Open Access Open Access  Restricted Access Subscription Access

Attack Detection and Prediction Using Machine Learning


Affiliations
1 Assistant Professor, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202, India
2 Student, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202, India
3 Student, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202

   Subscribe/Renew Journal


Data plane and control plane are divided by Software Defined Networking (SDN). A centralized controller oversees and manages the entire network. With SDN, the network may be programmed and flow regulations can be created dynamically. Numerous benefits including adaptability, programmability, and centralized management are offered by this decoupling. However, SDN also creates new vulnerabilities as a result of desired data plane and control plane connectivity. Attacks on switch buffer overflows and control plane saturation are two examples of threats that exploit such flaws. The controller is vulnerable to Distributed Denial of Service (DDoS) attacks, which induce resource exhaustion and impair the controller's capacity to provide services. By flooding the control plane with TCP SYN packets from the data plane (i.e., switches), several attacks can be launched. SVM is the most popular and often used classifier, both for classification and regression, thanks to its high accuracy and low false positive rate. For DDoS detection, the SVM classifier is examined and contrasted with other classifiers. In order to identify anomalies, such as malicious traffic, and report them, Snort, an intrusion detection system, examines the traffic and packets. The entropy approach is used to assess the flow data's randomness. An IP address for the intended recipient and a few TCP flag attributes make up the entropy information. We implement it as an additional module in the Floodlight Controller and assess its viability and efficacy. We thoroughly evaluate how we have implemented things via Mininet, substantial emulation.

Keywords

Entropy Method, Distributed Denial of Services (DDoS), Machine Learning, Mininet, Software Defined Networks (SDN), Snort, Support Vector Machine (SVM)

Paper Submission Date : January 27, 2023 ; Paper sent back for Revision : February 17, 2023 ; Paper Acceptance Date : February 23, 2023 ; Paper Published Online : April 5, 2023

User
Subscription Login to verify subscription
Notifications
Font Size

  • P. Kumar, M. Tripathi, A. Nehra, M. Conti, and C. Lal, "SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN," in IEEE Trans. Netw. Service Manage., vol. 15, no. 4, pp. 1545–1559, Dec. 2018, doi: 10.1109/TNSM.2018.2861741.
  • Kokila RT, S. Thamarai Selvi, and K. Govindarajan, "DDoS detection and analysis in SDN-based environment using support vector machine classifier," in 2014 6th Int. Conf. Adv. Comput., Chennai, India, 2014, pp. 205–210, doi: 10.1109/ICoAC.2014.7229711.
  • A. Garg and P. Maheshwari, "Performance analysis of Snort-based Intrusion Detection System," in 2016 3rd Int. Conf. Adv. Comput. Commun. Syst., Coimbatore, India, 2016, pp. 1–5, doi: 10.1109/ICACCS.2016.7586351.
  • N. Ravi, S. M. Shalinie, C. Lal, and M. Conti, "AEGIS: Detection and Mitigation of TCP SYN Flood on SDN Controller," in IEEE Trans. Netw. Service Manage. vol. 18, no. 1, pp. 745–759, Mar. 2021, doi: 10.1109/TNSM.2020.3037124.
  • B. M. Khammas, S. Hasan, R. A. Ahmed, J. S. Bassi, and I. Ismail, "Accuracy Improved Malware Detection Method using Snort Sub-signatures and Machine Learning Techniques," in 2018 10th Comput. Sci. Electron. Eng., Colchester, UK, Sep. 2018, pp. 107–112, doi: 10.1109/CEEC.2018.8674233.
  • B. Nagpal, P. Sharma, N. Chauhan, and A. Panesar, "DDoS tools: Classification, analysis and comparison," in 2015 2nd Int. Conf. Comput. Sustain. Global Develop., New Delhi, India, 2015, pp. 342–346.
  • S. Woo, S. Lee, J. Kim, and S. Shin, "RE-CHECKER: Towards Secure RESTful Service in Software-Defined Networking," in 2018 IEEE Conf. Netw. Function Virtualization Softw. Defined Netw., Verona, Italy, 2018, pp. 1–5, doi: 10.1109/NFV-SDN.2018.8725649.
  • J. Ali, B. -h. Roh, B. Lee, J. Oh, and M. Adil, "A Machine Learning Framework for Prevention of Software-Defined Networking controller from DDoS Attacks and dimensionality reduction of big data," in 2020 Int. Conf. Inf. Commun. Technol. Convergence, Jeju, Korea (South), 2020, pp. 515–519, doi: 10.1109/ICTC49870.2020.9289504.
  • H. Meigen and C. Yunqiang, "A DDoS attack detection method based on time series and random forest in SDN," in 2021 Int. Conf. Intell. Comput., Automat. Syst., Chongqing, China, 2021, pp. 323–327, doi: 10.1109/ICICAS53977.2021.00073.
  • T. S. Chu, W. Si, S. Simoff, and Q. V. Nguyen, "A Machine Learning Classification Model using Random Forest for detecting DDoS attacks," in 2022 Int. Symp. Netw, Comput. Commun., Shenzhen, China, 2022, pp. 1–7, doi: 10.1109/ISNCC55209.2022.9851797

Abstract Views: 210

PDF Views: 0




  • Attack Detection and Prediction Using Machine Learning

Abstract Views: 210  |  PDF Views: 0

Authors

Vaishali Shirsath
Assistant Professor, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202, India
Jainil Shah
Student, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202, India
Ajay Shah
Student, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202, India
Devansh Shah
Student, Department of Information Technology, Vidyavardhini's College of Engineering and Technology, 9RMH+GFX, K.T. Marg, Vartak College Campus Vasai Road, Vasai-Virar, Maharashtra - 401 202

Abstract


Data plane and control plane are divided by Software Defined Networking (SDN). A centralized controller oversees and manages the entire network. With SDN, the network may be programmed and flow regulations can be created dynamically. Numerous benefits including adaptability, programmability, and centralized management are offered by this decoupling. However, SDN also creates new vulnerabilities as a result of desired data plane and control plane connectivity. Attacks on switch buffer overflows and control plane saturation are two examples of threats that exploit such flaws. The controller is vulnerable to Distributed Denial of Service (DDoS) attacks, which induce resource exhaustion and impair the controller's capacity to provide services. By flooding the control plane with TCP SYN packets from the data plane (i.e., switches), several attacks can be launched. SVM is the most popular and often used classifier, both for classification and regression, thanks to its high accuracy and low false positive rate. For DDoS detection, the SVM classifier is examined and contrasted with other classifiers. In order to identify anomalies, such as malicious traffic, and report them, Snort, an intrusion detection system, examines the traffic and packets. The entropy approach is used to assess the flow data's randomness. An IP address for the intended recipient and a few TCP flag attributes make up the entropy information. We implement it as an additional module in the Floodlight Controller and assess its viability and efficacy. We thoroughly evaluate how we have implemented things via Mininet, substantial emulation.

Keywords


Entropy Method, Distributed Denial of Services (DDoS), Machine Learning, Mininet, Software Defined Networks (SDN), Snort, Support Vector Machine (SVM)

Paper Submission Date : January 27, 2023 ; Paper sent back for Revision : February 17, 2023 ; Paper Acceptance Date : February 23, 2023 ; Paper Published Online : April 5, 2023


References





DOI: https://doi.org/10.17010/ijcs%2F2023%2Fv8%2Fi2%2F172775