Advertisement

A Survey on Machine Learning Applications for Software Defined Network Security

  • Juliana Arevalo HerreraEmail author
  • Jorge E. CamargoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11605)

Abstract

The number of machine learning (ML) applications on networking security has increased recently thanks to the availability of processing and storage capabilities. Combined with new technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), it becomes an even more interesting topic for the research community. In this survey, we present studies that employ ML techniques in SDN environments for security applications. The surveyed papers are classified into ML techniques (used to identify general anomalies or specific attacks) and IDS frameworks for SDN. The latter category is relevant since reviewed paers include the implementation of data collection and mitigation techniques, besides just defining a ML model, as the first category. We also identify the standard datasets, testbeds, and additional tools for researchers.

Keywords

Software defined networks Machine learning Network security 

References

  1. 1.
  2. 2.
  3. 3.
  4. 4.
    sFlow.org - Making the Network Visible. https://sflow.org/
  5. 5.
    Welcome to Scapy’s documentation!—Scapy 2.4.2-dev documentation. https://scapy.readthedocs.io/en/latest/
  6. 6.
    Ahmed, M.E., Kim, H., Park, M.: Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking. In: Proceedings - IEEE Military Communications Conference MILCOM (2017).  https://doi.org/10.1109/MILCOM.2017.8170802
  7. 7.
    Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015).  https://doi.org/10.1109/TR.2015.2421391CrossRefGoogle Scholar
  8. 8.
    Alshamrani, A., Chowdhary, A., Pisharody, S., Lu, D., Huang, D.: A defense system for defeating DDoS attacks in SDN based Networks. In: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access - MobiWac 2017, pp. 83–92. ACM Press, New York (2017).  https://doi.org/10.1145/3132062.3132074
  9. 9.
    Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst. Appl. 67, 296–303 (2017).  https://doi.org/10.1016/j.eswa.2016.09.041CrossRefGoogle Scholar
  10. 10.
    Amaral, P., Dinis, J., Pinto, P., Bernardo, L., Tavares, J., Mamede, H.S.: Machine learning in software defined networks: data collection and traffic classification. In: 2016 IEEE 24th International Conference on Network Protocols (ICNP), pp. 1–5. IEEE, November 2016.  https://doi.org/10.1109/ICNP.2016.7785327
  11. 11.
    Ashraf, J., Latif, S.: Handling intrusion and DDoS attacks in software defined networks using machine learning techniques. In: 2014 National Software Engineering Conference, pp. 55–60. IEEE, November 2014.  https://doi.org/10.1109/NSEC.2014.6998241
  12. 12.
    Bakhshi, T.: Multi-feature enterprise traffic characterization in openflow-based software defined networks. In: 2017 International Conference on Frontiers of Information Technology (FIT), pp. 23–28. IEEE, December 2017.  https://doi.org/10.1109/FIT.2017.00012. http://ieeexplore.ieee.org/document/8261006/
  13. 13.
    Canadian Institute for Cybersecurity: NSL-KDD Datasets. https://www.unb.ca/cic/datasets/nsl.html
  14. 14.
    Carvalo, L.F., Abrao, T., de Souza Mendes, L., Proença, M.L.: An ecosystem for anomaly detection and mitigation in software-defined networking. Expert Syst. Appl. 104, 121–133 (2018).  https://doi.org/10.1016/j.eswa.2018.03.027CrossRefGoogle Scholar
  15. 15.
    Paper, N.W.: Network functions virtualisation: an introduction, benefits, enablers, challenges & call for action. Issue 1 (Technical report, ETSI) (2012)Google Scholar
  16. 16.
    Chowdhary, A., Pisharody, S., Huang, D.: SDN based Scalable MTD solution in cloud network. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense - MTD 2016, pp. 27–36. ACM Press, New York (2016).  https://doi.org/10.1145/2995272.2995274
  17. 17.
    Chung, C.J., Xing, T., Huang, D., Medhi, D., Trivedi, K.: SeReNe: on establishing secure and resilient networking services for an SDN-based multi-tenant datacenter environment. In: 2015 IEEE International Conference on Dependable Systems and Networks Workshops, pp. 4–11. IEEE, June 2015.  https://doi.org/10.1109/DSN-W.2015.25. http://ieeexplore.ieee.org/document/7272544/
  18. 18.
