Intrusion detection in software defined network using deep learning approaches.

Ensuring robust network security is crucial in the context of Software-Defined Networking(SDN). Which, becomes a multi-billion dollar industry, and it's deployed in many data centers nowadays. The new technology provides network programmability, network centralized control, and a global view of the network. But, unfortunately, it comes with new vulnerabilities, and new attack vectors compared to the traditional network. SDN network cybersecurity became a trending research topic due to the hype of Machine Learning (ML) when a group of Machine Learning(ML) techniques called Deep Learning(DL) started to take shape in the setting of SDN networks. This paper focuses on developing advanced Deep Learning(DL) models to address the inherent new attack vectors. In this paper, we have built and compared two models that can be used for building a complete Intrusion Detection System(IDS) solution, one using a hybrid CNN-LSTM architecture and the other using Transformer encoder-only architecture. We specifically target the SDN controller where it represents a crucial point. We utilized the InSDN dataset for training and testing our models, this dataset captures real-world traffic within the SDN environment. For evaluation, we have used accuracy, precision, recall, and F1 Score. Our experiment results show that the Transformer model with 48 features achieves the highest accuracy at 99.02%, while the CNN-LSTM model achieves 99.01%. We have reduced the features to 6 and 4, which gave us varying impacts on the models' performance. We have merged 4 poorly represented attacks in one class, which enhanced the accuracy by a significant score. Additionally, we investigate binary classification by merging all attack types into a single class, as a result, the accuracy increased for both models. The CNN-LSTM model achieves the best results with an accuracy of 99.19% for 6 feature sets, this enhances the state-of-the-art results.