Support Vector Machine Meets Software Defined Networking in IDS Domain

Intrusion Detection Systems (IDS) are aimed at analyzing and detecting security problems. IDS based on anomaly detection and, in particular, on statistical analysis, inspect each traffic flow in order to get its statistical characterization, which represents the fingerprint of the flow. Software Defined Networking (SDN) is revolutionizing the networking industry by enabling programmability, easier management and faster innovation. These benefits are made possible by its centralized control plane architecture which allows the network to be programmed and controlled by one central entity. The fusion of these two technologies can lead to an innovative system of malware detection. This paper tries to join these two concepts in order to obtain the best from the two worlds. We use a well known machine learning scheme (Support Vector Machine) as core system for detecting malware by using only traffic features that can be extracted using an SDN controller.