Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques

Nasser Alshammari, Shumaila Shahzadi, Saad Awadh Alanazi, Shahid Naseem, Muhammad Anwar, Madallah Alruwaili, Muhammad Rizwan Abid, Omar Alruwaili, Ahmed Alsayat, Fahad Ahmad

Research output: Contribution to journalArticlepeer-review

41 Downloads (Pure)


Software Defined Network (SDN) and Network Function Virtualization (NFV) technology promote several benefits to network operators, including reduced maintenance costs, increased network operational performance, simplified network lifecycle, and policies management. Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration (NFV MANO), and malicious attacks in different scenarios disrupt the NFV Orchestrator (NFVO) and Virtualized Infrastructure Manager (VIM) lifecycle management related to network services or individual Virtualized Network Function (VNF). This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users. An anomaly detector investigates these identified risks and provides secure network services. It enables virtual network security functions and identifies anomalies in Kubernetes (a cloud-based platform). For training and testing purpose of the proposed approach, an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf, Neptune, Teardrop, Pod, Land, IPsweep, etc., categorized as Probing (Prob), Denial of Service (DoS), User to Root (U2R), and Remote to User (R2L) attacks. An anomaly detector is anticipated with the capabilities of a Machine Learning (ML) technique, making use of supervised learning techniques like Logistic Regression (LR), Support Vector Machine (SVM), Random Forest (RF), Naïve Bayes (NB), and Extreme Gradient Boosting (XGBoost). The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes. RF classifier has shown better outcomes (99.90% accuracy) than other classifiers in detecting anomalies/intrusions in the containerized environment.
Original languageEnglish
Pages (from-to)363-394
Number of pages32
JournalComputer Systems Science and Engineering
Issue number2
Publication statusPublished - 19 Mar 2024


  • software defined network
  • network function visualization
  • network function virtualization management and orchestration
  • virtual infrastructure manager
  • virtual network function
  • Kubernetes
  • Kubectl
  • artificial intelligence
  • machine learning

Cite this