Abstract
Software-defined networks (SDNs) are extensively deployed in many network configurations. However, the development of new technology presents several vulnerabilities and risks that continue to pose challenges for manufacturers in addressing them. One of the primary obstacles encountered in deploying an intrusion detection system (IDS) is the absence of an openly accessible dataset, especially one obtained from SDN and SDN-based Internet of Things (IoT) networks. This work produces a comprehensive dataset to evaluate the effectiveness of anomaly-based IDSs in detecting inter- and intradomain attacks. The dataset comprises 86 features extracted from approximately 40 million records obtained from simulated SDN-based IoT networks captured within two flow profiles representing normal and 15 different attack types. In addition, the evaluation is demonstrated by employing six widely used machine learning and deep learning approaches for IDSs: decision tree classifiers, random forest classifiers, deep neural networks, K-nearest neighbours, Bernoulli naive Bayes, and logistic regression.
References
[1] W. Meng, “Intrusion detection in the era of IoT: building trust via traffic filtering and sampling”, IEEE Comput. 51 (7) (2018) 36–43. IEEE, DOI: 10.1109/MC.2018.3011034.
[2] [2] F.Y. Okay, S. Ozdemir, “Routing in fog-enabled IoT platforms: a survey and an SDN- based solution”, IEEE Internet Things J. 5 (6) (2018) pp. 4871–4889.DOI: 10.1109/JIOT.2018.2882781.
[3] W. Li, W. Meng, Z. Liu, M.H. Au, “Towards blockchain-based software-defined networking: security challenges and solutions”, IEICE Trans. Info Syst. E103CD (2) (2020), pp. 196–203. DOI: 10.1587/transinf.2019INI0002.
[4] T. Das, V. Sridharan, M. Gurusamy, “A survey on controller placement in SDN”, IEEE Commun. SurvTutorials 22 (1) (2020), pp. 472–503. DOI: 10.1109/COMST.2019.2935453.
[5] SDN-Based Intrusion Detection System: A Survey, Ying-Jun Zhang, Hong Li, Zhong-Ru Yang, and Jun-Ping Du,IEEE Access, Volume 6, 2018.
[6] N. KoronIoTis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: BoT-IoT Dataset”, Future Generation Computer Systems, vol. 100, pp. 779–796, 2019, DOI: 10.1016/j.future.2019.05.041.
[7] A. Kaan Sarica and P. Angin, “A Novel SDN Dataset for Intrusion Detection in IoT Networks”, 2020 16th International Conference on Network and Service Management (CNSM), Izmir, Turkey, 2020, pp. 1-5,
doi: 10.23919/CNSM50824.2020.9269042.
[8] Mahmoud Dais ELsayed, Nhien-An Le-khac, and Anca D. Jurcut, InSDN: “A Novel SDN Intrusion Dataset”, IEEE 2020. DOI: 10.1109/ACCESS.2020.3022633.
[9] Ahuja, N., Singal, G., Mukhopadhyay, D., & Kumar, N. (2021). “Automated DDOS attack detection in software defined networking. Journal of Network and Computer Applications”, 187, 103108. doi: 10.1016/j.jnca.2021.103108.
[10] A. R. Gad, A. A. Nashat and T. M. Barkat, "Intrusion Detection System Using Machine Learning for Vehicular Ad Hoc Networks Based on ToN-IoT Dataset," in IEEE Access, vol. 9, pp. 142206-142217, 2021, doi: 10.1109/ACCESS.2021.3120626.
[11] A. Divekar, M. Parekh, V. Savla, R. Mishra, and M. Shirole, ‘‘Benchmark- ing datasets for anomaly-based network intrusion detection: KDD CUP 99 alternatives,’’ in Proc. IEEE 3rd Int. Conf. Comput., Commun. Secur. (ICCCS), Oct. 2018, pp. 1–8. DOI: 10.1109/CCCS.2018.8586840.
[12] L. Bontemps, V. Cao, J. McDermott, and N.-A. Le-Khac, ‘‘Collective anomaly detection based on long short-term memory recurrent neural networks,’’ in Future Data and Security Engineering FDSE (Lecture Notes in Computer Science), vol. 10018, T. Dang, R. Wagner, J. Küng, N. Thoai, M. Takizawa, and E. Neuhold, Eds. Cham, Switzerland: Springer, 2016. DOI: 10.1007/978-3-319-48057-2_9.
