{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T07:00:38Z","timestamp":1777705238035,"version":"3.51.4"},"reference-count":34,"publisher":"SAGE Publications","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IFS"],"published-print":{"date-parts":[[2021,3,2]]},"abstract":"Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.<\/jats:p>","DOI":"10.3233\/jifs-200850","type":"journal-article","created":{"date-parts":[[2021,1,5]],"date-time":"2021-01-05T06:06:14Z","timestamp":1609826774000},"page":"4237-4256","source":"Crossref","is-referenced-by-count":22,"title":["An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier"],"prefix":"10.1177","volume":"40","author":[{"given":"K.","family":"Muthamil Sudar","sequence":"first","affiliation":[]},{"given":"P.","family":"Deepalakshmi","sequence":"additional","affiliation":[]}],"member":"179","reference":[{"issue":"1","key":"10.3233\/JIFS-200850_ref1","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/JPROC.2014.2371999","article-title":"Software-defined networking: A comprehensive survey","volume":"103","author":"Kreutz","year":"2014","journal-title":"Proceedings of the IEEE"},{"issue":"44","key":"10.3233\/JIFS-200850_ref3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.17485\/ijst\/2016\/v9i44\/89812","article-title":"Application of artificial intelligence to software defined networking: A survey","volume":"9","author":"Latah","year":"2016","journal-title":"Indian Journal of Science and Technology"},{"issue":"2","key":"10.3233\/JIFS-200850_ref4","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1007\/s12083-017-0630-0","article-title":"Survey on SDN based network intrusion detection system using machine learning approaches","volume":"12","author":"Sultana","year":"2019","journal-title":"Peer-to-Peer Networking and Applications"},{"issue":"10","key":"10.3233\/JIFS-200850_ref6","doi-asserted-by":"crossref","first-page":"11994","DOI":"10.1016\/j.eswa.2009.05.029","article-title":"Intrusion detection by machine learning: A review","volume":"36","author":"Tsai","year":"2009","journal-title":"Expert Systems with Applications"},{"key":"10.3233\/JIFS-200850_ref7","doi-asserted-by":"crossref","first-page":"279","DOI":"10.1016\/j.comnet.2016.11.017","article-title":"A survey: Control plane scalability issues and approaches in software-defined networking (SDN)","volume":"112","author":"Karakus","year":"2017","journal-title":"Computer Networks"},{"key":"10.3233\/JIFS-200850_ref8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.comcom.2015.06.004","article-title":"Control plane of software defined networks: A survey","volume":"67","author":"Xie","year":"2015","journal-title":"Computer Communications"},{"key":"10.3233\/JIFS-200850_ref10","doi-asserted-by":"crossref","first-page":"919","DOI":"10.1016\/j.procs.2016.07.111","article-title":"A survey on feature selection","volume":"91","author":"Miao","year":"2016","journal-title":"Procedia Computer Science"},{"issue":"7-8","key":"10.3233\/JIFS-200850_ref11","doi-asserted-by":"crossref","first-page":"1671","DOI":"10.1007\/s00521-013-1370-6","article-title":"Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components","volume":"24","author":"Ahmad","year":"2014","journal-title":"Neural Computing and Applications"},{"key":"10.3233\/JIFS-200850_ref12","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1016\/j.jisa.2018.11.007","article-title":"Cyber intrusion detection by combined feature selection algorithm","volume":"44","author":"Mohammadi","year":"2019","journal-title":"Journal of Information Security and Applications"},{"key":"10.3233\/JIFS-200850_ref13","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1016\/j.jocs.2017.03.006","article-title":"Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model","volume":"25","author":"Aljawarneh","year":"2018","journal-title":"Journal of Computational Science"},{"issue":"6","key":"10.3233\/JIFS-200850_ref16","doi-asserted-by":"crossref","first-page":"453","DOI":"10.1049\/iet-net.2018.5080","article-title":"Towards an efficient anomaly-based intrusion detection for software-defined networks","volume":"7","author":"Latah","year":"2018","journal-title":"IET Networks"},{"key":"10.3233\/JIFS-200850_ref18","unstructured":"Wang W. and Gombault S. , Efficient detection of DDoS attacks with important attributes. In 2008 Third International Conference on Risks and Security of Internet and Systems (pp. 61\u201367). IEEE. (2008)."