Evaluation of Machine Learning Techniques for Security in SDN

Ahmad, Ahnaf; Harjula, Erkki; Ylianttila, Mika; Ahmad, Ijaz

doi:10.1109/gcwkshps50303.2020.9367477

Cited by 36 publications

(29 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, the degree of freedom of the Machine Learning model was not considered in [3] to evaluate the number of adjustable parameters or weights and [51] suggested to fine-tune "hyper-parameters" in the framework doing the learning, but it is still not an optimal evaluation approach. In [52,53], various assessment methods have been suggested to test and assess Machine Learning models without mentioning the confusion matrix. Recently, Maseer et al [54] have used the CICIDS 2017 dataset to evaluate the Machine Learning model but the time complexity and confusion matrix were not considered.…”

Section: Ip Addressmentioning

confidence: 99%

“…Recently, Maseer et al [54] have used the CICIDS 2017 dataset to evaluate the Machine Learning model but the time complexity and confusion matrix were not considered. The discussion of the validation drawbacks presented in [3,[51][52][53][54]] is summarised in Table 3. Reference Drawbacks [3] The time complexity was not considered.…”

Section: Ip Addressmentioning

confidence: 99%

“…[52] The confusion matrix was not considered. [53] Binary stratification was considered without confusion matrix. [54] The time complexity and confusion matrix are not considered.…”

Section: Ip Addressmentioning

confidence: 99%

See 2 more Smart Citations

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

2021

View full text Add to dashboard Cite

This research attempts to introduce the production methodology of an anomaly detection dataset using ten desirable requirements. Subsequently, the article presents the produced dataset named UGRansome, created with up-to-date and modern network traffic (netflow), which represents cyclostationary patterns of normal and abnormal classes of threatening behaviours. It was discovered that the timestamp of various network attacks is inferior to one minute and this feature pattern was used to record the time taken by the threat to infiltrate a network node. The main asset of the proposed dataset is its implication in the detection of zero-day attacks and anomalies that have not been explored before and cannot be recognised by known threats signatures. For instance, the UDP Scan attack has been found to utilise the lowest netflow in the corpus, while the Razy utilises the highest one. In turn, the EDA2 and Globe malware are the most abnormal zero-day threats in the proposed dataset. These feature patterns are included in the corpus, but derived from two well-known datasets, namely, UGR’16 and ransomware that include real-life instances. The former incorporates cyclostationary patterns while the latter includes ransomware features. The UGRansome dataset was tested with cross-validation and compared to the KDD99 and NSL-KDD datasets to assess the performance of Ensemble Learning algorithms. False alarms have been minimized with a null empirical error during the experiment, which demonstrates that implementing the Random Forest algorithm applied to UGRansome can facilitate accurate results to enhance zero-day threats detection. Additionally, most zero-day threats such as Razy, Globe, EDA2, and TowerWeb are recognised as advanced persistent threats that are cyclostationary in nature and it is predicted that they will be using spamming and phishing for intrusion. Lastly, achieving the UGRansome balance was found to be NP-Hard due to real life-threatening classes that do not have a uniform distribution in terms of several instances.

show abstract

Section: Ip Addressmentioning

confidence: 99%

Section: Ip Addressmentioning

confidence: 99%

See 1 more Smart Citation

UGRansome1819: A Novel Dataset for Anomaly Detection and Zero-Day Threats

2021

View full text Add to dashboard Cite

show abstract

“…Ahnaf Ahmad et al [34] evaluated the application of several ML algorithms for Intrusion Detection Systems (IDS) in Software Defined Networks (SDN). SDN separates the network control and the data forwarding planes.…”

Section: B Improving Network Security and Privacymentioning

confidence: 99%

“…With changing data, some algorithms need other parameters or are not able to be executed efficiently [17], [18]. Traffic might be changed To use data preprocessing techniques such as OHE, Min-Max Scaling, and others Data quality related problems DP [47] To use a sliding window algorithm solving the problem of data imbalance [45] To train models on artificial labeled dataset and then use trained models on real world unlabeled data [34] To create a dataset with the traffic flow generator [36] To use random oversampling technique to create more data and solve the problem of the data imbalance A growing number of features that need processing HW, SW [30], [66], [67] To improve the hardware Overfitting DP [30] To remove irrelevant features or noise Potential neglection of critical features N [28] To employ the Diversity Coding-Network Coding (DC-NC) in the network that improves latency but not at the expense of reliability A for a unified interface and data formats A [35] Harmonization of interfaces Limited storage capacity A, HW [63] To move the unwanted inputs to backup storage/improve hardware The emergence of new types of input data A, DP [7], [17], [18], [35], [41], [66] Potential in using Unsupervised-and Reinforcement Learning Limited scalability of ML models DP, A, SW [35] To develop new algorithms better suited for complex systems Appearance of anomalies in the network operation DP [45], [47] Finding abnormal traffic patterns using machine learning algorithms [34], [50] Detecting attacks using data analysis algorithms A -Architecture N -Networking DP -Data Processing HW -Hardware specific SW -Software specific considering the development of heterogeneous networks, and ML algorithms might be able to handle new inputs.…”

Section: Current Challenges and Future Perspectivementioning

confidence: 99%