Deceiving Machine Learning-Based Saturation Attack Detection Systems in SDN

Recently, different machine learning-based detection systems are proposed to detect DDoS saturation attacks in Software-defined Networking (SDN). Meanwhile, different research studies highlight the vulnerabilities of adapting such systems in SDN. For instance, an adversary can fool the machine learning classifiers of these systems by crafting specific adversarial attack samples, preventing the detection of DoS saturation attacks. To better understand the security properties of these classifiers in adversarial settings, this paper investigates the robustness of the supervised and unsupervised machine learning classifiers against adversarial attacks. First, we propose an adversarial testing tool that can generate adversarial attacks that avoid the detection of four saturation attacks (i.e., SYN, UDP, ICMP, and TCP-SARFU), by perturbing different traffic features. Second, we propose a machine learning-based saturation attack detection system that utilizes different supervised and unsupervised machine learning classifiers as a testing platform. The experimental results demonstrate that the generated adversarial attacks can reduce the detection performance of the proposed detection system dramatically. Specifically, the detection performance of the four saturation attacks was decreased by more than 90% across several machine learning classifiers. This indicates that the proposed adversarial testing tool can effectively compromise the machine learning-based saturation attack detection systems.

[1]  Naveen K. Chilamkurti,et al.  Survey on SDN based network intrusion detection system using machine learning approaches , 2018, Peer-to-Peer Networking and Applications.

[2]  Fabio Roli,et al.  Evasion Attacks against Machine Learning at Test Time , 2013, ECML/PKDD.

[3]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[4]  Yixin Chen,et al.  FADM: DDoS Flooding Attack Detection and Mitigation System in Software-Defined Networking , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[5]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[6]  Mayank Dave,et al.  Software-defined Networking-based DDoS Defense Mechanisms , 2019, ACM Comput. Surv..

[7]  Rui Wang,et al.  An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[8]  Sanjay Jha,et al.  Quantifying the impact of adversarial evasion attacks on machine learning based android malware classifiers , 2017, 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA).

[9]  Edoardo Serra,et al.  vSwitchGuard: Defending OpenFlow Switches Against Saturation Attacks , 2020, 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC).

[10]  Ian J. Goodfellow,et al.  Technical Report on the CleverHans v2.1.0 Adversarial Examples Library , 2016 .

[11]  Tam N. Nguyen The Challenges in ML-Based Security for SDN , 2018, 2018 2nd Cyber Security in Networking Conference (CSNet).

[12]  Aziz Mohaisen,et al.  Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks , 2019, 2019 IEEE Conference on Dependable and Secure Computing (DSC).

[13]  Edoardo Serra,et al.  Detecting Saturation Attacks in SDN via Machine Learning , 2019, 2019 4th International Conference on Computing, Communications and Security (ICCCS).

[14]  Sandra Scott-Hayward,et al.  Investigating Adversarial Attacks against Network Intrusion Detection Systems in SDNs , 2019, 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[15]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[16]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[17]  Dianxiang Xu,et al.  Detecting Saturation Attacks Based on Self-Similarity of OpenFlow Traffic , 2020, IEEE Transactions on Network and Service Management.