Attack-Specific Feature Selection for Anomaly Detection in Software-Defined Networks

Abstract

Due to the rapid advancement of technologies including the tremendous growth of multimedia content, cloud computing and mobile usage, conventional networks are not able to meet the demands. Software-Defined Networks (SDN) are considered one of the key enabling technologies providing a new powerful network architecture that allows the dynamic operation of different services using a common infrastructure. Despite their notable gains, SDNs may not be secure and are vulnerable to attacks. In this paper, we address the SDN vulnerabilities and present attack-specific feature selection to identify the features that have the most impact on anomaly detection. We first use the InSDN intrusion dataset that considers different attacks including Denial-of-Service (DoS), Distributed-DoS (DDoS), brute force, probe, web and botnet attacks. We then perform data pre-processing and apply univariate feature selection to select the features having the highest impact on the different attacks. These selected features can then be used to train the model which reduces the computational cost of modeling while keeping the high performance of the model. Detailed analysis and simulation results are then presented to show the predominant features and their impact on the different attacks.