Securing SDN: Hybrid autoencoder-random forest for intrusion detection and attack mitigation

Software Defined Networking (SDN) has revolutionized network administration by providing centralized management through software, enabling traffic adjustment independent of the data plane. Despite the benefits, SDN networks are prone to security threats from external sources, thus necessitating the implementation of security measures. Unfortunately, most existing efforts have been just a simple mapping of earlier solutions into the SDN environments. This paper addresses the problem of SDN security based on deep learning in a purely native SDN environment, where a Deep Learning intrusion detection module is tailored to a native SDN environment. In particular, we propose a hybrid Deep AutoEncoder with a Random Forest classifier model (DAERF) to enhance intrusion detection performance in a native SDN environment. The proposed model is incorporated into a novel adaptive framework for attack mitigation in SDN environments. The proposed framework consists of a three-layer protection mechanism for detecting and preventing attacks. It is based on entropy-based detection, hybrid machine learning in the control layer and proactive services monitoring in the application layer. Experimental results have shown that our DEARF proposed autoencoder model achieved anomaly detection rates in excess of 98% in stand-alone mode as well as when incorporated within the framework, making it highly solution for next generation SDN networks.