Software-defined networking (SDN) is a new networking paradigm that separates the controller from the network devices i.e. routers and switches. The centralized architecture of the SDN facilitates the overall network management and addresses the requirement of current data centers. While there are high benefits offered by the SDN architecture, the risk of new attacks is a critical problem and can prevent the wide adoption of SDNs. The SDN controller is a crucial element, and it is an attractive target for the intruders. In case the attacker successfully accessed the SDN controller, it can route the traffic based on its own requirements, causing severe damage to the entire network. The network intrusion detection systems (NIDSs) are important tools to detect and secure the network environment from malicious activities and anomalous attacks. Deep Learning (DL) has recently shown desirable results in a variety of problems, such as text, speech, and image applications, etc.

While several related works deployed DL for NIDSs, most of these approaches ignore the influence of the overfitting problem during the implementation of DL algorithms. As a result, it can impact the robustness of the anomaly detection system and lead to poor model performance for zero-day attacks. In this work, we propose a new hybrid DL approach based on the convolutional neural network (CNN) to classify the flow traffic into normal or attack classes. A new regularizer method, namely SD-Reg, which is based on the standard deviation of the weight matrix, has been used to address the problem of overfitting and to improve the capability of NIDSs in detection of unseen intrusion events. The evaluation results indicate that the SD-Reg outperforms the previous regularizer methods. In addition, the proposed hybrid technique gives a higher performance in all the evaluation metrics compared to the single DL models. Several datasets, including the InSDN – the most recent dataset for SDN – are used to train and evaluate the performance of all techniques. Furthermore, we suggest a lightweight NIDS by training the CNN-based models using a less number of features without causing a significant drop in the model performance.

软件定义网络 (SDN) 是一种新的网络范式，它将控制器与网络设备（即路由器和交换机）分开。SDN的集中式架构方便了整体网络管理，解决了当前数据中心的需求。虽然 SDN 架构提供了很多好处，但新攻击的风险是一个关键问题，会阻止 SDN 的广泛采用。SDN 控制器是一个关键元素，它是入侵者的一个有吸引力的目标。如果攻击者成功访问了SDN控制器，就可以根据自己的需求对流量进行路由，对整个网络造成严重破坏。网络入侵检测系统 (NIDS) 是检测和保护网络环境免受恶意活动和异常攻击的重要工具。

虽然一些相关工作为 NIDS 部署了 DL，但这些方法中的大多数都忽略了 DL 算法实施过程中过拟合问题的影响。因此，它会影响异常检测系统的鲁棒性，并导致零日攻击的模型性能不佳。在这项工作中，我们提出了一种基于卷积神经网络 (CNN) 的新混合 DL 方法，将流量分为正常或攻击类别。一种新的正则化方法，即基于权重矩阵标准差的 SD-Reg，已被用于解决过拟合问题并提高 NIDS 检测未见入侵事件的能力。评估结果表明，SD-Reg 优于之前的正则化方法。此外，与单个 DL 模型相比，所提出的混合技术在所有评估指标中都具有更高的性能。包括 InSDN（最新的 SDN 数据集）在内的多个数据集用于训练和评估所有技术的性能。此外，我们通过使用较少数量的特征训练基于 CNN 的模型来建议轻量级 NIDS，而不会导致模型性能显着下降。