AnDO: A Lightweight Feature Extraction Framework for IDS Modeling in Low-Resource Software-Defined Networks

Chavula, Josiah and Safla, Aslam and Makaba, Tebogo and Eybers, Sunet and Chigona, Wallace and Nitschke, Geoff (2026) AnDO: A Lightweight Feature Extraction Framework for IDS Modeling in Low-Resource Software-Defined Networks, Annual Research Conference of South Africa Institute of Computer Scientists and Information Technologists (SAICSIT 2026), 13-16 July 2026, Cape Town, South Africa, Springer Nature Computer Science book series (CCIS, LNAI, LNBI, NBIP or LNCS), Springer Series.

[thumbnail of AnDO_ FeatureExtraction_ResearchPaper.pdf] Archive
AnDO_ FeatureExtraction_ResearchPaper.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial.
Download (897kB)
[thumbnail of Camera_Ready_Paper.pdf] Archive
Camera_Ready_Paper.pdf
Available under License Creative Commons Attribution Non-commercial.
Download (897kB)

Abstract

Network traffic features serve as predictor variables for machine learning-based intrusion detection systems (ML-IDS), yet practical deployment is often hindered by computational overhead and latency introduced during capture and extraction. While benchmark datasets like UNSW-NB15 and InSDN have accelerated IDS research through pre-engineered features, they exhibit limited generalization in live or heterogeneous environments. Critically, SDN-oriented datasets omit architecture-intrinsic attributes such as control-plane state, data-plane interactions, and flow-rule dynamics essential for accurately modeling SDN behavior. This paper proposes AnDO, an efficient real-time feature extraction framework for low-resource Software-Defined Networking environments. AnDO implements an end-to-end extraction pipeline directly within the live network, eliminating external database dependencies. The architecture integrates Argus for flow generation, nDPI for protocol classification, and ONOS control-plane intelligence, augmented by a custom sliding-window connection-tracking engine for contextual flow statistics. By fusing packet-level metrics, protocol labels, and SDN state information, AnDO extracts 50 per-flow features under a linear computational model. Experimental evaluation in a virtualized SDN testbed demonstrates predictable scalability, stable resource utilization, and bounded overhead. These results validate AnDO as an efficient, resource-aware feature extraction framework suitable for constrained and community-oriented network environments.

Item Type: Conference proceedings
Uncontrolled Keywords: Feature extraction, SDN-specific features, ONOS Controller, SDN architecture, Machine Learning IDS, Network traffic, Low-resource CWNs, Lightweight feature engineering framework
Subjects: Security and privacy > Intrusion/anomaly detection and malware mitigation
Networks > Network properties > Network security
Networks > Network algorithms
Date Deposited: 23 Jun 2026 12:04
Last Modified: 23 Jun 2026 12:04
URI: https://pubs.cs.uct.ac.za/id/eprint/1783

Actions (login required)

View Item View Item