},{"key":"10.3233\/JIFS-200850_ref19","doi-asserted-by":"crossref","unstructured":"Zaman S. and Karray F. , Features selection for intrusion detection systems based on support vector machines. In 2009 6th IEEE Consumer Communications and Networking Conference (pp. 1\u20138). IEEE. (2009).","DOI":"10.1109\/CCNC.2009.4784780"},{"key":"10.3233\/JIFS-200850_ref20","unstructured":"Aziz A.S.A. , Azar A.T. , Salama M.A. , Hassanien A.E. and Hanafy S.E.O. , Genetic algorithm with different feature selection techniques for anomaly detectors generation. In 2013 Federated Conference on Computer Science and Information Systems (pp. 769\u2013774). IEEE. (2013)."},{"key":"10.3233\/JIFS-200850_ref22","doi-asserted-by":"crossref","unstructured":"Parashar M. , Poonia A. and Satish K. , A Survey of Attacks and their Mitigations in Software Defined Networks. In 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1\u20138). IEEE. (2019).","DOI":"10.1109\/ICCCNT45670.2019.8944621"},{"key":"10.3233\/JIFS-200850_ref23","doi-asserted-by":"crossref","unstructured":"Celesova B. , Val\u2019ko J. , Grezo R. and Helebrandt P. , Enhancing security of SDN focusing on control plane and data plane. In 2019 7th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1\u20136). IEEE. (2019).","DOI":"10.1109\/ISDFS.2019.8757542"},{"issue":"3","key":"10.3233\/JIFS-200850_ref24","doi-asserted-by":"crossref","first-page":"106","DOI":"10.3390\/info10030106","article-title":"SDN-based intrusion detection system for early detection and mitigation of DDoS attacks","volume":"10","author":"Manso","year":"2019","journal-title":"Information"},{"issue":"12","key":"10.3233\/JIFS-200850_ref25","first-page":"1848","article-title":"A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection","volume":"2","author":"Revathi","year":"2013","journal-title":"International Journal of Engineering Research & Technology (IJERT)"},{"key":"10.3233\/JIFS-200850_ref26","doi-asserted-by":"crossref","unstructured":"Alhaj T.A. , Siraj M.M. , Zainal A. , Elshoush H.T. and Elhaj F. , Feature selection using information gain for improved structural-based alert correlation, PloS One 11(11) (2016).","DOI":"10.1371\/journal.pone.0166017"},{"key":"10.3233\/JIFS-200850_ref27","doi-asserted-by":"crossref","unstructured":"Ullah I. and Mahmoud Q.H. , A filter-based feature selection model for anomaly-based intrusion detection systems. In 2017 IEEE International Conference on Big Data (Big Data) (pp. 2151\u20132159). IEEE. (2017).","DOI":"10.1109\/BigData.2017.8258163"},{"key":"10.3233\/JIFS-200850_ref28","doi-asserted-by":"crossref","unstructured":"Lee J. , Park D. and Lee C. , Feature Selection Algorithm for Intrusions Detection System using Sequential Forward Search and Random Forest Classifier, KSII Transactions on Internet & Information Systems 11(10) (2017).","DOI":"10.3837\/tiis.2017.10.024"},{"issue":"1","key":"10.3233\/JIFS-200850_ref30","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1186\/s13638-016-0623-3","article-title":"Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing","volume":"2016","author":"Osanaiye","year":"2016","journal-title":"EURASIP Journal on Wireless Communications and Networking"},{"issue":"4","key":"10.3233\/JIFS-200850_ref31","doi-asserted-by":"crossref","first-page":"1184","DOI":"10.1016\/j.jnca.2011.01.002","article-title":"Mutual information-based feature selection for intrusion detection systems","volume":"34","author":"Amiri","year":"2011","journal-title":"Journal of Network and Computer Applications"},{"issue":"2","key":"10.3233\/JIFS-200850_ref32","doi-asserted-by":"crossref","first-page":"59","DOI":"10.14257\/ijdta.2014.7.2.06","article-title":"An efficient hybrid intrusion detection system based on C5. 