روشی بهینه برای تشخیص ناهنجاری ها در سیستم های تشخیص نفوذ
محورهای موضوعی : شبکه های کامپیوتری
1 - عضو هییت علمی گروه مهندسی کامپیوتر/دانشگاه پیام نور
کلید واژه: یادگیری ماشین, امنیت , سیتم تشخیص نفوذ, شبکه های نرم افزار محور,
چکیده مقاله :
شبکه های نرم افزارمحور به عنوان معماری ازشبکه های کامپیوتری نوین با استفاده از کنترل کننده مرکزی در نظر گرفته می شوند. هر گونه تغییر در داده های شبکه و ترتیب آن می تواند به صورت بی دردسر در نرم افزار از طریق کنترل کننده در این شبکه ها اجرا شود. در نتیجه، شناسایی و پاسخ به موقع به حملات سایبری مانند حمله منع سرویس توزیع شده (DDoS)می تواند به دست آید که در شبکه های معمولی چنین نیست. در این روش، از تریشولد آلفا وروشهای یادگیری ماشین برای تشخیص ناهنجاری ها استفاده می شود. نتایج با اعتبارسنجی متقابل ۱۰ برابری ارزیابی می شوند. مجموعه داده مورد استفاده ISOT، CTU-13و UNB ISCX است. نتایج ارزیابی با دقت ۹۹.۸۴% و مقدار FPR ، 0.1% نشان دهنده کارایی بالای مدل پیشنهادی در شبکه های SDN است.
Software Defined Networking (SDN) is considered as an innovate architecture of computer networks by using the central controller. Any modification in network data and its arrangement can be effortlessly executed in software via the controller in these networks. Consequently, the identification and timely response to Distributed Denial of Service (DDoS) attacks can be achieved, which is not the case in conventional networks.This paper uses the α-Entropy statistical method considering a threshold and machine learning techniques, K-Nearest Neighbor (KNN), Random Forest (RF) and Support Vector Machine (SVM) to increase the accuracy of detecting DDoS attacks. In this method, the results are evaluated by 10-fold cross validation. The used dataset is ISOT, CTU-13 and UNB ISCX. The results of evaluation with a precision of 99.84% and FPR value of 0.10% indicate the high efficiency of the proposed model in SDN networks.
[1] Yan, Q., et al., software defined networking (SDN) and Distributed DDenial of service (DDOS) Attacks in Cloud Computing Environments:A Survey ,Some Research Issue ,and Challenges. IEEE Communications Surveys and Tutorials, 2015.
[2] Lim, S., et al., A SDN-Oriented DDOS Blocking Scheme for Botnet-Based Attacks, in ICUFN 2014.
[3] Sahay, R., et al., Towards Autonomic DDoS Mitigation using SDN, in SENT 2015:NDSS Workshop on Security of Emerging Networking Technologies. 2015: United States.
[4] Buczak, A. and E. Guven, A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys and Tutorials, 2016. 18(2): p. 1153-1176.
[5] YAN, Q., Q. GONG, and F. DENG, Detection of DDOS Attacks Against Wireless SDN Controllers Based on the Fuzzy Synthetic Evaluation Decision-making Model. Ad Hoc & Sensor Wireless Networks, 2016. 33: p. 275-299.
[6] Todorova, M.S. and S.T. Todorova, DDoS Attack Detection in SDN-based VANET Architectures. 2016, AALBORG.
[7] Kia, M., Early Detection and Mitigation of DDoS In Software Defined Networks. 2015, Ryerson: Toronto,Ontario,Canada.
[8] Mousavi, S.M., Early Detection of DDoS Attacks in SDNController. 2014, Carleton: Ottawa,Ontario.
[9] Bolly, F. and I. Gentil, Phi-entropy inequalities for diffusion semigroups. 2018: Universit´e Paris-Dauphine, Ceremade, UMR CNRS 7534.
[10] Dhawan, M., et al., SPHINX:Detecting Security Attacks in Software Defined Networks, in Network and Distributed System Security Symposium. 2015.
[11] Hoque, N., H. Kashyap, and D. Bhattacharyya, Real-time DDoS attack detection using FPGA. Computer Communications, 2017.
[12] Yadav, A., et al., SDN Control Plan Security in Cloud Computing Against DDoS Attack. IJARIIE, 2016. 2(3): p. 426-430.
[13] YANG, M. and R. WANG, DDoS detection based on wavelet kernel support vector machine. The Journal of China Universities of Posts and Telecommunications. 15(3): p. 59-94.
[14] Hadian Jazi, H., H. Gonzalez, and N. Stakhanova, Detecting HTTP-based Application Layer DoS attacks on Web Servers in the presence of sampling. computer Networks, 2016.
[15] Bhamare, D., et al., Feasibility of Supervised Machine Learning for Cloud Security. IEEE, 2016.
[16] Asadollahi, S. and B. Goswami, Experimenting with scalability of floodlight controller in software defined networks, in International Conference on Electrical, Electronics, Communication, Computer and Optimization Techniques (ICEECCOT). 2017.
[17] Mininet ,An Instant Virtual Network on your Laptop (or other PC). Available from: http://mininet.org/.
[18] Cross-validation (statistics). Available: https://en.wikipedia.org/wiki/Cross-validatikon_(statistics).
[19] Tan, Z., et al., Detection of Denial-of-Service Attacks Based on Computer Vision Techniques. IEEE TRANSACTIONS ON COMPUTERS, 2013.
[20] Wang, B., et al., DDOS Attack Protection in the Era of Cloud Computing and Software -Defined Networking, in Network Protocols (ICNP), 2014 IEEE 22nd International Conference 2014.
[21] YASSIN, W., et al., ANOMALY-BASED INTRUSION DETECTION THROUGH KMEANS CLUSTERING AND NAIVES BAYES CLASSIFICATION, in 4th International Conference on Computing and Informatics, ICOCI. 2013.
[22] Saied, A., R. Overill, and T. Radzik, Detection of known and unknown DDOS attacks using Artifitial Neural Networks. Neurocomputing, 2015.
[23] Catania, C. and C. Garcia Garino, Towards Reducing Human Effort in Network Intrusion Detection, in The 7th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. 2013: Berlin, Germany.
[24] Fallahi, N., A. Sami, and M. Tajbakhsh, Automated Flow-based Rule Generation for Network Intrusion Detection Systems, in 24th Iranian Conference on Electrical Engineering (ICEE). 2016.