A Novel Machine Learning Framework for Advanced Attack Detection using SDN

被引:23
作者
Abou El Houda, Zakaria [1 ,3 ]
Hafid, Abdelhakim Senhaji [1 ]
Khoukhi, Lyes [2 ]
机构
[1] Univ Montreal, Dept Comp Sci & Operat Res, NRL, Montreal, PQ, Canada
[2] Normandie Univ, ENSICAEN, GREYC CNRS, Paris, France
[3] Univ Technol Troyes, Troyes, France
来源
2021 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM) | 2021年
关键词
Machine Learning; Intrusion Detection System; Isolation Forest; SDN;
D O I
10.1109/GLOBECOM46510.2021.9685643
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Recently, software defined networks (SDN) has emerged as novel technology that leverages network programmability to facilitate network management. SDN provides a global view of the network, through a logically centralized component, called SDN controller, to strengthen network security. SDN separates the control plane from the data plane, which allows for a more control over the network and brings new capabilities to cope with the new emerging security threats (i.e., zero-day attacks). Existing attack detection schemes are facing obstacles due to high false positive rates, low detection performances, and high computational costs. To address these issues, we propose a multi-module Machine Learning (ML) framework that combines unsupervised ML techniques with a scalable feature collection and selection scheme to effectively/timely detect network security threats in the context of SDN. In particular, our proposed framework consists of: (1) a data flow collection module (DFC) to gather the features of network data in a scalable and efficient way using sFlow protocol; (2) an Information gain Feature Selection (IGF) module to select the most informative/relevant features to reduce training and testing time complexity; and (3) a novel unsupervised ML module that uses a novel outlier detection scheme, called Isolation Forest (ML-IF), to effectively/timely detect network security threats in SDN. The experimental results using the well-known public network security dataset UNSW-NB15, show that our proposed framework outperforms state-of-the-art contributions in terms of accuracy and detection rate while significantly reducing computational complexity; making it a promising framework to mitigate the new emerging network security threats in SDN.
引用
收藏
页数:6
相关论文
共 27 条
[1]   Blockchain Meets AMI: Towards Secure Advanced Metering Infrastructures [J].
Abou El Houda, Zakaria ;
Hafid, Abdelhakim ;
Khoukhi, Lyes .
ICC 2020 - 2020 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2020,
[2]  
Ali A., 2020, IEEE ACCESS, V8, p109 662
[3]   Securing Software-Defined Vehicular Network Architecture against DDoS attack [J].
Amari, Houda ;
Louati, Wassef ;
Khoukhi, Lyes ;
Belguith, Lamia Hadrich .
PROCEEDINGS OF THE IEEE 46TH CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN 2021), 2021, :653-656
[4]  
[Anonymous], 2011, J MACHINE LEARNING R, V12, P2825
[5]  
[Anonymous], 2021, ICC 2021 IEEE INT C, DOI DOI 10.1109/LCN52139.2021.9524974
[6]   Deep Reinforcement Adversarial Learning Against Botnet Evasion Attacks [J].
Apruzzese, Giovanni ;
Andreolini, Mauro ;
Marchetti, Mirco ;
Venturi, Andrea ;
Colajanni, Michele .
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2020, 17 (04) :1975-1987
[7]   A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning [J].
Arturo Perez-Diaz, Jesus ;
Amezcua Valdovinos, Ismael ;
Choo, Kim-Kwang Raymond ;
Zhu, Dakai .
IEEE ACCESS, 2020, 8 :155859-155872
[8]  
Ashfaq R. A. R., 2017, INFORM SCI, V378, P484
[9]  
Baker S., CRITICAL IND CONFRON
[10]  
El Houda Z.A., 2021, P ICC 2021 2021 IEEE, P1