The Challenges in ML-Based Security for SDN

Machine learning (ML) is gaining popularity in the network security domain as more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking (SDN) emerge. From the application layer, ML-based SDN security models control the routing/switching of an entire Software Defined Network. Compromising the models is hackers' desirable goal. Previous works have been done on either adversarial machine learning without the context of secure networking environment or on the general vulnerabilities of SDNs without much consideration of the defending ML models. Through examination of the latest ML-based SDN security applications, a good look at ML/SDN specific vulnerabilities accompanied by a successful attack on StratosphereIPS, this paper makes a case for more secure developments of ML-based SDN security applications.

[1]  Yixin Chen,et al.  FADM: DDoS Flooding Attack Detection and Mitigation System in Software-Defined Networking , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[2]  Martino Trevisan,et al.  AWESoME: Big Data for Automatic Web Service Management in SDN , 2018, IEEE Transactions on Network and Service Management.

[3]  Djamal Zeghlache,et al.  Forecasting and anticipating SLO breaches in programmable networks , 2017, 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN).

[4]  Ghassan O. Karame,et al.  On the Fingerprinting of Software-Defined Networks , 2016, IEEE Transactions on Information Forensics and Security.

[5]  Basil S. Maglaris,et al.  Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks , 2014, 2014 Third European Workshop on Software Defined Networks.

[6]  Hani Jamjoom,et al.  Don't call them middleboxes, call them middlepipes , 2014, HotSDN.

[7]  Kuang-Ching Wang,et al.  Elastic IP and security groups implementation using OpenFlow , 2012, VTDC '12.

[8]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[9]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[10]  Jun Bi,et al.  Source address validation solution with OpenFlow/NOX architecture , 2011, 2011 19th IEEE International Conference on Network Protocols.

[11]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[12]  Kotaro Kataoka,et al.  AMPS: Application aware multipath flow routing using machine learning in SDN , 2017, 2017 Twenty-third National Conference on Communications (NCC).

[13]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[14]  Naveen K. Chilamkurti,et al.  Survey on SDN based network intrusion detection system using machine learning approaches , 2018, Peer-to-Peer Networking and Applications.

[15]  Tobias Scheffer,et al.  Stackelberg games for adversarial prediction problems , 2011, KDD.

[16]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[17]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[18]  Choong Seon Hong,et al.  Access point selection algorithm for providing optimal AP in SDN-based wireless network , 2017, 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[19]  Wolfgang Kellerer,et al.  Online learning and adaptation of network hypervisor performance models , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[20]  Vinod Yegneswaran,et al.  Athena: A Framework for Scalable Anomaly Detection in Software-Defined Networks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[21]  Ehab Al-Shaer,et al.  Firewall Policy Reconnaissance: Techniques and Analysis , 2014, IEEE Transactions on Information Forensics and Security.

[22]  Zhe Lin,et al.  Hybrid adversarial sample crafting for black-box evasion attack , 2017, 2017 International Conference on Wavelet Analysis and Pattern Recognition (ICWAPR).

[23]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[24]  Guy Pujolle,et al.  NeuRoute: Predictive dynamic routing for software-defined networks , 2017, 2017 13th International Conference on Network and Service Management (CNSM).

[25]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[26]  Veena B. Mendiratta,et al.  Analytics-Enhanced Automated Code Verification for Dependability of Software-Defined Networks , 2017, 2017 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[27]  Kai Wang,et al.  LiveSec: Towards Effective Security Management in Large-Scale Production Networks , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[28]  Ali A. Ghorbani,et al.  Clustering botnet communication traffic based on n-gram feature selection , 2011, Comput. Commun..

[29]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[30]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .

[31]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[32]  Gurusamy Mohan,et al.  Dynamic attack detection and mitigation in IoT using SDN , 2017, 2017 27th International Telecommunication Networks and Applications Conference (ITNAC).

[33]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[34]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[35]  Cynthia Rudin,et al.  Machine learning with operational costs , 2011, J. Mach. Learn. Res..

[36]  Wai-Xi Liu,et al.  Content Popularity Prediction and Caching for ICN: A Deep Learning Approach With SDN , 2018, IEEE Access.

[37]  Lorenzo Martignoni,et al.  FluXOR: Detecting and Monitoring Fast-Flux Service Networks , 2008, DIMVA.

[38]  Jinoh Kim,et al.  A survey of deep learning-based network anomaly detection , 2017, Cluster Computing.

[39]  W. Timothy Strayer,et al.  Detecting Botnets with Tight Command and Control , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[40]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[41]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[42]  Joseph B. Kadane,et al.  Using uncleanliness to predict future botnet addresses , 2007, IMC '07.

[43]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[44]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[45]  Murat Kantarcioglu,et al.  Modeling Adversarial Learning as Nested Stackelberg Games , 2016, PAKDD.