Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

The ever-increasing number of internet-connected devices, along with the continuous evolution of cyber-attacks, in terms of volume and ingenuity, has led to a widened cyber-threat landscape, rendering infrastructures prone to malicious attacks. Towards addressing systems’ vulnerabilities and alleviating the impact of these threats, this paper presents a machine learning based situational awareness framework that detects existing and newly introduced network-enabled entities, utilizing the real-time awareness feature provided by the SDN paradigm, assesses them against known vulnerabilities, and assigns them to a connectivity-appropriate network slice. The assessed entities are continuously monitored by an ML-based IDS, which is trained with an enhanced dataset. Our endeavor aims to demonstrate that a neural network, trained with heterogeneous data stemming from the operational environment (common vulnerability enumeration IDs that correlate attacks with existing vulnerabilities), can achieve more accurate prediction rates than a conventional one, thus addressing some aspects of the situational awareness paradigm. The proposed framework was evaluated within a real-life environment and the results revealed an increase of more than 4% in the overall prediction accuracy.

[1]  Nikolaos Pitropakis,et al.  Towards An SDN Assisted IDS , 2021, 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[2]  Thomas L. Saaty,et al.  DECISION MAKING WITH THE ANALYTIC HIERARCHY PROCESS , 2008 .

[3]  Ying Liang,et al.  Heterogeneous Multi-Sensor Data Fusion with Multi-Class Support Vector Machines: Creating Network Security Situation Awareness , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[4]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[5]  Sheo Kumar,et al.  Characteristics categorization dataset KDD cup’99 , 2019 .

[6]  Igor V. Kotenko,et al.  CVSS-based Probabilistic Risk Assessment for Cyber Situational Awareness and Countermeasure Selection , 2017, 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP).

[7]  Pavel Celeda,et al.  Toward real-time network-wide cyber situational awareness , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[8]  Evangelos Pallis,et al.  Security Assessment as a Service Cross-Layered System for the Adoption of Digital, Personalised and Trusted Healthcare , 2019, 2019 IEEE 5th World Forum on Internet of Things (WF-IoT).

[9]  Ali A. Ghorbani,et al.  Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization , 2018, ICISSP.

[10]  Dimitrios Tzovaras,et al.  Acceleration at the Edge for Supporting SMEs Security: The FORTIKA Paradigm , 2019, IEEE Communications Magazine.

[11]  Vinod Yegneswaran,et al.  DELTA: A Security Assessment Framework for Software-Defined Networks , 2017, NDSS.

[12]  Feng Wei,et al.  Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN , 2019, SDN-NFV@CODASPY.

[13]  George Mastorakis,et al.  Vulnerability assessment as a service for fog-centric ICT ecosystems: A healthcare use case , 2019, Peer-to-Peer Netw. Appl..

[14]  Pavel Celeda,et al.  Cyber Situation Awareness via IP Flow Monitoring , 2020, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[15]  Lotfi A. Zadeh,et al.  A Simple View of the Dempster-Shafer Theory of Evidence and Its Implication for the Rule of Combination , 1985, AI Mag..

[16]  Nikolaos Pitropakis,et al.  An Enhanced Cyber Attack Attribution Framework , 2018, TrustBus.

[17]  C. A. Kumar,et al.  An analysis of supervised tree based classifiers for intrusion detection system , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[18]  Timothy W. Finin,et al.  A collaborative approach to situational awareness for cybersecurity , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[19]  Xingrui Yu,et al.  Deep Adversarial Learning in Intrusion Detection: A Data Augmentation Enhanced Framework , 2019, ArXiv.

[20]  Dimitrios Tzovaras,et al.  A Secured and Trusted Demand Response system based on Blockchain technologies , 2018, 2018 Innovations in Intelligent Systems and Applications (INISTA).

[21]  Dimitrios Tzovaras,et al.  A Lightweight Cyber-Security Defense Framework for Smart Homes , 2020, 2020 International Conference on INnovations in Intelligent SysTems and Applications (INISTA).

[22]  Huan Wang,et al.  Research on Network Security Situation Assessment and Quantification Method Based on Analytic Hierarchy Process , 2018, Wirel. Pers. Commun..

[23]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[24]  Vijay Sivaraman,et al.  Systematically Evaluating Security and Privacy for Consumer IoT Devices , 2017, IoT S&P@CCS.

[25]  Bing Zhang,et al.  Visual Analysis of Cybersecurity Situational Awareness , 2019, 2019 IEEE 10th International Conference on Software Engineering and Service Science (ICSESS).

[26]  Sasu Tarkoma,et al.  IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[27]  Min Sik Kim,et al.  Cyber situational awareness enhancement with regular expressions and an evaluation methodology , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[28]  Eric Tutu Tchao,et al.  Barrier Free Internet Access: Evaluating the Cyber Security Risk Posed by the Adoption of Bring Your Own Devices to e-Learning Network Infrastructure , 2017, ArXiv.

[29]  M. Bohanec,et al.  The Analytic Hierarchy Process , 2004 .

[30]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[31]  Vassilis Koutkias,et al.  An OpenNCP-based Solution for Secure eHealth Data Exchange , 2018, J. Netw. Comput. Appl..

[32]  Ying Liang,et al.  Multiclass Support Vector Machines Theory and Its Data Fusion Application in Network Security Situation Awareness , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.