Cyberpulse: A Machine Learning Based Link Flooding Attack Mitigation System for Software Defined Networks

Software-Defined Network (SDN) has been developed to reduce network complexity through control and manage the whole network from a centralized location. Today, SDN is widely implemented in many data center's network environments. Nevertheless, emerging technology itself can lead to many vulnerabilities and threats which are still challenging for manufacturers to address it. Therefore, deploying Intrusion Detection Systems (IDSs) to monitor malicious activities is a crucial part of the network architecture. Although the centralized view of the SDN network creates new opportunities for the implementation of IDSs, the performance of these detection techniques relies on the quality of the training datasets. Unfortunately, there are no publicly available datasets that can be used directly for anomaly detection systems applied in SDN networks. The majority of the published studies use non-compatible and outdated datasets, such as the KDD'99 dataset. This manuscript aims to generate an attack-specific SDN dataset and it is publicly available to the researchers. To the best of our knowledge, our work is one of the first solutions to produce a comprehensive SDN dataset to verify the performance of intrusion detection systems. The new dataset includes the benign and various attack categories that can occur in the different elements of the SDN platform. Further, we demonstrate the use of our proposed dataset by performing an experimental evaluation using eight popular machine-learning-based techniques for IDSs.

show abstract

“…As a result, the normal delivery of packets will be interrupted. • Link Flooding Attack (LFA) [63], [64]…”

Section: B Sdn Specific Attacksmentioning

confidence: 99%

InSDN: A Novel SDN Intrusion Dataset

2020

View full text Add to dashboard Cite

show abstract

“…In tradition, detecting LFA can be classified into two types mentioned above. There are two studies that use deep learning methods to detect LFA [ 11 , 12 ]. There are normal traffic and anomalous traffic when the attack happens, so this category of deep learning method classifies two types of traffic by artificial neural networks.…”

Section: Related Workmentioning

confidence: 99%

“…On the other hand, in [ 9 , 10 ] the authors attempt to monitor the traceroute packets, which are launched by the attacker to acquire the topology and attacks on target links. The second LFA defending step is to mitigate LFA by rerouting traffic [ 1 , 10 ] or blocking malicious traffic [ 4 , 5 , 8 , 11 , 12 , 13 ] in order to deter the attack, to relieve the harm, and to recover the attacked network to a normal status. The traffic rerouting methods reroute flows that originally travel through the target links to relieve their congestions.…”

Section: Introductionmentioning

confidence: 99%

“…To overcome the changing attack characteristics of LFA, numerous artificial intelligence (AI) methodologies [ 11 , 12 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 , 23 , 24 , 25 ] are introduced to defend against LFA through end-to-end functionality (Input: network status; Output: defending action) without any manual intervention [ 26 , 27 , 28 , 29 , 30 ]. The AI-based methodologies, therefore, reduce the inefficient labor cost, subjective judgment, and self-learning regarding the changing attack characteristics of LFA in a timely manner.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

Chen

Lai

Jan

et al. 2021

Sensors

View full text Add to dashboard Cite

(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.

show abstract

“…Open source software has also brought amazing changes to the software industry with its openness and flexibility. However, with the open source software developing rapidly, it also brings us huge security problems [1–4]. From the beginning of 2015 to the beginning of 2017, the 360 security team selected 2228 open source projects from GitHub, Source forge and other open source communities for testing.…”

Section: Introductionmentioning

confidence: 99%

Open source software security vulnerability detection based on dynamic behavior features

Shen

et al. 2019

PLoS ONE

View full text Add to dashboard Cite

Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential security problems. Therefore, security analysis is required before using open source software. The current mainstream open source software vulnerability analysis technology is based on source code, and there are problems such as false positives, false negatives and restatements. In order to solve the problems, based on the further study of behavior feature extraction and vulnerability detection technology, a method of using dynamic behavior features to detect open source software vulnerabilities is proposed. Firstly, the relationship between open source software vulnerability and API call sequence is studied. Then, the behavioral risk vulnerability database of open source software is proposed as a support for vulnerability detection. In addition, the CNN-IndRNN classification model is constructed by improving the Independently Recurrent Neural Net-work (IndRNN) algorithm and applies to open source software security vulnerability detection. The experimental results verify the effectiveness of the proposed open source software security vulnerability detection method based on dynamic behavior features.

show abstract

Cyberpulse: A Machine Learning Based Link Flooding Attack Mitigation System for Software Defined Networks

Cited by 74 publications

References 28 publications

InSDN: A Novel SDN Intrusion Dataset

InSDN: A Novel SDN Intrusion Dataset

A Spatiotemporal-Oriented Deep Ensemble Learning Model to Defend Link Flooding Attacks in IoT Network

Open source software security vulnerability detection based on dynamic behavior features

Contact Info

Product

Resources

About