Artificial Immune Systems and Fuzzy Logic to Detect Flooding Attacks in Software-Defined Networks

Software-defined Networking (SDN) has been discovered as an architecture that uses applications to make networks flexible and centrally controlled. Although SDN provides innovative management, it still susceptible to attacks daily. Traditional detection approaches may not be sufficient to contain these threats. In this paper, we present an Artificial Immune System based IDS named AIS-IDS, which is inspired by the human body's defense cells. AIS-IDS can detect variations in network behavior and identify attacks without prior knowledge about them. Along with AIS, the fuzzy logic is applied on detection to minimize the uncertainty when there is no clear boundary between anomalous and normal traffic behavior. We have simulated portscan and flooding attacks as well as used a public dataset with several types of DDoS attacks to assess our proposal. We compared the AIS-IDS performance with Naive Bayes, k-nearest neighbors, and the Local Outlier Factor. The AIS-IDS outperformed the compared algorithms, achieving f-measure rates 99.97% and 92.28% when submitted to a simulated and a public dataset, respectively.