Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Gias, T M Rayhan; Islam, Syed Tasnimul; Hương, Trương Thu; Thanh, Nguyen Huu; Bauschert, Thomas

doi:10.1109/globecom38437.2019.9013585

Cited by 23 publications

(16 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Q-Learning is also explored by Phan et al in their DoS defense framework named Q-Mind [181] in SDN. The Q-Learningbased agent controls the anomaly classification system based on SVM, SOM, and RF.…”

Section: Reinforcement Learning (Rl) Based Modelsmentioning

confidence: 99%

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Rayhan¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Cite

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

show abstract

Section: Reinforcement Learning (Rl) Based Modelsmentioning

confidence: 99%

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Rayhan¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Therefore, more complex detection mechanisms are needed. The Q-MIND framework proposed in [24] defeats stealthy DoS attacks in SDN environments. This solution mitigates slow-rate DoS attacks using a reinforcement learning reward-based policy to delete all flows stemming from an identified attacker IP.…”

Section: A Existing Workmentioning

confidence: 99%

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks represent the most common and critical attacks targeting conventional and new generation networks, such as the Internet of Things (IoT), cloud computing, and fifth-generation (5G) communication networks. In recent years, DDoS attacks have become not only massive but also sophisticated. Software-Defined Networking (SDN) technology has demonstrated effectiveness in counter-measuring complex attacks since it provides flexibility on global network monitoring and inline network configuration. Although several works have been proposed to detect DDoS attacks, in most of them the authors did not use up-to-date datasets that contain the newest threats. Furthermore, only a few previous works assessed their solutions using simulated scenarios, easing the migration to production networks. This document presents the implementation of a modular and flexible SDN-based architecture to detect transport and application layer DDoS attacks using multiple Machine Learning (ML) and Deep Learning (DL) models. Exploring diverse ML/DL methods allowed us to resolve which methods perform better under different attack types and conditions. We tested the ML/DL models using two up-to-date security datasets, and they showed accuracy above 99% on classifying unseen traffic (testing set). We also deployed a simulated environment using the network emulator Mininet and the Open Network Operating System (ONOS) SDN controller. In this experimental setup, we demonstrated high detection rates, above 98% for transport DDoS attacks and up to 95% for application-layer DDoS attacks.INDEX TERMS Software Defined Networking, deep learning, machine learning, DDoS attack, transport layer, application layer, slow-rate attacks.

show abstract

“…In dealing with DoS attacks, [33] proposed an RL-based Q-MIND algorithm that utilizes Q-learning in an SDN environment to mitigate stealthy attacks. The Q-MIND DoS detection scheme is implemented in the SDN application plane and communicates with the controller via the Northbound API.…”

Section: Review Of Similar Workmentioning

confidence: 99%

“…However, prior to the 100 iterations, SVM and RF perform better. To improve the research findings, [33,34] proposed a Deep Deterministic Policy Gradient (DDPG) algorithm implemented as a policy network in a RL mitigation agent to learn network flow patterns and throttle malicious TCP, SYN, UDP, and ICMP flooding attacks. The proposed framework results were compared to AIMD router throttling and CTL approaches for DDoS detection after 20,000 episodes with 10 s episode interval.…”

Section: Review Of Similar Workmentioning

confidence: 99%

Multi-Agent Reinforcement Learning Framework in SDN-IoT for Transient Load Detection and Prevention

Dake¹,

Gadze²,

Klogo³

et al. 2021

Technologies

View full text Add to dashboard Cite

The fast emergence of IoT devices and its accompanying big and complex data has necessitated a shift from the traditional networking architecture to software-defined networks (SDNs) in recent times. Routing optimization and DDoS protection in the network has become a necessity for mobile network operators in maintaining a good QoS and QoE for customers. Inspired by the recent advancement in Machine Learning and Deep Reinforcement Learning (DRL), we propose a novel MADDPG integrated Multiagent framework in SDN for efficient multipath routing optimization and malicious DDoS traffic detection and prevention in the network. The two MARL agents cooperate within the same environment to accomplish network optimization task within a shorter time. The state, action, and reward of the proposed framework were further modelled mathematically using the Markov Decision Process (MDP) and later integrated into the MADDPG algorithm. We compared the proposed MADDPG-based framework to DDPG for network metrics: delay, jitter, packet loss rate, bandwidth usage, and intrusion detection. The results show a significant improvement in network metrics with the two agents.

show abstract

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Cited by 23 publications

References 14 publications

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

Multi-Agent Reinforcement Learning Framework in SDN-IoT for Transient Load Detection and Prevention

Contact Info

Product

Resources

About