AI INTRUSION DETECTION SYSTEM USING GRAPH NEURAL NETWORKS FOR SOFTWARE DEFINED NETWORKS (SDN)

Programmable and centralized control via Software-Defined Networking (SDN) is a step forward in Network Intelligence; however, it also creates new vulnerabilities by expanding the attack surface. Modern Intrusion Detection Systems (IDS) often have difficulty understanding and capturing window time-based relational dependencies and dynamic topological behavior within SDN traffic flows. In this work, we propose an advanced Graph Neural Network (GNN)-based IDS and demonstrate how to model SDN traffic flow as structured graphs to allow for deeper extraction of spatial-temporal patterns than traditional machine learning models ever could. Our proposed framework uses a combination of Graph Convolutional Networks (GCN) and Graph Attention Network (GAT) to learn both global and localized feature representations, effectively improving discrimination between benign and malicious flows. Using benchmark datasets for evaluation, we show our system outperforms traditional machine learning and deep learning in all metrics (Accuracy, Precision, Recall, F1-score, ROC-AUC) with an excellent AUC score of 0.992. Additionally, our model has demonstrated excellent generalization capabilities when it comes to detecting low-rate, stealthy attacks and proved to be computationally feasible for deployment in real-time SDN environments. These results provide strong evidence for the viability of using GNN architectures for the development of intelligent adaptive high-precision monitoring solutions for next-generation programmable networks