Internet users and internet services are increasing day by day, which increases the internet traffic from zeta-bytes to petabytes with ultra-high-speed. Different types of architecture are implemented to handle high-speed data traffic. The two layers approach of the Software-Defined Network (SDN) architecture converts classical network architecture to consistent, centralized controllable network architecture with programming ability. On the other hand, network security is still the main concern for the network administrator and detection of malicious internet packets in ultra-high-speed traffic of the programmable network. Therefore, in this paper, we proposed a Statistical Analysis Based Intrusion Detection System (SABIDS) by using Machine Learning (ML) approach. The key idea is to implement the SABIDS inside the (RYU) controller that will statistically analyse the high-speed internet traffic flows and block the identified packet generator IP automatically. The SABIDS scheme consists of 3 modules, (1) fetch the runtime flow statistics, (2) Identify the nature of the flow by statistical and pattern match techniques, (3) Block the malicious flow’s source IP. Different types of ML classifiers are used to evaluate the performance of the scheme. This scheme enables the SDN controller to detect malicious traffic and avoid potential losses like system failure or risk of being an attack.

互联网用户和互联网服务日益增加，这使得互联网流量从zeta-bytes以超高速增加到PBs。实现了不同类型的架构来处理高速数据流量。软件定义网络（SDN）架构的两层方法将经典网络架构转换为具有编程能力的一致、集中可控的网络架构。另一方面，网络安全仍然是网络管理员关注的主要问题，在可编程网络的超高速流量中检测恶意互联网数据包。因此，在本文中，我们利用机器学习（ML）方法提出了一种基于统计分析的入侵检测系统（SABIDS）。关键思想是在 (RYU) 控制器内部实施 SABIDS，它将统计分析高速互联网流量并自动阻止识别的数据包生成器 IP。SABIDS 方案由 3 个模块组成，(1) 获取运行时流统计信息，(2) 通过统计和模式匹配技术识别流的性质，(3) 阻止恶意流的源 IP。不同类型的 ML 分类器用于评估方案的性能。该方案使 SDN 控制器能够检测恶意流量并避免系统故障或被攻击风险等潜在损失。(2) 通过统计和模式匹配技术识别流的性质， (3) 阻止恶意流的源 IP。不同类型的 ML 分类器用于评估方案的性能。该方案使 SDN 控制器能够检测恶意流量并避免系统故障或被攻击风险等潜在损失。(2) 通过统计和模式匹配技术识别流的性质， (3) 阻止恶意流的源 IP。不同类型的 ML 分类器用于评估方案的性能。该方案使 SDN 控制器能够检测恶意流量并避免系统故障或被攻击风险等潜在损失。