Software-defined networking (SDN) is a potential approach for modern network architecture, which has received great attention recently. SDN-based networks also face security issues, and they can become targets of cyberattacks. Cyber threat hunting is one of the security solutions proposed for early attack detection in SDN. Developing machine learning-based IDS for threat hunting can detect sophisticated and complex cyber-attacks. To improve the accuracy of ML-IDS models, it is necessary to provide data from a variety of sources for the training process. However, participants that join the training process are providing their own data because of issues of security and privacy. In this paper, we propose an approach using federated learning for IDS. Participants can train models themselves on their devices instead of providing their data. In addition, the combination of differential privacy and homomorphic encryption techniques ensures the privacy of model exchange. Moreover, a distributed processing system is used for big data workloads, which are generated from several devices in the SDN-based network. We perform the experiment not only on the CIC-TON-IOT 2018 dataset but also on the real network traffic to evaluate the proposed model. The results have proven the potentiality of our solution in protecting SDN.