    Clark, D.D., Partridge, C., Ramming, J.C., Wroclawski, J.T.: A knowledge plane for the internet. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications - SIGCOMM 2003, p. 3. ACM Press, New York (2003).  https://doi.org/10.1145/863955.863957
  19. 19.
    Coughlin, M.: A survey of SDN security research. Technical report. http://ngn.cs.colorado.edu/~coughlin/doc/a_survey_of_sdn_security_research.pdf
  20. 20.
    Cui, Y., et al.: SD-Anti-DDoS: fast and efficient DDoS defense in software-defined networks. J. Netw. Comput. Appl. 68, 65–79 (2016).  https://doi.org/10.1016/J.JNCA.2016.04.005. https://www-sciencedirect-com.ezproxy.unal.edu.co/science/article/pii/S1084804516300480CrossRefGoogle Scholar
  21. 21.
    Dawoud, A., Shahristani, S., Raun, C.: A deep learning framework to enhance software defined networks security. In: 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 709–714. IEEE, May 2018.  https://doi.org/10.1109/WAINA.2018.00172. https://ieeexplore.ieee.org/document/8418157/
  22. 22.
    Dawoud, A., Shahristani, S., Raun, C.: Deep learning and software-defined networks: towards secure IoT architecture. Internet Things 3–4, 82–89 (2018).  https://doi.org/10.1016/J.IOT.2018.09.003. https://www.sciencedirect.com/science/article/pii/S2542660518300593CrossRefGoogle Scholar
  23. 23.
  24. 24.
    Gangadhar, S., Sterbenz, J.P.G.: Machine learning aided traffic tolerance to improve resilience for software defined networks, pp. 1–7 (2017)Google Scholar
  25. 25.
    He, L., Xu, C., Luo, Y.: vTC. In: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization - SDN-NFV Security 2016, pp. 53–56. ACM Press, New York (2016).  https://doi.org/10.1145/2876019.2876029
  26. 26.
    Kloti, R., Kotronis, V., Smith, P.: Openflow: a security analysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP), pp. 1–6. IEEE (2013)Google Scholar
  27. 27.
    Kokila, R.T., Thamarai Selvi, S., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 6th International Conference on Advanced Computing, ICoAC 2014 (2015).  https://doi.org/10.1109/ICoAC.2014.7229711
  28. 28.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: Ddos in the IoT: mirai and other botnets. Computer 50(7), 80–84 (2017).  https://doi.org/10.1109/MC.2017.201CrossRefGoogle Scholar
  29. 29.
    Koning, R., de Graaff, B., Polevoy, G., Meijer, R., de Laat, C., Grosso, P.: Measuring the efficiency of SDN mitigations against attacks on computer infrastructures. Future Gener. Comput. Syst. 91(1), 144–156 (2019).  https://doi.org/10.1016/j.future.2018.08.011CrossRefGoogle Scholar
  30. 30.
    Koponen, T., et al.: Onix: a distributed control platform for large-scale production networks. In: Proceedinds of the 9th USENIX Conference on Operating Systems Design and Implementation, vol. 16, no, 2, pp. 133–169 (2010). https://dl.acm.org/citation.cfm?id=279229
  31. 31.
    Kreutz, D., Ramos, F.M., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking - HotSDN 2013, p. 55. ACM Press, New York (2013).  https://doi.org/10.1145/2491185.2491199
  32. 32.
    Kwon, D., et al.: A survey of deep learning-based network anomaly detection. Cluster Comput.  https://doi.org/10.1007/s10586-017-1117-8CrossRefGoogle Scholar
  33. 33.
    Lamport, L.: The part-time parliament. ACM Trans. Comput. Syst. (TOCS) 16, 133–169 (1998).  https://doi.org/10.1145/279227.279229CrossRefGoogle Scholar
  34. 34.
    Latah, M., Toker, L.: An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks. CoRR, June 2018. http://arxiv.org/abs/1806.03875
  35. 35.
    Latah, M., Toker, L.: Towards an efficient anomaly-based intrusion detection for software-defined networks. CoRR, March 2018. http://arxiv.org/abs/1803.06762CrossRefGoogle Scholar
  36. 36.
    Le, A., Dinh, P., Le, H., Tran, N.C.: Flexible network-based intrusion detection and prevention system on software-defined networks. In: 2015 International Conference on Advanced Computing and Applications (ACOMP), pp. 106–111. IEEE (2015)Google Scholar
  37. 37.
    Leland, W.E., Willinger, W., Taqqu, M.S., Wilson, D.V.: On the self-similar nature of ethernet traffic. ACM SIGCOMM Comput. Commun. Rev. 25(1), 202–213 (2004).  https://doi.org/10.1145/205447.205464CrossRefGoogle Scholar
  38. 38.
    Li, J., Zhao, Z., Li, R.: A machine learning based intrusion detection system for software defined 5G network. CoRR, July 2017. http://arxiv.org/abs/1708.04571