[13] M. Tavallaee, E. Bagheri, W. Lu, and A.A. Ghorbani, ‘‘A Detailed Analysis of the KDD CUP 99 data set,’’ in Proc. IEEE Symp. Comput. Intell. Secur. Defense Appl., Jul. 2009, pp. 1–6. DOI: 10.1109/CISDA.2009.5356528.
[14] for Applied Internet Data Analysis (CAIDA), T. C. (2016). Caida anonymized internet traces 2016 dataset. DOI: 10.5220/0006639801080116.
[15] A. Shiravi, H. Shiravi, M. Tavallaee, and A. A. Ghorbani, ‘‘Toward developing a systematic approach to generate benchmark datasets for intrusion detection,’’ Comput. Secur., vol. 31, no. 3, pp. 357–374, May 2012. Doi: 10.1016/j.cose.2011.12.012.
[16] Symantec. Internet Security Threat Report, 2018. [Online]. Available: https://symantec-enterprise-blogs.security.com/
[17] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis et al.,”Understanding the Mirai Botnet”, in 26th { USENIX } Security Symposium ( { USENIX } Security 17), 2017, pp. 1093–1110.doi: 10.1016/j.fsidi.2020.300926.
[18] N. Sharma and S. Mukherjee,”A novel multi-classifier layered approach to improve minority attack detection in IDS”, Procedia Technol., vol. 6, pp. 913–921, Jan. 2012. Doi: 10.1016/j.protcy.2012.10.111.
[19] K. Benzekki, A. El Fergougui, and A. Elbelrhiti Elalaoui, “Software-defined networking (SDN): A survey”, Secur. Commun. Netw., vol. 9, no. 18, pp. 5803–5833, Dec. 2016. Doi: 10.1002/sec.1737.
[20] A. Dawoud, S. Shahristani, and C. Raun, “Software-defined network security: Breaks and obstacles”, in Networks of the Future: Architectures, Technologies, and Implementations. Boca Raton, FL, USA: CRC Press, 2017, pp. 89–100, DOI:10.1201/9781315155517-5.
[21] M. Liyanage, A. Braeken, A. D. Jurcut, M. Ylianttila, and A. Gurtov, “Secure communication channel architecture for software defined mobile networks”, Comput. Netw., vol. 114, pp. 32–50, Feb. 2017. Doi: 10.1016/j.comnet.2017.01.007.
[22] The IoT attack surface: Threats and security solutions 2019. [Online]. Available: https://www.trendmicro.com/vinfo/gb/security/news/internet-of-things/the-IoT-attack-surface-threats-and-security-solutions.
[23] A. H. Lashkari, G. Draper-Gil, M. S. I. Mamun, and A. A. Ghorbani, “Characterization of tor traffic using time based features,” in Proc. ICISSP, 2017, pp. 253–262. DOI: 10.5220/0006105602530262.
[24] R. Khondoker, A. Zaalouk, R. Marx, and K. Bayrou,” Feature-basedcom- parison and selection of software defined networking (SDN) controllers”, in Proc. World Congr. Comput. Appl. Inf. Syst. (WCCAIS), Jan. 2014, pp. 1–7. DOI: 10.1109/WCCAIS.2014.6916572.
[25] K. Phemius, M. Bouet, and J. Leguay, ”DISCO: Distributed multi-domain SDN controllers”, in Proc. IEEE Netw. Oper. Manage. Symp. (NOMS), May 2014, pp. 1–4. DOI: 10.1109/NOMS.2014.6838330.
[26] C. Mera and J. W. Branch,”A survey on class imbalance learning on automatic visual inspection”, IEEE Latin Amer. Trans., vol. 12, no. 4, pp. 657–667, Jul. 2014. DOI: 10.1109/TLA.2014.6868867.
[27] S. Wang and X. Yao, “Multiclass imbalance problems: Analysis and potential solutions”, IEEE Trans. Syst., Man, Cybern. B, Cybern., vol. 42, no. 4, pp. 1119–1130, Aug. 2012. DOI: 10.1109/TSMCB.2012.2187280.
[28] R. Longadge and S. Dongre, “Class imbalance problem in data mining review”, 2013, arXiv:1305.1707. [Online]. Available: http://arxiv.org/abs/1305.1707.
[29] S. M. Abd Elrahman and A. Abraham, “A review of class imbalance problem”, J. Netw. Innov. Comput., vol. 1, no. 2013, pp. 332–340, 2013. Doi: 10.1016/j.jmse.2022.06.002.

This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright (c) 2025 Al-Khwarizmi Engineering Journal