SDN_Intrusion

Intrusion Detection Systems and Prevention Systems are the most important defence tools that facilitate the network users to get rid of online threats. Because of the growing technology, the demand for the network has been increased. With the implication of IoT, Cloud and SDN, the users and the organization are highly facilitated with the accessing of the service and the data as per their requirement. However, besides the facility of those networks, there are some drawbacks due to the online threats. Cybercriminals use to inject malicious traffic in the SDN to steal sensitive information from there. The network attack in the SDN can be detected using traffic monitoring. The selected data contain the record of the real-time traffic that has been captured on daily basis. The data originally belongs to the Packet Capture file or PCAP and later it was converted to a tabular file.The data contains 79 quantitative and qualitative features out of which 1 feature represent the qualitative attributes and 78 features represent the quantitative attributes. This data will be used for analytical purposes and to detect network intrusion. The total data has been obtained into several segments that contain different types of network trafficOut of all those types of network traffic data, a certain dataset has been chosen that contains the records of DDoS, XSS Intrusion, Brute Force Intrusion, SQL Injection and Bening traffic. The selected dataset contains 1188333 rows of observation of the network intrusion and whitelisted traffics along with 79 features. 

入侵检测系统（Intrusion Detection Systems, IDS）与入侵防御系统（Intrusion Prevention Systems, IPS）是帮助网络用户抵御在线威胁的核心防御工具。随着技术持续迭代升级，网络使用需求不断增长。伴随物联网（IoT）、云计算（Cloud）以及软件定义网络（Software Defined Network, SDN）的落地应用，用户与组织机构均可根据自身需求便捷获取服务与数据。然而这类网络在提供便利的同时，也因在线威胁存在安全隐患。网络犯罪分子会向软件定义网络中注入恶意流量，以窃取敏感信息。可通过流量监测手段检测软件定义网络中的网络攻击。本次选用的数据集包含每日捕获的实时网络流量记录，其原始格式为数据包捕获文件（Packet Capture File, PCAP），后被转换为表格格式文件。该数据集共包含79项特征，其中1项为定性特征，剩余78项为定量特征，可用于网络流量分析与入侵检测任务。原始数据集被划分为多个数据分段，涵盖多种类型的网络流量。本次研究从各类网络流量数据中筛选出特定子集，该子集包含分布式拒绝服务（Distributed Denial of Service, DDoS）攻击、跨站脚本（Cross-Site Scripting, XSS）入侵、暴力破解入侵、结构化查询语言注入（SQL Injection）以及正常网络流量的记录。最终选用的数据集共包含1188333条网络入侵与白名单流量观测样本，涵盖79项特征。