-
Detecting Abnormal Traffic in Large-Scale Networks
Authors:
Mahmoud Said Elsayed,
Nhien-An Le-Khac,
Soumyabrata Dev,
Anca Delia Jurcut
Abstract:
With the rapid technological advancements, organizations need to rapidly scale up their information technology (IT) infrastructure viz. hardware, software, and services, at a low cost. However, the dynamic growth in the network services and applications creates security vulnerabilities and new risks that can be exploited by various attacks. For example, User to Root (U2R) and Remote to Local (R2L)…
▽ More
With the rapid technological advancements, organizations need to rapidly scale up their information technology (IT) infrastructure viz. hardware, software, and services, at a low cost. However, the dynamic growth in the network services and applications creates security vulnerabilities and new risks that can be exploited by various attacks. For example, User to Root (U2R) and Remote to Local (R2L) attack categories can cause a significant damage and paralyze the entire network system. Such attacks are not easy to detect due to the high degree of similarity to normal traffic. While network anomaly detection systems are being widely used to classify and detect malicious traffic, there are many challenges to discover and identify the minority attacks in imbalanced datasets. In this paper, we provide a detailed and systematic analysis of the existing Machine Learning (ML) approaches that can tackle most of these attacks. Furthermore, we propose a Deep Learning (DL) based framework using Long Short Term Memory (LSTM) autoencoder that can accurately detect malicious traffics in network traffic. We perform our experiments in a publicly available dataset of Intrusion Detection Systems (IDSs). We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our method provides great confidence in securing these networks from malicious traffic.
△ Less
Submitted 13 August, 2020;
originally announced August 2020.
-
DDoSNet: A Deep-Learning Model for Detecting Network Attacks
Authors:
Mahmoud Said Elsayed,
Nhien-An Le-Khac,
Soumyabrata Dev,
Anca Delia Jurcut
Abstract:
Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several att…
▽ More
Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns - hence, lacking in attack diversity.
In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.
△ Less
Submitted 24 June, 2020;
originally announced June 2020.
-
Machine-Learning Techniques for Detecting Attacks in SDN
Authors:
Mahmoud Said Elsayed,
Nhien-An Le-Khac,
Soumyabrata Dev,
Anca Delia Jurcut
Abstract:
With the advent of Software Defined Networks (SDNs), there has been a rapid advancement in the area of cloud computing. It is now scalable, cheaper, and easier to manage. However, SDNs are more prone to security vulnerabilities as compared to legacy systems. Therefore, machine-learning techniques are now deployed in the SDN infrastructure for the detection of malicious traffic. In this paper, we p…
▽ More
With the advent of Software Defined Networks (SDNs), there has been a rapid advancement in the area of cloud computing. It is now scalable, cheaper, and easier to manage. However, SDNs are more prone to security vulnerabilities as compared to legacy systems. Therefore, machine-learning techniques are now deployed in the SDN infrastructure for the detection of malicious traffic. In this paper, we provide a systematic benchmarking analysis of the existing machine-learning techniques for the detection of malicious traffic in SDNs. We identify the limitations in these classical machine-learning based methods, and lay the foundation for a more robust framework. Our experiments are performed on a publicly available dataset of Intrusion Detection Systems (IDSs).
△ Less
Submitted 2 October, 2019;
originally announced October 2019.