Evaluation of machine learning techniques for intrusion detection in software defined networking

Abstract. The widespread growth of the Internet paved the way for the need of a new network architecture which was filled by Software Defined Networking (SDN). SDN separated the control and data planes to overcome the challenges that came along with the rapid growth and complexity of the network architecture. However, centralizing the new architecture also introduced new security challenges and created the demand for stronger security measures. The focus is on the Intrusion Detection System (IDS) for a Distributed Denial of Service (DDoS) attack which is a serious threat to the network system. There are several ways of detecting an attack and with the rapid growth of machine learning (ML) and artificial intelligence, the study evaluates several ML algorithms for detecting DDoS attacks on the system. Several factors have an effect on the performance of ML based IDS in SDN. Feature selection, training dataset, and implementation of the classifying models are some of the important factors. The balance between usage of resources and the performance of the implemented model is important. The model implemented in the thesis uses a dataset created from the traffic flow within the system and models being used are Support Vector Machine (SVM), Naive-Bayes, Decision Tree and Logistic Regression. The accuracy of the models has been over 95% apart from Logistic Regression which has 90% accuracy. The ML based algorithm has been more accurate than the non-ML based algorithm. It learns from different features of the traffic flow to differentiate between normal traffic and attack traffic. Most of the previously implemented ML based IDS are based on public datasets. Using a dataset created from the flow of the experimental environment allows training of the model from a real-time dataset. However, the experiment only detects the traffic and does not take any action. However, these promising results can be used for further development of the model

Classifying DDoS packets in high-speed networks

Recently high-speed networks have been utilized by attackers as Distributed Denial of Service (DDoS) attack infrastructure. Services on high-speed networks also have been attacked by successive waves of the DDoS attacks. How to sensitively and accurately detect the attack traffic, and quickly filter out the attack packets are still the major challenges in DDoS defense. Unfortunately most current defense approaches can not efficiently fulfill these tasks. Our approach is to find the network anomalies by using neural network and classify DDoS packets by a Bloom filter-based classifier (BFC). BFC is a set of spaceefficient data structures and algorithms for packet classification. The evaluation results show that the simple complexity, high classification speed and accuracy and low storage requirements of this classifier make it not only suitable for DDoS filtering in high-speed networks, but also suitable for other applications such as string matching for intrusion detection systems and IP lookup for programmable routers.<br /

A review on software defined network security risks and challenges

Software defined network is an emerging networking architecture that separates the traditional integrated control logic and data forwarding functionality into different planes, namely the control plane and data forwarding plane. The data plane does and end to end data delivery. And the control plane does the actual network traffic forwarding and routing between different network segments. In software defined network the networking infrastructure layer where the entire networking device, such as switches and routers reside is connected with the separate controller layer with the help of standard called OpenFlow protocol. It is a standard protocol that allows different vendor devices like juniper switches, cisco switches and huawei switches to be connected to the controller. The centralization of the SDN controller made the network more flexible, manageable and dynamic, such as provisioning of bandwidth, dynamic scale out and scale in compared to the traditional communication network, however the centralized SDN controller is more vulnerable to security risk factors such as DDOS and flow rule poisoning attack. In this paper we will explore the architectures and principles of software defined network and security risks with the centralized SDN controller and possible ways to mitigate these risks

A Brief Review of Security in Emerging Programmable Computer Networking Technologies

Recent programmable networking paradigms, such as cloud computing, fog computing, software- defined networks, and network function virtualization gain significant traction in industry and academia. While these newly developed networking technologies open a pathway to new architectures and enable a faster innovation cycle, there exist many problems in this area. In this article, we provide a review of these programmable networking architectures for comparison. Second, we provide a survey of security attacks and defense mechanisms in these emerging programmable networking technologies

Utilization Of A Large-Scale Wireless Sensor Network For Intrusion Detection And Border Surveillance

To control the border more effectively, countries may deploy a detection system that enables real-time surveillance of border integrity. Events such as border crossings need to be monitored in real time so that any border entries can be noted by border security forces and destinations marked for apprehension. Wireless Sensor Networks (WSNs) are promising for border security surveillance because they enable enforcement teams to monitor events in the physical environment. In this work, probabilistic models have been presented to investigate senor development schemes while considering the environmental factors that affect the sensor performance. Simulation studies have been carried out using the OPNET to verify the theoretical analysis and to find an optimal node deployment scheme that is robust and efficient by incorporating geographical coordination in the design. Measures such as adding camera and range-extended antenna to each node have been investigated to improve the system performance. A prototype WSN based surveillance system has been developed to verify the proposed approach

Cyber Attack Challenges and Resilience for Smart Grids

Date of Acceptance: 31/08/2015Peer reviewedPostprin