Evaluation of Apache Spot's machine learning capabilities in an SDN/NFV enabled environment

Software Defined Networking (SDN) and Network Function Virtualisation (NFV) are transforming modern networks towards a service-oriented architecture. At the same time, the cybersecurity industry is rapidly adopting Machine Learning (ML) algorithms to improve detection and mitigation of complex attacks. Traditional intrusion detection systems perform signature-based detection, based on well-known malicious traffic patterns that signify potential attacks. The main drawback of this method is that attack patterns need to be known in advance and signatures must be preconfigured. Hence, typical systems fail to detect a zero-day attack or an attack with unknown signature. This work considers the use of machine learning for advanced anomaly detection, and specifically deploys the Apache Spot ML framework on an SDN/NFV-enabled testbed running cybersecurity services as Virtual Network Functions (VNFs). VNFs are used to capture traffic for ingestion by the ML algorithm and apply mitigation measures in case of a detected anomaly. Apache Spot utilises Latent Dirichlet Allocation to identify anomalous traffic patterns in Netflow, DNS and proxy data. The overall performance of Apache Spot is evaluated by deploying Denial of Service (Slowloris, BoNeSi) and a Data Exfiltration attack (iodine).

[1]  Nick Feamster,et al.  Improving network management with software defined networking , 2013, IEEE Commun. Mag..

[2]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[3]  Antonio Lioy,et al.  SHIELD: Securing Against Intruders and Other Threats Through an NFV-Enabled Environment , 2017, Guide to Security in SDN and NFV.

[4]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[5]  Tsuyoshi Murata,et al.  {m , 1934, ACML.

[6]  Xavier Robin,et al.  pROC: an open-source package for R and S+ to analyze and compare ROC curves , 2011, BMC Bioinformatics.

[7]  Manas Ranjan Patra,et al.  NETWORK INTRUSION DETECTION USING NAÏVE BAYES , 2007 .

[8]  Chris I. Dalton,et al.  Towards trusted software-defined networks using a hardware-based Integrity Measurement Architecture , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[9]  Boleslaw K. Szymanski,et al.  NETWORK-BASED INTRUSION DETECTION USING NEURAL NETWORKS , 2002 .

[10]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[11]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[12]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[13]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[14]  Cataldo Basile,et al.  A novel approach for integrating security policy enforcement with dynamic network virtualization , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[15]  Haleh Amintoosi,et al.  DNS Tunneling Detection Method Based on Multilabel Support Vector Machine , 2018, Secur. Commun. Networks.

[16]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[17]  M. Braga,et al.  Exploratory Data Analysis , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[18]  Michael I. Jordan,et al.  Latent Dirichlet Allocation , 2001, J. Mach. Learn. Res..

[19]  Georgios Xilouris,et al.  SHIELD: A novel NFV-based cybersecurity framework , 2017, 2017 IEEE Conference on Network Softwarization (NetSoft).

[20]  Toktam Mahmoodi,et al.  Management and Orchestration , 2018, IEEE Commun. Stand. Mag..

[21]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[22]  Lalu Banoth,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2017 .

[23]  Yang Xiao,et al.  A survey of distributed denial-of-service attack, prevention, and mitigation techniques , 2017, Int. J. Distributed Sens. Networks.