  39. 39.
    Lincoln Laboratory, Massachusetts Institute of Technology: 1999 DARPA Intrusion Detection Evaluation Dataset—MIT Lincoln Laboratory (1999). https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset
  40. 40.
    Marotta, A., Carrozza, G., Avallone, S., Manetti, V.: An OpenFlow-based architecture for IaaS security. In: Proceedings of the 3rd International Conference on Application and Theory of Automation in Command and Control Systems - ATACCS 2013, p. 118. ACM Press, New York (2013).  https://doi.org/10.1145/2494493.2494510
  41. 41.
    Mathas, C.M., et al.: Evaluation of Apache Spot’s machine learning capabilities in an SDN/NFV enabled environment. In: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, pp. 1–10. ACM Press, New York (2018).  https://doi.org/10.1145/3230833.3233278
  42. 42.
    Mckeown, N., Anderson, T., Peterson, L., Rexford, J., Shenker, S., Louis, S.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008). http://ccr.sigcomm.org/online/files/p69-v38n2n-mckeown.pdfCrossRefGoogle Scholar
  43. 43.
    Jain, S., et al.: B4: Experience with a globally-deployed software defined WAN. ACM SIGCOMM Comput. Commun. Rev. 43(4), 3–14 (2013).  https://doi.org/10.1145/2534169.2486019CrossRefGoogle Scholar
  44. 44.
    Mestres, A., et al.: Knowledge-defined networking. ACM SIGCOMM Comput. Commun. Rev. 47(3), 4–10 (2016).  https://doi.org/10.1145/3138808.3138810CrossRefGoogle Scholar
  45. 45.
    Mohanapriya, P., Shalinie, S.M.: Restricted Boltzmann machine based detection system for DDoS attack in software defined networks. In: 2017 4th International Conference on Signal Processing, Communication and Networking, ICSCN 2017, pp. 14–19 (2017).  https://doi.org/10.1109/ICSCN.2017.8085731
  46. 46.
    Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., Yang, B.: Predicting network attack patterns in SDN using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172. IEEE, November 2016.  https://doi.org/10.1109/NFV-SDN.2016.7919493
  47. 47.
    Navid, W., Bhutta, M.N.M.: Detection and mitigation of denial of service (DoS) attacks using performance aware software defined networking (SDN). In: 2017 International Conference on Information and Communication Technologies (ICICT), pp. 47–57. IEEE, December 2017.  https://doi.org/10.1109/ICICT.2017.8320164
  48. 48.
    Neupane, R.L., et al.: Dolus. In: Proceedings of the 19th International Conference on Distributed Computing and Networking - ICDCN 2018, pp. 1–10. ACM Press, New York (2018).  https://doi.org/10.1145/3154273.3154346
  49. 49.
    Nguyen, T.N.: The challenges in SDN/ML based network security: a survey. CoRR abs/1804-0, April 2018.  https://doi.org/10.1109/CSNET.2018.8602680. http://arxiv.org/abs/1804.03539
  50. 50.
    Pan, J., Yang, Z.: Cybersecurity challenges and opportunities in the new “edge computing + IoT” world. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization - SDN-NFV Sec 2018, pp. 29–32. ACM Press, New York (2018).  https://doi.org/10.1145/3180465.3180470
  51. 51.
    Pastor, A., Mozo, A., Lopez, D.R., Folgueira, J., Kapodistria, A.: The Mouseworld, a security traffic analysis lab based on NFV/SDN. In: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, pp. 1–6. ACM Press, New York (2018).  https://doi.org/10.1145/3230833.3233283
  52. 52.
    Prakash, A., Priyadarshini, R.: An intelligent software defined network controller for preventing distributed denial of service attack. In: 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), pp. 585–589. IEEE, April 2018.  https://doi.org/10.1109/ICICCT.2018.8473340
  53. 53.
    Prasath, M.K., Perumal, B.: A meta-heuristic Bayesian network classification for intrusion detection. Int. J. Netw. Manag. 29, e2047 (2018).  https://doi.org/10.1002/nem.2047CrossRefGoogle Scholar
  54. 54.
    Qazi, Z.A., et al.: Application-awareness in SDN. ACM SIGCOMM Comput. Commun. Rev. 43, 487–488 (2013).  https://doi.org/10.1145/2534169.2491700CrossRefGoogle Scholar
  55. 55.
    Raj, A., Truong-Huu, T., Mohan, P.M., Gurusamy, M.: Crossfire attack detection using deep learning in software defined ITS networks. CoRR, December 2018. http://arxiv.org/abs/1812.03639
  56. 56.
    Rawat, D.B., Reddy, S.R.: Software defined networking architecture, security and energy efficiency: a survey. IEEE Commun. Surv. Tutor. 19(1), 325–346 (2017).  https://doi.org/10.1109/COMST.2016.2618874CrossRefGoogle Scholar
