Berrocal, J. Ontology-based approach
to real-time risk management and cyber-situational awareness. Future Gener. Comput. Syst. 2023, 141, 462–472.

3. Beibei, L.; Yujie, C.; Hanyuan, H.; Wenshan, L.; Tao, L.; Wen, C. Artificial immunity based distributed and fast anomaly
detection for Industrial Internet of Things. Future Gener. Comput. Syst. 2023, 148, 367–379.

4. Martini, B.; Gharbaoui, M.; Castoldi, P. Intent-based network slicing for SDN vertical services with assurance: Context,
design and preliminary experiments. Future Gener. Comput. Syst. 2023, 142, 101–116.

5. Salman, M.I.; Bin, W. Near-optimal responsive traffic engineering in software defined networks based on deep learning.
Future Gener. Comput. Syst. 2022, 135, 172–180.

6. Nguyen, V.G.; Anna, B.; Karl-Johan, G.; Javid, T. SDN/NFV-based mobile packet core network architectures: A survey.
IEEE Commun. Surv. Tutor. 2017, 19, 1567–1602.

7. Hu, T.; Quan, R.; Peng, Y.; Ziyong, L.; Julong, L.; Yuxiang, H.; Qian, L. An efficient approach to robust controller
placement for link failures in Software-Defined Networks. Future Gener. Comput. Syst. 2021, 124, 187–205.

8. Miao, W.; Geyong, M.; Yulei, W.; Haojun, H.; Zhiwei, Z.; Haozhe, W.; Chunbo, L. Stochastic performance analysis of
network function virtualization in future Internet. IEEE J. Sel. Areas Commun. 2019, 37, 613–626.

9. Ma, Z.; Xiaoming, Y.; Kai, L.; Jie, F.; Li, Z.; Dajun, Z.; Yu, F.R. Blockchain-escorted distributed deep learning with
collaborative model aggregation towards 6G networks. Future Gener. Comput. Syst. 2023, 141, 555–566.

10. You, X.; Wang, C.; Huang, J.; Gao, X.; Zhang, Z.; Wang, M.; Huang, Y.; Zhang, C.; Jiang, Y.; Wang, J.; et al. Towards
6G wireless communication networks: Vision, enabling technologies, and new paradigm shifts. Sci. China Inf. Sci.
2021, 64, 110301.

11. Alotaibi, A.; Ahmed, B. A federated and softwarized intrusion detection framework for massive internet of things in 6G
network. J. King Saud Univ. Comput. Inf. Sci. 2023, 35, 101575.

12. Wang, J.; Hui, X.; Shuwen, Z.; Yinhao, X. DeepVulSeeker: A novel vulnerability identification framework via code graph
structure and pre-training mechanism. Future Gener. Comput. Syst. 2023, 148, 15–26.

13. Rani, S.; Himansh, B.; Gautam, S.; Thippa, R.; Gaurav, D. Security Framework for Internet-of-Things-Based Software-
Defined Networks Using Blockchain. IEEE Internet Things 2022, 10, 6074–6081.

14. Ahmad, W.; Radzi, N.; Samidi, F.; Ismail, A.; Abdullah, F.; Jamaludin, M.; Zakaria, M. 5G technology: Towards dynamic
spectrum sharing using cognitive radio networks. IEEE Access 2020, 13, 14460–14488.

15. Wang, Y.; Jun, Z. A survey of mobile edge computing for the metaverse: Architectures, applications, and challenges. In
Proceedings of the 8th International Conference on Collaboration and Internet Computing (CIC), Atlanta, GA, USA, 14–
16 December 2022; pp. 1–9.

16. Karakus, M.; Arjan, D. Quality of service (QoS) in software defined networking (SDN): A survey. Future Gener. Comput.
Syst. 2017, 80, 200–218.

17. Li, W.; Yu, W.; Weizhi, M.; Jin, L.; Chunhua, S. Towards blockchain-based collaborative intrusion detection in software
defined networking. IEICE Trans. Inf. Syst. 2022, 105, 272–279.

18. Yang, S.; Fan, L.; Stojan, T.; Ramin, Y.; Xiaoming, F. Recent advances of resource allocation in network function
virtualization. IEEE Trans. Parallel Distrib. Syst. 2020, 32, 295–314.

19. Xu, F.; Liu, F.; Jin, H.; Vasilakos. Mobile Cloud Computing Framework for Securing Data. Proc. IEEE 2013, 102, 11–31.

20. Basu, D.; Abhishek, J.; Uttam, G.; Raja, D. QoS-aware Dynamic Network Slicing and VNF Embedding in Softwarized
5G Networks. In Proceedings of the 2022 National Conference on Communications (NCC), Virtual, 24–27 May 2022;
pp. 100–105.

21. Kim, S.; Kim, H. A vnf placement method based on vnf characteristics. In Proceedings of the 2021 International
Conference on Information Networking (ICOIN), Virtual, 27–30 July 2021; pp. 864–869.

22. Taniguchi, A.; Norihiko, S. A Method of Service Function Chain Configuration to Minimize Computing and Network
Resources for VNF Failures. In Proceedings of the TENCON 2021–2021 IEEE Region 10 Conference (TENCON),
Auckland, New Zealand, 7–10 December 2021; pp. 453–458.

23. Yao, W.; Han, S.; Hai, Z. Scalable anomaly-based intrusion detection for secure Internet of Things using generative
adversarial networks in fog environment. J. Netw. Comput. Appl. 2023, 214, 103622.

24. Zheng, Y.; Zheng, L.; Xiaolong, X.; Qingzhan, Z. Dynamic defenses in cyber security: Techniques, methods and
challenges. Digit. Commun. Networks 2022, 8, 422–435.

Retrieved from https://encyclopedia.pub/entry/history/show/119649