A Semi-Supervised Machine Learning Approach Using K-Means Algorithm to Prevent Burst Header Packet Flooding Attack in Optical Burst Switching Network

شبكة تبديل الاندفاع البصري (OBS) هي تقنية اتصال بصري من الجيل الجديد. في شبكة OBS ، ترسل عقدة الحافة أولاً حزمة تحكم ، تسمى حزمة رأس الاندفاع (BHP) التي تحتفظ بالموارد اللازمة لدفعة البيانات القادمة (DB). بمجرد اكتمال الحجز ، تبدأ قاعدة البيانات بالتحرك إلى وجهتها من خلال المسار المحجوز. هناك هجوم بارز على شبكة OBS هو هجوم فيضان BHP حيث ترسل عقدة الحافة BHPs لحجز الموارد ، ولكن في الواقع لا ترسل قاعدة البيانات المرتبطة بها. نتيجة لذلك ، يتم إهدار الموارد المحجوزة وعندما يحدث ذلك على نطاق واسع بما فيه الكفاية ، فقد يحدث رفض الخدمة (DoS). في هذه البحث ، نقترح طريقة شبه آلية للتعلم باستخدام خوارزمية الوسائل k ، لاكتشاف العقد الخبيثة في شبكة OBS. تم تدريب النموذج شبه المراقب المقترح والتحقق من صحته باستخدام بيانات كمية صغيرة من مجموعة بيانات مختارة. تُظهر التجارب أن النموذج يمكن أن يصنف العقد إلى فصول تتصرف أو لا تتصرف بدقة 90٪ عند التدريب باستخدام 20٪ فقط من البيانات. عندما يتم تصنيف العقد إلى فصول تتصرف ، لا تتصرف، وربما لا تتصرف ، فإن النموذج يظهر دقة 65.15 ٪ و 71.84 ٪ إذا تم تدريبه بنسبة 20 ٪ و 30 ٪ من البيانات على التوالي. مقارنة مع بعض الأعمال البارزة كشفت أن النموذج المقترح يتفوق عليها في كثير من النواحي.Optical burst switching (OBS) network is a new generation optical communication technology. In an OBS network, an edge node first sends a control packet, called burst header packet (BHP) which reserves the necessary resources for the upcoming data burst (DB). Once the reservation is complete, the DB starts travelling to its destination through the reserved path. A notable attack on OBS network is BHP flooding attack where an edge node sends BHPs to reserve resources, but never actually sends the associated DB. As a result the reserved resources are wasted and when this happen in sufficiently large scale, a denial of service (DoS) may take place. In this study, we propose a semi-supervised machine learning approach using k-means algorithm, to detect malicious nodes in an OBS network. The proposed semi-supervised model was trained and validated with small amount data from a selected dataset. Experiments show that the model can classify the nodes into either behaving or not-behaving classes with 90% accuracy when trained with just 20% of data. When the nodes are classified into behaving, not-behaving and potentially not-behaving classes, the model shows 65.15% and 71.84% accuracy if trained with 20% and 30% of data respectively. Comparison with some notable works revealed that the proposed model outperforms them in many respects

Semi-supervised learning approach using modified self-training algorithm to counter burst header packet flooding attack in optical burst switching network

Burst header packet flooding is an attack on optical burst switching (OBS) network which may cause denial of service. Application of machine learning technique to detect malicious nodes in OBS network is relatively new. As finding sufficient amount of labeled data to perform supervised learning is difficult, semi-supervised method of learning (SSML) can be leveraged. In this paper, we studied the classical self-training algorithm (ST) which uses SSML paradigm. Generally, in ST, the available true-labeled data (L) is used to train a base classifier. Then it predicts the labels of unlabeled data (U). A portion from the newly labeled data is removed from U based on prediction confidence and combined with L. The resulting data is then used to re-train the classifier. This process is repeated until convergence. This paper proposes a modified self-training method (MST). We trained multiple classifiers on L in two stages and leveraged agreement among those classifiers to determine labels. The performance of MST was compared with ST on several datasets and significant improvement was found. We applied the MST on a simulated OBS network dataset and found very high accuracy with a small number of labeled data. Finally we compared this work with some related works

A Machine Learning Approach For Enhancing Security And Quality Of Service Of Optical Burst Switching Networks

The Optical Bust Switching (OBS) network has become one of the most promising switching technologies for building the next-generation of internet backbone infrastructure. However, OBS networks still face a number of security and Quality of Service (QoS) challenges, particularly from Burst Header Packet (BHP) flooding attacks. In OBS, a core switch handles requests, reserving one of the unoccupied channels for incoming data bursts (DB) through BHP. An attacker can exploit this fact and send malicious BHP without the corresponding DB. If unresolved, threats such as BHP flooding attacks can result in low bandwidth utilization, limited network performance, high burst loss rate, and eventually, denial of service (DoS). In this dissertation, we focus our investigations on the network security and QoS in the presence of BHP flooding attacks. First, we proposed and developed a new security model that can be embedded into OBS core switch architecture to prevent BHP flooding attacks. The countermeasure security model allows the OBS core switch to classify the ingress nodes based on their behavior and the amount of reserved resources not being utilized. A malicious node causing a BHP flooding attack will be blocked by the developed model until the risk disappears or the malicious node redeems itself. Using our security model, we can effectively and preemptively prevent a BHP flooding attack regardless of the strength of the attacker. In the second part of this dissertation, we investigated the potential use of machine learning (ML) in countering the risk of the BHP flood attack problem. In particular, we proposed and developed a new series of rules, using the decision tree method to prevent the risk of a BHP flooding attack. The proposed classification rule models were evaluated using different metrics to measure the overall performance of this approach. The experiments showed that using rules derived from the decision trees did indeed counter BHP flooding attacks, and enabled the automatic classification of edge nodes at an early stage. In the third part of this dissertation, we performed a comparative study, evaluating a number of ML techniques in classifying edge nodes, to determine the most suitable ML method to prevent this type of attack. The experimental results from a preprocessed dataset related to BHP flooding attacks showed that rule-based classifiers, in particular decision trees (C4.5), Bagging, and RIDOR, consistently derive classifiers that are more predictive, compared to alternate ML algorithms, including AdaBoost, Logistic Regression, Naïve Bayes, SVM-SMO and ANN-MultilayerPerceptron. Moreover, the harmonic mean, recall and precision results of the rule-based and tree classifiers were more competitive than those of the remaining ML algorithms. Lastly, the runtime results in ms showed that decision tree classifiers are not only more predictive, but are also more efficient than other algorithms. Thus, our findings show that decision tree identifier is the most appropriate technique for classifying ingress nodes to combat the BHP flooding attack problem