A two-stage intrusion detection approach for software-defined IoT networks

The concept of software-defined Internet of Things (SD-IoT) is becoming even more widespread. SD-IoT enables us to realize programmable networks and business, simplifying the management of the Internet of Things (IoT) and improving the IoT flexibility and scalability. However, with the promotion of SD-IoT-based applications and services, security issues in SD-IoT networks have become increasingly prominent. Aimed to deal with such issues, in this paper, we propose a two-stage intrusion detection approach for SD-IoT networks. It can more intelligently detect attacks under SD-IoT networks. In particular, we use the differential evolution algorithm's mutation mechanism to improve the firefly algorithm to solve the existing firefly algorithm's problems, such as slow convergence speed, easy to fall into local optimum on complex problems, and low accuracy. Next, based on the wrapper feature selection method, the selected features are sent to a novel ensemble classifier, composed of the C4.5 decision tree, multilayer perceptron, and instance-based learning. Again, the proposed approach uses the weighted voting method to determine whether network traffic is abnormal. Our proposal's detection performance is evaluated in binary and multiclass classifications by adopting the NSL-KDD and UNSW-NB15 public data sets. Experimental results show that the proposed multiclass classification approach's accuracy is 99.00% and 88.46%, respectively, while the false-positive rate is 0.81% and 4.16%, respectively. Finally, experimental results show that our proposal outperforms existing methods in terms of detection performance.