  57. 57.
    Scott-Hayward, S., Natarajan, S., Sezer, S.: Survey of security in software defined networks. Surv. Tutor. 18(1), 623–654 (2016).  https://doi.org/10.1109/COMST.2015.2474118. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7150550CrossRefGoogle Scholar
  58. 58.
    Shin, S., Gu, G.: Attacking software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking - HotSDN 2013, p. 165. ACM Press, New York (2013).  https://doi.org/10.1145/2491185.2491220
  59. 59.
    Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012).  https://doi.org/10.1016/J.COSE.2011.12.012. https://www.sciencedirect.com/science/article/pii/S0167404811001672CrossRefGoogle Scholar
  60. 60.
    Smith, R.J., Zincir-Heywood, A.N., Heywood, M.I., Jacobs, J.T.: Initiating a moving target network defense with a real-time neuro-evolutionary detector. In: Proceedings of the 2016 on Genetic and Evolutionary Computation Conference Companion - GECCO 2016 Companion, pp. 1095–1102. ACM Press, New York (2016).  https://doi.org/10.1145/2908961.2931681
  61. 61.
    Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12, 1–9 (2018).  https://doi.org/10.1007/s12083-017-0630-0CrossRefGoogle Scholar
  62. 62.
    Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263. IEEE, October 2016.  https://doi.org/10.1109/WINCOM.2016.7777224
  63. 63.
    Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep recurrent neural network for intrusion detection in SDN-based networks. In: 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), pp. 202–206. IEEE, June 2018.  https://doi.org/10.1109/NETSOFT.2018.8460090
  64. 64.
    Tantar, E., Palattella, M.R., Avanesov, T., Kantor, M., Engel, T.: Cognition: a tool for reinforcing security in software defined networks. In: Tantar, A.-A., et al. (eds.) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V. AISC, vol. 288, pp. 61–78. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-07494-8_6CrossRefzbMATHGoogle Scholar
  65. 65.
    Mininet Team: Mininet: an instant virtual network on your laptop (or other PC) - Mininet (2012). http://mininet.org/
  66. 66.
    University of California, Irvine: KDD Cup 1999 Data (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  67. 67.
    Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015).  https://doi.org/10.1016/J.COMNET.2015.02.026. https://www.sciencedirect.com/science/article/pii/S1389128615000742CrossRefGoogle Scholar
  68. 68.
    Wang, B., Sun, Y., Yuan, C., Xu, X.: LESLA - a smart solution for SDN-enabled mMTC E-health monitoring system. In: Proceedings of the 8th ACM MobiHoc 2018 Workshop on Pervasive Wireless Healthcare Workshop - MobileHealth 2018, pp. 1–6. ACM Press, New York (2018).  https://doi.org/10.1145/3220127.3220128
  69. 69.
    Wang, P., Ye, F., Chen, X., Qian, Y.: Datanet: deep learning based encrypted network traffic classification in SDN home gateway. IEEE Access 6, 55380–55391 (2018).  https://doi.org/10.1109/ACCESS.2018.2872430CrossRefGoogle Scholar
  70. 70.
    Wang, P., Chao, K.M., Lin, H.C., Lin, W.H., Lo, C.C.: An efficient flow control approach for SDN-based network threat detection and migration using support vector machine. In: Proceedings - 13th IEEE International Conference on E-Business Engineering, ICEBE 2016 - Including 12th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2016, pp. 56–63 (2017).  https://doi.org/10.1109/ICEBE.2016.020
  71. 71.
    Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016).  https://doi.org/10.1109/COMST.2015.2487361CrossRefGoogle Scholar
  72. 72.
    Yasrebi, P., Monfared, S., Bannazadeh, H., Leon-Garcia, A.: Security function virtualization in software defined infrastructure. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 778–781. IEEE, May 2015.  https://doi.org/10.1109/INM.2015.7140374
  73. 73.
    Zhang, H., Wang, Y., Chen, H., Zhao, Y., Zhang, J.: Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks. Opt. Fiber Technol. 39, 37–42 (2017).  https://doi.org/10.1016/J.YOFTE.2017.09.023. https://www-sciencedirect-com.ezproxy.unal.edu.co/science/article/pii/S1068520017303644CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Universidad Santo TomásBogotáColombia
  2. 2.Universidad Nacional de ColombiaBogotáColombia

Personalised recommendations