An optimal approach to detect anomalies in intrusion detection systems
Subject Areas : Computer NetworksAfsaneh Banitalebi Dehkordi 1 *
1 - Department of Computer Engineering, Payame Noor University (PNU), Tehran, Iran
Keywords: Machine Learning, Security, Intrusion Detection System, Software Defined Network,
Abstract :
Software Defined Networking (SDN) is considered as an innovate architecture of computer networks by using the central controller. Any modification in network data and its arrangement can be effortlessly executed in software via the controller in these networks. Consequently, the identification and timely response to Distributed Denial of Service (DDoS) attacks can be achieved, which is not the case in conventional networks.This paper uses the α-Entropy statistical method considering a threshold and machine learning techniques, K-Nearest Neighbor (KNN), Random Forest (RF) and Support Vector Machine (SVM) to increase the accuracy of detecting DDoS attacks. In this method, the results are evaluated by 10-fold cross validation. The used dataset is ISOT, CTU-13 and UNB ISCX. The results of evaluation with a precision of 99.84% and FPR value of 0.10% indicate the high efficiency of the proposed model in SDN networks.
[1] Yan, Q., et al., software defined networking (SDN) and Distributed DDenial of service (DDOS) Attacks in Cloud Computing Environments:A Survey ,Some Research Issue ,and Challenges. IEEE Communications Surveys and Tutorials, 2015.
[2] Lim, S., et al., A SDN-Oriented DDOS Blocking Scheme for Botnet-Based Attacks, in ICUFN 2014.
[3] Sahay, R., et al., Towards Autonomic DDoS Mitigation using SDN, in SENT 2015:NDSS Workshop on Security of Emerging Networking Technologies. 2015: United States.
[4] Buczak, A. and E. Guven, A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys and Tutorials, 2016. 18(2): p. 1153-1176.
[5] YAN, Q., Q. GONG, and F. DENG, Detection of DDOS Attacks Against Wireless SDN Controllers Based on the Fuzzy Synthetic Evaluation Decision-making Model. Ad Hoc & Sensor Wireless Networks, 2016. 33: p. 275-299.
[6] Todorova, M.S. and S.T. Todorova, DDoS Attack Detection in SDN-based VANET Architectures. 2016, AALBORG.
[7] Kia, M., Early Detection and Mitigation of DDoS In Software Defined Networks. 2015, Ryerson: Toronto,Ontario,Canada.
[8] Mousavi, S.M., Early Detection of DDoS Attacks in SDNController. 2014, Carleton: Ottawa,Ontario.
[9] Bolly, F. and I. Gentil, Phi-entropy inequalities for diffusion semigroups. 2018: Universit´e Paris-Dauphine, Ceremade, UMR CNRS 7534.
[10] Dhawan, M., et al., SPHINX:Detecting Security Attacks in Software Defined Networks, in Network and Distributed System Security Symposium. 2015.
[11] Hoque, N., H. Kashyap, and D. Bhattacharyya, Real-time DDoS attack detection using FPGA. Computer Communications, 2017.
[12] Yadav, A., et al., SDN Control Plan Security in Cloud Computing Against DDoS Attack. IJARIIE, 2016. 2(3): p. 426-430.
[13] YANG, M. and R. WANG, DDoS detection based on wavelet kernel support vector machine. The Journal of China Universities of Posts and Telecommunications. 15(3): p. 59-94.
[14] Hadian Jazi, H., H. Gonzalez, and N. Stakhanova, Detecting HTTP-based Application Layer DoS attacks on Web Servers in the presence of sampling. computer Networks, 2016.
[15] Bhamare, D., et al., Feasibility of Supervised Machine Learning for Cloud Security. IEEE, 2016.
[16] Asadollahi, S. and B. Goswami, Experimenting with scalability of floodlight controller in software defined networks, in International Conference on Electrical, Electronics, Communication, Computer and Optimization Techniques (ICEECCOT). 2017.
[17] Mininet ,An Instant Virtual Network on your Laptop (or other PC). Available from: http://mininet.org/.
[18] Cross-validation (statistics). Available: https://en.wikipedia.org/wiki/Cross-validatikon_(statistics).
[19] Tan, Z., et al., Detection of Denial-of-Service Attacks Based on Computer Vision Techniques. IEEE TRANSACTIONS ON COMPUTERS, 2013.
[20] Wang, B., et al., DDOS Attack Protection in the Era of Cloud Computing and Software -Defined Networking, in Network Protocols (ICNP), 2014 IEEE 22nd International Conference 2014.
[21] YASSIN, W., et al., ANOMALY-BASED INTRUSION DETECTION THROUGH KMEANS CLUSTERING AND NAIVES BAYES CLASSIFICATION, in 4th International Conference on Computing and Informatics, ICOCI. 2013.
[22] Saied, A., R. Overill, and T. Radzik, Detection of known and unknown DDOS attacks using Artifitial Neural Networks. Neurocomputing, 2015.
[23] Catania, C. and C. Garcia Garino, Towards Reducing Human Effort in Network Intrusion Detection, in The 7th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications. 2013: Berlin, Germany.
[24] Fallahi, N., A. Sami, and M. Tajbakhsh, Automated Flow-based Rule Generation for Network Intrusion Detection Systems, in 24th Iranian Conference on Electrical Engineering (ICEE). 2016.