MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context

Sebbar, Anass; Zkik, Karim; Baddi, Youssef; Boulmalf, Mohammed; Kettani, Mohamed Dafir Ech-Cherif El

doi:10.1007/s12652-020-02099-4

Cited by 14 publications

(5 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To identify the Man In The Middle (MITM) attack, Sebbar et al [148] propose a model using the RF algorithm that selects nodes based on the context to identify ARP resolution instances and any eavesdropping or poisoning within the network. Any connection request with TTL value greater than 200 milliseconds is considered as an attempt of an MITM attack.…”

Section: Supervised ML Based Ids In Sdnmentioning

confidence: 99%

“…Shallow ML [121], [122], [276], [127], [133], [139], [149], [170]- [172], [250] DL [195]- [197], [202], [216] RL [184] Sessionbased Shallow ML [148] DL [187] HBM Log-based Shallow ML [84], [88], [133], [171] DBM ABM…”

Section: Packetbasedmentioning

confidence: 99%

“…Many forms are taken by these DDoS attacks in the network, which implies that typical DDoS detection techniques may be unable to identify them [16]. Even though some researchers have made efforts to identify DDoS and MITM attacks quickly and early in the process, such as [65], [148], additional study on developing DDoS and MITM detection mechanisms to detect attacks early is needed. GAN and Variational Auto Encoders (VAE) can be implemented to augment the dataset to increase the diversity of the intrusion in DL based IDS.…”

Section: Lack Of Diverse Attack Detection and Additional Focus Towards Detection Rather Than Mitigation And Prevention Approachmentioning

confidence: 99%

“…Most of the fellow researchers focused on supervised ML-DL algorithms to build an IDS solution for SDN environment, such as [121], [130], [148], [189], [221]. Unsupervised DL algorithms such as GAN, VAE, SAE, and Sparse AutoEncoder have not been extensively explored in the IDS solution in the SDN paradigm.…”

Section: Lesser Exploration Of Unsupervised DL Approachesmentioning

confidence: 99%

See 3 more Smart Citations

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Ahmed¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Buy / Rent full text

<div>At present, the Internet is facing numerous attacks of different kinds that put its data at risk. The safety of information within the network is, therefore, a significant concern. In order to prevent the loss of incredibly valuable information, the Intrusion Detection System (IDS) was developed to recognize the outbreak of a stream of attacks and notify the network system administrator providing network security. IDS is an extrapolative model used to detect network traffic as routine or attack. Software-Defined Networks (SDN) is a revolutionary paradigm that isolates the control plane from the data plane, transforming the concept of a software-driven network. Through this data and control plane separation, SDN provides us the opportunity to create a manageable and programmable network, allowing applications in the top plane to access physical devices via the controller. The controller functioning inside the control plane executes network modules and establishes flow rules to forward packets in the switches residing in the data plane. Cyber attackers target the SDN controller to subdue the control plane, which is considered the brain of the SDN, providing a plethora of functionalities such as regulating flow control to switches or routers in the data plane below via southbound Application Programming Interfaces (APIs) and business and application logic in the application plane above via northbound APIs to implement sophisticated networks. However, the control plane becomes a tempting prospect for security attacks from adversaries because of its centralization feature. This paper includes an in-depth overview of the notable published articles from 2015 to 2021 that used Machine Learning (ML) and Deep Learning (DL) techniques to construct an IDS solution to provide security for SDN. We also present two detailed taxonomic studies regarding IDS, and ML-DL techniques based on their learning categories, exploring various IDS solutions to secure the SDN paradigm. We have also conducted brief research on a few benchmark datasets used to construct IDS in the SDN paradigm. To conclude the survey, we provide a discussion that sheds light on continuous challenges and IDS issues for SDN security.</div>

show abstract

Section: Supervised ML Based Ids In Sdnmentioning

confidence: 99%

Section: Packetbasedmentioning

confidence: 99%

Section: Lack Of Diverse Attack Detection and Additional Focus Towards Detection Rather Than Mitigation And Prevention Approachmentioning

confidence: 99%

Section: Lesser Exploration Of Unsupervised DL Approachesmentioning

confidence: 99%

See 2 more Smart Citations

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Ahmed¹,

Islam²,

Shatabda³

et al. 2022

Preprint

View full text Add to dashboard Buy / Rent full text

show abstract

“…The adoption of technologies such as the Internet of Things (IoT), artificial intelligence (AI), and quantum computing, has increased the threat level [2], making network security challenging and necessitating a new paradigm in its implementation. Various attacks have overwhelmed previous approaches (classified into signature-based intrusion detection systems [3,4] and anomaly-based intrusion detection systems [5,6]), increasing the need for advanced, adaptable and resilient security implementation [1,2,7,8]. For this reason, the traditional network design platform is being transformed into the evolving SDN implementation [9].…”

Section: Introductionmentioning

confidence: 99%

Designing a Network Intrusion Detection System Based on Machine Learning for Software Defined Networks

Aljohani¹,

Alenazi²

2021

Future Internet

View full text Add to dashboard Buy / Rent full text

Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.

show abstract

MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context

Cited by 14 publications

References 39 publications

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Intrusion Detection System in Software-Defined Networks Using Machine Learning and Deep Learning Techniques –A Comprehensive Survey

Designing a Network Intrusion Detection System Based on Machine Learning for Software Defined Networks

Contact Info

Product

Resources

About