CTMBIDS: convolutional Tsetlin machine-based intrusion detection system for DDoS attacks in an SDN environment

Software Defined Networks (SDN) face many security challenges today. A great deal of research has been done within the field of Intrusion Detection Systems (IDS) in these networks. Yet, numerous approaches still rely on deep learning algorithms, but these algorithms suffer from complexity in implementation, the need for high processing power, and high memory consumption. In addition to security issues, firstly, the number of datasets that are based on SDN protocols are very small. Secondly, the ones that are available encompass a variety of attacks in the network and do not focus on a single attack. For this reason, to introduce an SDN-based IDS with a focus on Distributed Denial of Service (DDoS) attacks, it is necessary to generate a DDoS-oriented dataset whose features can train a high-quality IDS. In this work, in order to address two important challenges in SDNs, in the first step, we generate three DDoS attack datasets based on three common and different network topologies. Then, in the second step, using the Convolutional Tsetlin Machine (CTM) algorithm, we introduce a lightweight IDS for DDoS attack dubbed "CTMBIDS," with which we implement an anomaly-based IDS. The lightweight nature of the CTMBIDS stems from its low memory consumption and also its interpretability compared to the existing complex deep learning models. The low usage of system resources for the CTMBIDS makes it an ideal choice for an optimal software that consumes the SDN controller’s least amount of memory. Also, in order to ascertain the quality of the generated datasets, we compare the empirical results of our work with the DDoS attacks of the KDDCup99 benchmark dataset as well. Since the main focus of this work is on a lightweight IDS, the results of this work show that the CTMBIDS performs much more efficiently than traditional and deep learning based machine learning algorithms. Furthermore, the results also show that in most datasets, the proposed method has relatively equal or better accuracy and also consumes much less memory than the existing methods.