Research Area:  Software Defined Networks
Software-Defined Networking (SDN) is an emerging network architecture that decouples the control plane and the data plane to provide unprecedented programmability, automation, and network control. The SDN controller exercises centralized control over network software, and in doing so, it can monitor and respond to malicious traffic for network protection. This paper proposes a threat-aware system based on machine-learning for timely detection and response against network intrusion in SDN. Our proposed system consists of data preprocessing for feature selection, predictive data modeling for machine-learning and anomaly detection, and decision making for intrusion response in SDN. Due to the time-critical nature of SDN, we propose a practical approach utilizing machine-learning techniques to protect against network intrusion and reduce uncertainty in decision-making outcomes. The maliciousness of most uncertain network traffic subsets is evaluated with selected significant feature sets. Our experimental results show that the proposed approach achieves high performance and significantly reduces uncertainty in the decision process with a small number of feature sets. The results help the SDN controller to properly react against known or unknown attacks that cannot be prevented by signature-based network intrusion detection systems.
Keywords:  
Machine-Learning
Threat-Aware System
Software Defined Networks
Author(s) Name:  Chungsik Song; Younghee Park; Keyur Golani; Youngsoo Kim; Kalgi Bhatt; Kunal Goswami
Journal name:  
Conferrence name:  2017 26th International Conference on Computer Communication and Networks (ICCCN)
Publisher name:  IEEE
DOI:  10.1109/ICCCN.2017.8038436
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/8038436