{"title":"Anomalous Rule Detection using Machine Learning in Software Defined Networks","authors":"Vignesh Sridharan, G. Mohan, A. Leon-Garcia","doi":"10.1109/NFV-SDN47374.2019.9039984","DOIUrl":null,"url":null,"abstract":"The centralized control plane in Software Defined Networking (SDN) introduces new security threats to the network. A compromised controller can install malicious rules at the switches to perform stealthy attacks such as intermittent packet dropping, route misdirection etc. Replication based approaches in the literature require the switches to broadcast the requests to multiple controllers and verify the rules for consistency before installing them. However, they result in heavy load on the control plane and longer response time for requests from the switches. Other approaches assume forwarding elements, rather than the controller, to be compromised and propose packet sampling and active probing to identify malicious behavior. In this work, we: i) propose a machine learning based framework to detect anomalous behavior at the flow table and identify the compromised controller, ii) develop MTADS, a M achine learning based detection T echnique for A nomaly D etection in S DN, which uses D BSCAN algorithm to identify anomalous rules and behavior, and iii) implement MTADS on top of Floodlight controller managing a network emulated in Mininet and test its detection capabilities against various attacks such as route misdirection, packet drop etc. We compare the performance of MTADS (based on DBSCAN) with K-Means algorithm and show that MTADS (DBSCAN) outperforms the K-Means version and achieves precision and recall of about 85% and 95&, respectively.","PeriodicalId":394933,"journal":{"name":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NFV-SDN47374.2019.9039984","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The centralized control plane in Software Defined Networking (SDN) introduces new security threats to the network. A compromised controller can install malicious rules at the switches to perform stealthy attacks such as intermittent packet dropping, route misdirection etc. Replication based approaches in the literature require the switches to broadcast the requests to multiple controllers and verify the rules for consistency before installing them. However, they result in heavy load on the control plane and longer response time for requests from the switches. Other approaches assume forwarding elements, rather than the controller, to be compromised and propose packet sampling and active probing to identify malicious behavior. In this work, we: i) propose a machine learning based framework to detect anomalous behavior at the flow table and identify the compromised controller, ii) develop MTADS, a M achine learning based detection T echnique for A nomaly D etection in S DN, which uses D BSCAN algorithm to identify anomalous rules and behavior, and iii) implement MTADS on top of Floodlight controller managing a network emulated in Mininet and test its detection capabilities against various attacks such as route misdirection, packet drop etc. We compare the performance of MTADS (based on DBSCAN) with K-Means algorithm and show that MTADS (DBSCAN) outperforms the K-Means version and achieves precision and recall of about 85% and 95&, respectively.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
