Within the branch of Software-Defined Networking (SDN), research in Cyber Security has underscored the pressing need to combat cyber-attacks. These crimes include the unauthorized access and manipulation of critical data, jeopardizing user confidentiality, authenticity, and system integrity. To address these challenges, the deployment of Intrusion Detection Systems (IDS) has become paramount. These systems play a crucial role in safeguarding both the SDN infrastructure and its users. IDSs operate much like classification systems, making them suitable for the application of machine learning techniques in identifying intrusions. These techniques rely on labeled datasets to train the system to differentiate between benign and malicious events based on various features. Once trained, the system can categorize new events as benign or malicious. Therefore, identifying which features are relevant for classification purposes is crucial. In the current literature, few studies have focused on the effectiveness of IDSs applied to SDNs. The performance evaluation of IDSs based on machine learning techniques within SDN environments involves the development of specialized datasets, comprising network traffic features essential for discerning attack patterns. Moreover, as the landscape of network attacks within SDN evolves, there arises a need for continuously updated datasets to evaluate IDS effectiveness. This paper aims to investigate which features are relevant to detect the most common attack types in an SDN. To do this, labeled datasets of network traffic in an SDN must be available. Unfortunately, to the best of our knowledge, there is only one publicly available dataset for SDN traffic: InSDN. In this paper, we present the result of a feature selection process on the InSDN dataset, based on the SHAP toolset, aimed at identifying the most relevant features for different types of attacks. We also compare the performances of different classification algorithms trained on both the full dataset and the reduced one, showing that, for many attack types, the classifiers performances are comparable.
Feature selection in ML-based SDN intrusion detection system / Di Gennaro, F.; Cucchiarelli, A.; Morbidoni, C.; Spalazzi, L.. - (2024), pp. 152-159. (Intervento presentato al convegno 11th International Conference on Future Internet of Things and Cloud, FiCloud 2024 tenutosi a Vienna, Austria nel 19-21 August 2024) [10.1109/FiCloud62933.2024.00031].
Feature selection in ML-based SDN intrusion detection system
Cucchiarelli A.Membro del Collaboration Group
;Morbidoni C.Membro del Collaboration Group
;Spalazzi L.Membro del Collaboration Group
2024-01-01
Abstract
Within the branch of Software-Defined Networking (SDN), research in Cyber Security has underscored the pressing need to combat cyber-attacks. These crimes include the unauthorized access and manipulation of critical data, jeopardizing user confidentiality, authenticity, and system integrity. To address these challenges, the deployment of Intrusion Detection Systems (IDS) has become paramount. These systems play a crucial role in safeguarding both the SDN infrastructure and its users. IDSs operate much like classification systems, making them suitable for the application of machine learning techniques in identifying intrusions. These techniques rely on labeled datasets to train the system to differentiate between benign and malicious events based on various features. Once trained, the system can categorize new events as benign or malicious. Therefore, identifying which features are relevant for classification purposes is crucial. In the current literature, few studies have focused on the effectiveness of IDSs applied to SDNs. The performance evaluation of IDSs based on machine learning techniques within SDN environments involves the development of specialized datasets, comprising network traffic features essential for discerning attack patterns. Moreover, as the landscape of network attacks within SDN evolves, there arises a need for continuously updated datasets to evaluate IDS effectiveness. This paper aims to investigate which features are relevant to detect the most common attack types in an SDN. To do this, labeled datasets of network traffic in an SDN must be available. Unfortunately, to the best of our knowledge, there is only one publicly available dataset for SDN traffic: InSDN. In this paper, we present the result of a feature selection process on the InSDN dataset, based on the SHAP toolset, aimed at identifying the most relevant features for different types of attacks. We also compare the performances of different classification algorithms trained on both the full dataset and the reduced one, showing that, for many attack types, the classifiers performances are comparable.File | Dimensione | Formato | |
---|---|---|---|
CSW24-CameraReady.pdf
accesso aperto
Tipologia:
Documento in post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza d'uso:
Tutti i diritti riservati
Dimensione
841.55 kB
Formato
Adobe PDF
|
841.55 kB | Adobe PDF | Visualizza/Apri |
Feature_selection_in_ML-based_SDN_intrusion_detection_system.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza d'uso:
Tutti i diritti riservati
Dimensione
915.67 kB
Formato
Adobe PDF
|
915.67 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.