A new machine learning-based hybrid intrusion detection system and intelligent routing algorithm for MPLS network

Machine Learning (ML) is seen as a promising application that offers autonomous learning and provides optimized solutions to complex problems. The current Multiprotocol Label Switching (MPLS) network is packed with exponentially increasing applications and different Quality-of-Services (QoS) r...

Full description

Saved in:
Bibliographic Details
Main Author: Mohammad Azmi Ridwan, Dr.
Format: text::Thesis
Language:English
Published: 2023
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Machine Learning (ML) is seen as a promising application that offers autonomous learning and provides optimized solutions to complex problems. The current Multiprotocol Label Switching (MPLS) network is packed with exponentially increasing applications and different Quality-of-Services (QoS) requirements. The conventional QoS methods can only work to some extent, but as the network is getting complex and congested, it will become challenging to satisfy the QoS requirements in the MPLS network. In addition, conventional QoS methods do not learn from past experiences, and in the event of the same network occurrences, the same decisions will be given, which will lead to an uncontrollable increase in delay. On top of that, the MPLS network is vulnerable to cybersecurity threats. The fixed rule-based intrusion detection system (IDS) mechanism demonstrates flaws when exposed to threats such as Denial-of-Service (DoS) attacks. As a result, legitimate users are barred from utilizing the service from the MPLS network. This thesis proposes a hybrid ML-based intrusion detection system (ML-IDS) and ML-based intelligent routing algorithm (ML-RA) for MPLS network. The research is divided into three parts, which are (1) dataset development, (2) algorithm development, and (3) algorithm performance evaluation. The dataset development for both algorithms is carried out via simulations in Graphical Network Simulator 3 (GNS3). The datasets are then fed into MATLAB to train ML classifiers and regression models to classify the incoming traffic as normal or attack and predict traffic delays for all available routes, respectively. Only the normal traffic predicted by the ML-IDS algorithm will be allowed to enter the network domain, and the route with the fastest delay predicted by the ML-RA is assigned for routing. For algorithm performance evaluation, the ML-IDS is compared with ML-CICIDS-59 and ML-CICIDS-45, which are IDS trained using the CICIDS-2018 dataset after performing feature engineering. The result shows that the proposed ML-IDS outperformed both by 19.15%, 99.26%, and 40.48% in terms of accuracy, recall, and F-measure, respectively. The run-time was significantly reduced by 94.45%, which simultaneously indicates low computational works. The proposed ML-IDS achieved outstanding performance, with 24% reduction from the original size of the CICIDS-2018 dataset. Next, the ML-based routing algorithm is compared to the conventional routing algorithm, Routing Information Protocol version 2 (RIPv2). From performance evaluations, the ML-RA shows 100% accuracy in predicting the fastest route in the network for all cases. During network congestion, the proposed ML outperforms the RIPv2 in terms of delay and throughput on average by 57.61% and 46.57%, respectively. Finally, a testbed that resembles the same architecture as per simulations for performance study purposes is developed. The results show that the selected route, trend of delay, and throughput for both testbed and simulations are verified. The performance evaluations proved that a small-scale yet robust ML-IDS algorithm is successfully developed to classify traffic and blocking attack traffic, while proposed ML-RA successfully offer better delay and throughput performance than the RIPv2 routing protocol.