Research Area:  Software Defined Networks
Software Defined Networking (SDN) holds the key for building networks that can adapt effectively and efficiently to ever changing conditions: traffic flows, network policies, security constraints, etc. Although it has this power, defining security policies that consider the different scenarios and applications running on the network can be an overwhelming task, even when using high level abstraction languages based on reactive programming. In this paper we present a system that alleviates this complexity by using machine learning traffic flow classification techniques and defining high level SDN policies based on the derived flow classes. We employ both supervised learning techniques based on pre-trained models for different types of traffic, and unsupervised learning, where we cluster together different traffic flows. Finally, after classifying the flows, a flow grouping algorithm determines which flows are generally seen together in the same time frame. For supervised learning we use C4.5 decision tree classifiers with features per flow such as inter-packet arrival time, packet size, packet count, flow tuple. For the unsupervised case we use the k-means algorithm on the same group of features. After gathering the traffic flow information derived via machine learning, we explore how it can be integrated into an SDN controller, and provide an overview of the required hardware and software architecture. From a security standpoint we explore how we can leverage such information for network anomaly detection, botnet detection and traffic re-routing to a network honeypot.
Keywords:  
Software defined networking
supervised learning
traffic classification
secure networks
Author(s) Name:  Dragos Comaneci; Ciprian Dobre
Journal name:  
Conferrence name:  2018 IEEE International Conference on Computational Science and Engineering (CSE)
Publisher name:  IEEE
DOI:   10.1109/CSE.2018.00034
Volume Information:  
Paper Link:   https://ieeexplore.ieee.org/abstract/document/8588238