AID-SDN: Advanced Intelligent Defense for SDN Using P4 and Machine Learning

The advent of protocol independent packet processor (P4) programming allows devices, such as switches, to determine how data is processed at the data plane. P4 opens up the possibility of using lightweight machine learning models (ML) to support intelligent security services over software-defined networks (SDN). However, it is challenging to integrate ML models into P4-based switches to detect attacks, mainly due to the internal limitations of the P4 architecture. It is also challenging to combine P4-based detection with old-fashioned detection, where attack classification is performed at the edge of the network. To overcome this challenge, this paper proposes Advanced Intelligent Defense for SDN (AID-SDN). It is a hybrid solution that supports and coordinates two layers of ML classification for attack detection. The first layer runs on P4-based switches and the second layer runs at the edge of the network. The proposed solution aims to benefit from the faster detection of P4-based classification and also from the accuracy and scope of conventional ML classification. AID-SDN has been implemented in a simulated environment to evaluate the performance of the system and assess its ability to accurately detect different types of attacks considering different ML methods. The results show that AID-SDN achieves high performance considering ML metrics and classification time for each attack tested.