Intrusion Detection System in Software-Defined Networks Using Machine
Learning and Deep Learning Techniques --A Comprehensive Survey
Abstract
At present, the Internet is facing numerous attacks of different kinds
that put its data at risk. The safety of information within the network
is, therefore, a significant concern. To prevent the loss of incredibly
valuable information, the Intrusion Detection System (IDS) was developed
to recognize the outbreak of a stream of attacks and notify the network
system administrator providing network security. IDS is a predictive
model which detect network traffic as routine or deviated.
Software-Defined Networks (SDN) is a revolutionary paradigm that
isolates the control plane from the data plane, transforming the concept
of a software-driven network. Through this data and control plane
separation, SDN provides us the opportunity to create a manageable and
programmable network, allowing applications in the top plane to access
physical devices via the controller. The controller residing in the
control plane, executes the network modules, and establishes flow rules
to forward packets in the switches residing in the data plane. Often
adversaries target the SDN controller to subdue the control plane, which
is considered the brain of the SDN, which provides a plethora of
functionalities such as regulating flow control to switches or routers
in the data plane below via southbound Application Programming
Interfaces (APIs) and business and application logic in the application
plane above via northbound APIs to implement sophisticated networks.
However, the control plane becomes a tempting prospect for security
attacks from adversaries because of its centralization feature. This
paper includes an in-depth overview of the notable published articles
from 2015 to 2021 that used traditional Machine Learning (ML) and Deep
Learning (DL) techniques to construct an IDS solution to provide
security for SDN. We also present two detailed taxonomic studies
regarding IDS, and ML-DL techniques based on their learning categories,
exploring various IDS solutions to secure the SDN paradigm. We have also
conducted brief research on a few benchmark datasets used to construct
IDS in the SDN paradigm. To conclude the survey, we provide a discussion
that sheds light on continuous challenges and IDS issues for SDN
security.