0 and SVM","volume":"7","author":"Golmah","year":"2014","journal-title":"International Journal of Database Theory and Application"},{"key":"10.3233\/JIFS-200850_ref33","doi-asserted-by":"crossref","unstructured":"Deepa V. , Sudar K.M. and Deepalakshmi P. , Design of Ensemble Learning Methods for DDoS Detection in SDN Environment. In 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN) (pp. 1\u20136). IEEE. (2019).","DOI":"10.1109\/ViTECoN.2019.8899682"},{"key":"10.3233\/JIFS-200850_ref34","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1016\/j.protcy.2012.05.017","article-title":"Intrusion detection using naive Bayes classifier with feature reduction","volume":"4","author":"Mukherjee","year":"2012","journal-title":"Procedia Technology"},{"issue":"1\u20133","key":"10.3233\/JIFS-200850_ref35","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1504\/IJIE.2020.104642","article-title":"Comparative study on IDS using machine learning approaches for software defined networks","volume":"7","author":"Sudar","year":"2020","journal-title":"International Journal of Intelligent Enterprise"},{"key":"10.3233\/JIFS-200850_ref37","doi-asserted-by":"crossref","unstructured":"Ingre B. , Yadav A. and Soni A.K. , Decision tree based intrusion detection system for NSL-KDD dataset. In International Conference on Information and Communication Technology for Intelligent Systems (pp. 207\u2013218). Springer, Cham. (2017).","DOI":"10.1007\/978-3-319-63645-0_23"},{"key":"10.3233\/JIFS-200850_ref38","doi-asserted-by":"crossref","unstructured":"Ombase P.M. , Kulkarni N.P. , Bagade S.T. and Mhaisgawali A.V. , DoS attack mitigation using rule based and anomaly based techniques in software defined networking. In 2017 International Conference on Inventive Computing and Informatics (ICICI) (pp. 469\u2013475). IEEE. (2017).","DOI":"10.1109\/ICICI.2017.8365396"},{"key":"10.3233\/JIFS-200850_ref45","doi-asserted-by":"crossref","unstructured":"Boero L. , Marchese M. and Zappatore S. , Support vector machine meets software defined networking in ids domain. In 2017 29th International Teletraffic Congress (ITC 29) (Vol. 3, pp. 25\u201330). IEEE. (2017).","DOI":"10.23919\/ITC.2017.8065806"},{"key":"10.3233\/JIFS-200850_ref46","doi-asserted-by":"crossref","unstructured":"Preamthaisong P. , Auyporntrakool A. , Aimtongkham P. , Sriwuttisap T. and So-In C. , Enhanced DDoS Detection using Hybrid Genetic Algorithm and Decision Tree for SDN. In 2019 16th International Joint Conference on Computer Science and Software Engineering (JCSSE) (pp. 152\u2013157). IEEE. (2019).","DOI":"10.1109\/JCSSE.2019.8864216"},{"key":"10.3233\/JIFS-200850_ref47","unstructured":"Yuan Y. , Huo L. and Hogrefe D. , Two layers multi-class detection method for network intrusion detection system. In 2017 IEEE Symposium on Computers and Communications (ISCC) (pp. 767\u2013772). IEEE. (2017)."},{"key":"10.3233\/JIFS-200850_ref48","doi-asserted-by":"crossref","unstructured":"Deepa V. , Sudar K.M. and Deepalakshmi P. , Detection of DDoS attack on SDN control plane using Hybrid Machine Learning Techniques. In 2018 International Conference on Smart Systems and Inventive Technology (ICSSIT) (pp. 299\u2013303). IEEE. (2018).","DOI":"10.1109\/ICSSIT.2018.8748836"},{"key":"10.3233\/JIFS-200850_ref49","first-page":"2","article-title":"GA and SVM algorithms for selection of hybrid feature in intrusion detection systems","volume":"1","author":"Sarvari","year":"2015","journal-title":"Network"}],"container-title":["Journal of Intelligent & Fuzzy Systems"],"original-title":[],"link":[{"URL":"https:\/\/content.iospress.com\/download?id=10.3233\/JIFS-200850","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T09:43:17Z","timestamp":1777455797000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/full\/10.3233\/JIFS-200850"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,2]]},"references-count":34,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.3233\/jifs-200850","relation":{},"ISSN":["1064-1246","1875-8967"],"issn-type":[{"value":"1064-1246","type":"print"},{"value":"1875-8967","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,3,2]]}}}