IEEE Access (Jan 2023)
CNN-BiLSTM: A Hybrid Deep Learning Approach for Network Intrusion Detection System in Software-Defined Networking With Hybrid Feature Selection
Abstract
A Software-Defined Network (SDN) was designed to simplify network management by allowing the control and management of the entire network from a single place. SDN is commonly used in today’s data center network infrastructure, but new forms of threats such as Distributed Denial-of-Service (DDoS), web attacks, and the U2R (User to Root) attack are significant issues that might restrict the widespread adoption of SDNs. Intruders are attractive to SDN controllers because they are valuable targets. An SDN controller can be hijacked by an attacker and used to route traffic in accordance with its own needs, resulting in catastrophic consequences for the whole network. While the unified vision of SDN and deep learning methods opens new possibilities for the security of IDS deployment, the effectiveness of the detection models is dependent on the quality of the training datasets. Even though deep learning for NIDSs has lately shown promising results for a number of issues, the majority of the studies overlooked the impact of data redundancy and an unbalanced dataset. As a consequence, this may adversely affect the resilience of the anomaly detection system, resulting in a suboptimal model performance. In this study, we created a hybrid Convolutional Neural Network (CNN) and bidirectional long short-term memory (BiLSTM) network to enhance network intrusion detection using binary and multiclass classification. The effectiveness of the proposed model was tested and assessed using the most frequently used datasets (UNSW-NB15 and NSL-KDD). In addition, we used the InSDN dataset, which is specifically dedicated to SDN. The outcomes demonstrate the efficiency of the proposed model in achieving high accuracy and requiring less training time.
Keywords