Predicting network attack patterns in SDN using machine learning approach

An experimental setup of 32 honeypots reported 17M login attempts originating from 112 different countries and over 6000 distinct source IP addresses. Due to decoupled control and data plane, Software Defined Networks (SDN) can handle these increasing number of attacks by blocking those network connections at the switch level. However, the challenge lies in defining the set of rules on the SDN controller to block malicious network connections. Historical network attack data can be used to automatically identify and block the malicious connections. There are a few existing open-source software tools to monitor and limit the number of login attempts per source IP address one-by-one. However, these solutions cannot efficiently act against a chain of attacks that comprises multiple IP addresses used by each attacker. In this paper, we propose using machine learning algorithms, trained on historical network attack data, to identify the potential malicious connections and potential attack destinations. We use four widely-known machine learning algorithms: C4.5, Bayesian Network (BayesNet), Decision Table (DT), and Naive-Bayes to predict the host that will be attacked based on the historical data. Experimental results show that average prediction accuracy of 91.68% is attained using Bayesian Networks.

[1]  Yong Wang,et al.  Classification of Web documents using a naive Bayes method , 2003, Proceedings. 15th IEEE International Conference on Tools with Artificial Intelligence.

[2]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[3]  Finn Verner Jensen,et al.  Introduction to Bayesian Networks , 2008, Innovations in Bayesian Networks.

[4]  A. Neeraja,et al.  Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .

[5]  Sanjay Jha,et al.  A Survey of Securing Networks Using Software Defined Networking , 2015, IEEE Transactions on Reliability.

[6]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[7]  Harold J. Steudel,et al.  A Decision-Table-Based Processor for Checking Completeness and Consistency in Rule-Based Expert Systems , 1987, Int. J. Man Mach. Stud..

[8]  Egbenimi Beredugo Eskca,et al.  Software Defined Networks’ Security: An Analysis of Issues and Solutions , 2015 .

[9]  Tao Jin,et al.  Application-awareness in SDN , 2013, SIGCOMM.

[10]  V. Sugumaran,et al.  A comparative study of Naïve Bayes classifier and Bayes net classifier for fault diagnosis of monoblock centrifugal pump using wavelet analysis , 2012, Appl. Soft Comput..

[11]  Wei-tiao Wu,et al.  Research on choice of travel mode model based on Naive Bayesian Method , 2011, 2011 International Conference on Business Management and Electronic Information.

[12]  Ron Kohavi,et al.  The Power of Decision Tables , 1995, ECML.

[13]  Sotiris B. Kotsiantis,et al.  Supervised Machine Learning: A Review of Classification Techniques , 2007, Informatica.

[14]  Gul Muhammad Khan,et al.  Short-term daily peak load forecasting using fast learning neural network , 2011, 2011 11th International Conference on Intelligent Systems Design and Applications.

[15]  Seemab Latif,et al.  Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques , 2014, 2014 National Software Engineering Conference.

[16]  C. Brodley,et al.  Decision tree classification of land cover from remotely sensed data , 1997 .

[17]  Jennifer Rexford,et al.  Scalable Network Virtualization in Software-Defined Networks , 2013, IEEE Internet Computing.

[18]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[19]  Kemal Polat,et al.  A novel hybrid intelligent method based on C4.5 decision tree classifier and one-against-all approach for multi-class classification problems , 2009, Expert Syst. Appl..

[20]  Rebecca Renner,et al.  What lies beneath. , 2008, Environmental science & technology.

[21]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[22]  Paul C. van Oorschot,et al.  What Lies Beneath? Analyzing Automated SSH Bruteforce Attacks , 2015, PASSWORDS.