On Efficiency of Selected Machine Learning Algorithms for Intrusion Detection in Software Defined Networks

• Autorzy: Jankowski D. , Amanowicz M.

Identyfikatory

DOI

10.1515/eletel 2016-0033

• Języki publikacji: EN

Abstrakty

EN

We propose a concept of using Software Defined Network (SDN) technology and machine learning algorithms for monitoring and detection of malicious activities in the SDN data plane. The statistics and features of network traffic are generated by the native mechanisms of SDN technology.In order to conduct tests and a verification of the concept, it was necessary to obtain a set of network workload test data.We present virtual environment which enables generation of the SDN network traffic.The article examines the efficiency of selected machine learning methods: Self Organizing Maps and Learning Vector Quantization and their enhanced versions.The results are compared with other SDN-based IDS.

Słowa kluczowe

EN

software defined network; intrusion detection; machine learning; Mininet; SDN

• Wydawca: Polish Academy of Sciences, Committee of Electronics and Telecommunication
• Czasopismo: International Journal of Electronics and Telecommunications
• Rocznik: 2016
• Tom: Vol. 62, No. 3
• Strony: 247--252
• Opis fizyczny: Bibliogr. 21 poz., rys., tab., wykr.

Twórcy

autor

Jankowski D.

• Institute of Telecommunication, Faculty of Electronics, Military University of Technology, Poland

autor

Amanowicz M.

• Institute of Telecommunication, Faculty of Electronics, Military University of Technology, Poland

Bibliografia

• [1] D.Kreutz, F. M Ramos, P. Esteves Verissimo, C. Esteve Rothenberg, S. Azodolmolky, and S. Uhlig, "Software-defined networking: A comprehensive survey," in Proceedings of the IEEE 103.1, 2015, pp.14-76. doi:10.1109/JPROC.2014.2371999
• [2] S. Hayward, Sandra, S. Natarajan, and S. Sezer, "A survey of security in software defined networks," 2015.doi: 0.1109/COMST.2015.2474118.
• [3] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel and M. Rajarajan,. “A survey of intrusion detection techniques in cloud,” in Journal of Network and Computer Applications, vol 36(1), 2013, pp. 42-57. doi: 0.1016/j.jnca.2012.05.003
• [4] H. J. Liao, C. H. R. Lin, Y. C.Lin, and K. Y. Tung, “Intrusion detection system: A comprehensive review,” in Journal of Network and Computer Applications, vol. 36(1), 2013, pp. 16-24. doi: 10.1016/j.jnca.2012.09.004
• [5] N. F. Haq, A. R. Onik, M. Avishek, K. Hridoy, M. Rafni, F. M. Shah, and D. M. Farid, “Application of Machine Learning Approaches in Intrusion Detection System: A Survey,” in International Journal of Advanced Research in Artificial Intelligence, 2015. doi: 10.14569/IJARAI.2015.040302
• [6] M. Kruczkowski, E. Niewiadomska-Szynkiewicz, and A. Kozakiewicz. "FP-tree and SVM for Malicious Web Campaign Detection," in Intelligent Information and Database Systems, Springer International Publishing, 2015, pp. 193-201. doi: 10.1007/978-3-319-15705-4_19
• [7] M. S. Akbar, J. Khalid, and S. A. Khayam, "Revisiting traffic anomaly detection using software defined networking," in Recent Advances in Intrusion Detection, Springer Berlin Heidelberg, 2011, pp. 161-180. doi:10.1007/978-3-642-23644-0_9
• [8] S. Dotcenko, A. Vladyko, and I.Letenko, “A fuzzy logic-based information security management for software-defined networks,” in Advanced Communication Technology, 16th International Conference on IEEE, 2014, pp. 167-171. doi: 10.1109/ICACT.2014.6778942
• [9] K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments,” in Computer Networks, vol 62, 2014, pp. 122-136.doi:10.1016/j.bjp.2013.10.014
• [10] R. Braga, E. Mota, A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow,” in Local Computer Networks (LCN), 35th Conference on. IEEE, 2010. pp. 408-415. doi: 10.1109/LCN.2010.5735752
• [11] R. Sathya and R. Thangarajan, “Efficient Anomaly Detection And Mitigation In Software Defined Networking Environment,” in Electronics and Communication Systems, 2nd International Conference on IEEE, 2015, pp. 479-484.doi: 10.1109/ECS.2015.7124952
• [12] A. Le, P. Dinh, H. Le, and N. C. Tran, “Flexible Network-Based Intrusion Detection and Prevention System on Software-Defined Networks,” presented at International Conference on Advanced Computing and Applications, November 2015, pp. 106-111.doi:10.1109/ACOMP.2015.19
• [13] OpenDaylight Platform [Online]. Available: https://www.opendaylight.org/
• [14] T. Kohonen, “Essentials of the self-organizing map,” in Neural Networks, vol. 37, 2013, pp. 52-65. doi: 10.1016/j.neunet.2012.09.01
• [15] T. Kohonen, “The self-organizing map,” in Proceedings of the IEEE, vol. 78(9), 1990, pp. 1464-1480.
• [16] WEKA Classification Algorithms, A WEKA Plug-in, [Online]. Available: http://wekaclassalgos.sourceforge.net/
• [17] T. Kohonen,, “Learning vector quantization,” Springer Berlin Heidelberg, 1995, pp. 175-189.
• [18] Mininet, An Instant Virtual Network on your Laptop (or other PC), [Online]. Available: http://minimet.org
• [19] M. Hall, E. rank, G. Holmes, B. Pfahringer, P. Reutemann and I. H. Witten, “The WEKA data mining software: an update,” in ACM SIGKDD explorations newsletter, vol. 11(1), 2009, pp. 10-18. doi : 10.1145/1656274.1656278
• [20] G. Pölzlbauer, “Survey and comparison of quality measures for self-organizing maps,“ 2004.
• [21] A. Sperotto, G. Schaffrath, R. Sadre, C. Morariu, A. Pras, and B. Stiller, “An overview of IP flow-based intrusion detection,” in Communications Surveys & Tutorials, IEEE, 12(3), 2010, pp. 343-356. doi: 10.1109/SURV.2010.032210.00054

Uwagi

PL

Opracowanie ze środków MNiSW w ramach umowy 812/P-DUN/2016 na działalność upowszechniającą naukę.