Early Detection of Abnormal Attacks in Software-Defined Networking Using Machine Learning Approaches

Chuang, Hsiu-Min; Liu, Fanpyn; Tsai, Chung-Hsien

doi:10.3390/sym14061178

Cited by 14 publications

(8 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The effect of class imbalance becomes unavoidable when performing multi-attack classification. Some studies simply neglect minority class attacks, while others use oversampling and undersampling techniques to resolve this issue [10]. Another solution is to use multi-class hierarchical binary classification [10,15].…”

Section: Discussionmentioning

confidence: 99%

“…Nevertheless, their topology was the same as that of the creator of the dataset [21]. Authors in [10] supported the fact that using many features could be useful in detection accuracy, but it could lead to issues, such as increased model complexity and training costs. Focus is given on various attacks and the Hierarchical Multi-Class (HMC) architecture is proposed to address the imbalance problem in the InSDN dataset and improve the performance of minority classes, like BFA, botnet, and web attacks.…”

Section: Current Research Reviewmentioning

confidence: 93%

“…Three of these attacks are specific to SDN networks [4,[7][8][9]. Authors in [10] argue that SDN networks may be more susceptible to malicious traffic than traditional environments due to the decoupling of the control plane and data plane. A security breach in conventional networks causes only minor damage to a small portion of the network, whereas an attack on the SDN controller might have catastrophic consequences for the entire network [7][8][9][10][11].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments

Khalid,

Aldabagh

2024

Eng. Technol. Appl. Sci. Res.

View full text Add to dashboard Cite

Software Defined Networking (SDN) threats make network components vulnerable to cyber-attacks, creating obstacles for new model development that necessitate innovative security countermeasures, like Intrusion Detection Systems (IDSs). The centralized SDN controller, which has global view and control over the whole network and the availability of processing and storing capabilities, makes the deployment of artificial intelligence-based IDS in controllers a hot topic in the research community to resolve security issues. In order to develop effective AI-based IDSs in an SDN environment, there must be a high-quality dataset for training the model to offer effective and accurate attack prediction. There are some intrusion detection datasets used by researchers, but those datasets are either outdated or incompatible with the SDN environment. In this survey, an overview of the published work was conducted using the InSDN dataset from 2020 to 2023. Also, research challenges and future work for further research on IDS issues when deployed in an SDN environment are discussed, particularly when employing machine learning and deep learning models. Moreover, possible solutions for each issue are provided to help the researchers carry out and develop new methods of secure SDN.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Current Research Reviewmentioning

confidence: 93%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments

Khalid,

Aldabagh

2024

Eng. Technol. Appl. Sci. Res.

View full text Add to dashboard Cite

show abstract

“…Chuang et al 13 UNSW-NB15 Using a synthetic minority over-sampling technique (SMOTE) to address the class imbalance problem, and improve the classification model accuracy. This may be done by first monitoring the system functions.…”

Section: Ddos-sdn Insdnmentioning

confidence: 99%

Detection of attacks on software defined networks using machine learning techniques and imbalanced data handling methods

Hassan,

Hemdan,

El‐Shafai

et al. 2023

Security and Privacy

View full text Add to dashboard Cite

Software‐defined networks (SDNs) have gained popularity in recent years as a solution for the fundamental issues that affect traditional dispersed networks. The primary advantage of SDNs is the decoupling of the control plane from the data plane, which increases the flexibility of the network. The SDN represents a network architecture of the next generation, however, its configuration options are centralized, leaving it open for cyber‐attacks. This paper concentrates on the early identification of attacks in an SDN environment. When malicious traffic is affecting in an SDN topology, an artificial intelligence (AI) module in the topology is used to detect the attack and stop the attack source using machine learning (ML) techniques. The architecture presented in this research allows for the comparison of several ML classification techniques that are used to identify different sorts of network attacks. For attack detection, eight ML techniques are used, namely logistic regression (LR), linear discriminant analysis (LDA), Naïve Bayes (NB), k‐nearest neighbor (KNN), classification and regression tree (CART), AdaBoost (AB), random forest (RF), and support‐vector machine (SVM) classifiers. These techniques are tested on the InSDN dataset, which is a novel attack‐specific SDN dataset. The results show that the highest accuracy of 98.6% is achieved with the LDA classifier. Further improvement in the accuracy of classification models is observed when random over‐sampling, synthetic minority oversampling technique (SMOTE), random under‐sampling, and under‐sampling with Tomek links and near‐miss concept are applied to address the class imbalance problem. After applying these methods, the LDA classifier showed an accuracy of 98.79%.

show abstract

“…It is becoming more difficult to establish a solid overcoming method to deal with ransomware attacks since ransomware creators are constantly upgrading their products to avoid any new detection methods. To overcome this, researchers employed Software-Defined Networking (SDN) for ransomware detection using deep packet tracing with POST and GET requests [19], [20]. Once the ransomware is detected, the IP addresses of the servers will be blacklisted by the determined servers in charge of controlling the addresses.…”

Section: Introductionmentioning

confidence: 99%

Dynamic Ransomware Detection for Windows Platform Using Machine Learning Classifiers

Park

Razak

2022

JOIV : Int. J. Inform. Visualization

View full text Add to dashboard Cite

In this world of growing technological advancements, ransomware attacks are also on the rise. This threat often affects the finance of individuals, organizations, and financial sectors. In order to effectively detect and block these ransomware threats, the dynamic analysis strategy was proposed and carried out as the approach of this research. This paper aims to detect ransomware attacks with dynamic analysis and classify the attacks using various machine learning classifiers namely: Random Forest, Naïve Bayes, J48, Decision Table and Hoeffding Tree. The TON IoT Datasets from the University of New South Wales' (UNSW) were used to capture ransomware attack features on Windows 7. During the experiment, a testbed was configured with numerous virtual Windows 7 machines and a single attacker host to carry out the ransomware attack. A total of 77 classification features are selected based on the changes before and after the attack. Random Forest and J48 classifiers outperformed other classifiers with the highest accuracy results of 99.74%. The confusion matrix highlights that both Random Forest and J48 classifiers are able to accurately classify the ransomware attacks with the AUC value of 0.997 respectively. Our experimental result also suggests that dynamic analysis with machine learning classifier is an effective solution to detect ransomware with the accuracy percentage exceeds 98%.

show abstract

Early Detection of Abnormal Attacks in Software-Defined Networking Using Machine Learning Approaches

Cited by 14 publications

References 55 publications

A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments

A Survey on the Latest Intrusion Detection Datasets for Software Defined Networking Environments

Detection of attacks on software defined networks using machine learning techniques and imbalanced data handling methods

Dynamic Ransomware Detection for Windows Platform Using Machine Learning Classifiers

Contact Info

Product

Resources

About