The Challenges in ML-Based Security for SDN

Machine learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Dened Networking (SDN) emerge. Sitting at the application layer and communicating with the control layer, machine learning based SDN security models exercise a huge influence on the routing/switching of the entire Software Defined Network. Compromising the models is therefore a very desirable goal. Previous surveys have been done on either adversarial machine learning without the context of secure networking environment or the general vulnerabilities of SDNs without much consideration of the defending ML models. Through examination of the latest ML based SDN security applications and a good look at ML/SDN specific vulnerabilities accompanied by common attack methods on ML, this paper serves as a unique survey, making a case for more secure development processes of ML-based SDN security applications.

[1]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[2]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[3]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[4]  Cynthia Rudin,et al.  Machine learning with operational costs , 2011, J. Mach. Learn. Res..

[5]  Veena B. Mendiratta,et al.  Analytics-Enhanced Automated Code Verification for Dependability of Software-Defined Networks , 2017, 2017 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[6]  Jinoh Kim,et al.  A survey of deep learning-based network anomaly detection , 2017, Cluster Computing.

[7]  W. Timothy Strayer,et al.  Detecting Botnets with Tight Command and Control , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[8]  Ali A. Ghorbani,et al.  Clustering botnet communication traffic based on n-gram feature selection , 2011, Comput. Commun..

[9]  Kai Wang,et al.  LiveSec: Towards Effective Security Management in Large-Scale Production Networks , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[10]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .

[11]  Choong Seon Hong,et al.  Access point selection algorithm for providing optimal AP in SDN-based wireless network , 2017, 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[12]  Martino Trevisan,et al.  AWESoME: Big Data for Automatic Web Service Management in SDN , 2018, IEEE Transactions on Network and Service Management.

[13]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[14]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[15]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[16]  Kuang-Ching Wang,et al.  Elastic IP and security groups implementation using OpenFlow , 2012, VTDC '12.

[17]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[18]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[19]  Wai-Xi Liu,et al.  Content Popularity Prediction and Caching for ICN: A Deep Learning Approach With SDN , 2018, IEEE Access.

[20]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[21]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[22]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[23]  Djamal Zeghlache,et al.  Forecasting and anticipating SLO breaches in programmable networks , 2017, 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN).

[24]  Basil S. Maglaris,et al.  Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks , 2014, 2014 Third European Workshop on Software Defined Networks.

[25]  Hani Jamjoom,et al.  Don't call them middleboxes, call them middlepipes , 2014, HotSDN.

[26]  Naveen K. Chilamkurti,et al.  Survey on SDN based network intrusion detection system using machine learning approaches , 2018, Peer-to-Peer Networking and Applications.

[27]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[28]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[29]  Vinod Yegneswaran,et al.  Athena: A Framework for Scalable Anomaly Detection in Software-Defined Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[30]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[31]  Murat Kantarcioglu,et al.  Modeling Adversarial Learning as Nested Stackelberg Games , 2016, PAKDD.

[32]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[33]  Jun Bi,et al.  Source address validation solution with OpenFlow/NOX architecture , 2011, 2011 19th IEEE International Conference on Network Protocols.

[34]  Kotaro Kataoka,et al.  AMPS: Application aware multipath flow routing using machine learning in SDN , 2017, 2017 Twenty-third National Conference on Communications (NCC).

[35]  Yixin Chen,et al.  FADM: DDoS Flooding Attack Detection and Mitigation System in Software-Defined Networking , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[36]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[37]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[38]  Gurusamy Mohan,et al.  Dynamic attack detection and mitigation in IoT using SDN , 2017, 2017 27th International Telecommunication Networks and Applications Conference (ITNAC).