Griffin: Real-time network intrusion detection system via ensemble of autoencoder in SDN

Liyan Yang, Yubo Song, Shang Gao, Aiqun Hu, Bin Xiao

Research output: Journal article publicationJournal articleAcademic researchpeer-review

51 Citations (Scopus)

Abstract

Many efforts have been devoted to the development of efficient Network Intrusion Detection System (NIDS) using machine learning approaches in Software-defined Network (SDN). Unfortunately, existing solutions failed to detect real-time and zero-day attacks due to their limited throughput and prior knowledge-based detection. To this end, we propose Griffin, a NIDS that uses unsupervised machine learning expertise to detect both known and zero-day intrusion attacks in real-time with high accuracy. Specifically, Griffin uses an efficient feature extraction framework to capture the sequential features of the traffic packets. Then, it utilizes cluster analysis to reduce the feature scale to achieve low throughput. Moreover, an ensemble autoencoder is built automatically to further extract features with low complexity and high precision to train the model. We evaluate the accuracy, robustness, and complexity of the system using open datasets. The result shows that Griffin's complexity is about 40% lower, and its accuracy is at most 19% higher than existing NIDS.Additionally, even in the situation with evasion, the Griffin has at most 9% decrease of AUC, which is a good performance compared with other solutions. Furthermore, this paper also utilizes the differential privacy framework during training autoencoders to protect datasets' privacy which is inherent in machine learning approaches.

Original languageEnglish
Pages (from-to)2269-2281
Number of pages13
JournalIEEE Transactions on Network and Service Management
Volume19
Issue number3
DOIs
Publication statusPublished - 1 Sept 2022

Keywords

  • Software-defined network (SDN)
  • autoencoder
  • differential privacy
  • ensemble learning
  • network intrusion detection system (NIDS)

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Griffin: Real-time network intrusion detection system via ensemble of autoencoder in SDN'. Together they form a unique fingerprint.

Cite this