The Devil is in the Details: Confident &amp; Explainable Anomaly Detector for Software-Defined Networks

Das, Tapadhir; Shukla, Raj Mani; Sengupta, Shamik

doi:10.1109/nca53618.2021.9685157

Cited by 10 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is possible due to the presence of a logically centralized SDN controller that regulates and supervises the entire network of switches. The main responsibility of the SDN controller is to inject flow tables within the network switches, therefore, helping to administer network operations, control alterations, and facilitate upgradations [1]. Additionally, this integrated architecture makes other operations like data mining and anomaly detection for improved network operations and security possible [2].…”

Section: Introductionmentioning

confidence: 99%

“…Network intrusions can adversely affect all layers of the SDN architecture and can deteriorate the network's availability, authority, confidentiality, and integrity. These attacks are arduous to detect as they display similar traffic patterns to that of normal network functionality [1]. These threats have led to a rise in the generation of network intrusion detection systems (NIDS).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Bringing To Light: Adversarial Poisoning Detection in Multi-controller Software-defined Networks

Das¹,

Shukla²,

Rath³

et al. 2023

Preprint

View full text Add to dashboard Cite

<p>Machine learning (ML)-based network intrusion detection systems (NIDS) have become a contemporary approach to efficiently protect network communications from cyber attacks. However, ML models can become exploited by adversarial poisonings, like random label manipulation (RLM), which can compromise multi-controller software-defined network (MSDN) operations. In this paper, we develop the Trans-controller Adversarial Perturbation Detection (TAPD) framework for NIDS in multi-controller SDN setups. The detection framework takes advantage of the SDN architecture and focuses on the periodic transference of network intrusion detection models across the SDN controllers in the topology, and validates the models using the local datasets to calculate errors in their predictions with the ground truth. We demonstrate the efficacy of this framework in detecting RLM attacks in an MSDN setup. Results indicate efficient detection performance achieved by the TAPD framework in determining the presence of Random Label Manipulation attacks and the localization of the compromised controllers. We find that the framework works well even when there is a significant number of compromised agents in a large multi-controller setting. However, the performance begins to deteriorate when more than 40% of the SDN controllers in the MSDN have become compromised. </p>

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Bringing To Light: Adversarial Poisoning Detection in Multi-controller Software-defined Networks

Das¹,

Shukla²,

Rath³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Szczepanski et al [34] use a feed forward artificial neural network to classify the network traffic and use surrogate decision trees to find the most likely explanations for a classified sample. Das et al [35] propose a confident and explainable anomaly detector based on random forest, multilayer perceptron, and support vector machine classifiers. The authors then interpret the predictions using the LIME method.…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity Knowledge Extraction Using XAI

et al. 2022

View full text Add to dashboard Cite

Global networking, growing computer infrastructure complexity and the ongoing migration of many private and business aspects to the electronic domain commonly mandate using cutting-edge technologies based on data analysis, machine learning, and artificial intelligence to ensure high levels of network and information system security. Transparency is a major barrier to the deployment of black box intelligent systems in high-risk domains, such as the cybersecurity domain, with the problem getting worse as machine learning models increase in complexity. In this research, explainable machine learning is used to extract information from the CIC-IDS2017 dataset and to critically contrast the knowledge attained by analyzing if–then decision tree rules with the knowledge attained by the SHAP approach. The paper compares the challenges of the knowledge extraction using the SHAP method and the if–then decision tree rules, providing guidelines regarding different approaches suited to specific situations.

show abstract

“…However, this has also increased the potential for network intrusions, which are a continuous threat to network infrastructures as they attempt to compromise the major principles of computing systems: availability, authority, confidentiality, and integrity [1]. These threats are difficult to detect unaided, as they display indistinguishable network traffic patterns as normal functionality [2]. Approaches like firewalls cannot detect these intrusions as they do not possess the ability to inspect and conduct deep packet inspection.…”

Section: Introductionmentioning

confidence: 99%

UNR-IDD: Intrusion Detection Dataset using Network Port Statistics

Das¹,

Hamdan²,

Shukla³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

<div>With the expanded applications of modern-day networking, network infrastructures are at risk from cyber attacks and intrusions. Multiple datasets have been proposed in literature that can be used to create Machine Learning (ML) based Network Intrusion Detection Systems (NIDS). However, many of these datasets suffer from sub-optimal performance and do not adequately represent all types of intrusions in an effective manner. Another problem with these datasets is the low accuracy of tail classes. To address these issues, in this paper, we propose the University of Nevada - Reno Intrusion Detection Dataset (UNR-IDD) that provides researchers with a wider range of samples and scenarios. The proposed dataset utilizes network port statistics for more fine-grained control and analysis of intrusions. We provide a benchmark to show efficient performance for both binary and multi-class classification tasks using different ML algorithms. The paper further explains the intrusion detection activities rather than providing a generic black-box output of the ML algorithms. In comparison with the other established NIDS datasets, we obtain better performance with an Fµ score of 96% and a minimum F score of 93%. This performance can be credited to prioritizing high scoring average and minimum F-Measure scores for modeled intrusions.</div>

show abstract

The Devil is in the Details: Confident & Explainable Anomaly Detector for Software-Defined Networks

Cited by 10 publications

References 17 publications

Bringing To Light: Adversarial Poisoning Detection in Multi-controller Software-defined Networks

Bringing To Light: Adversarial Poisoning Detection in Multi-controller Software-defined Networks

Cybersecurity Knowledge Extraction Using XAI

UNR-IDD: Intrusion Detection Dataset using Network Port Statistics

Contact Info

Product

Resources

About