Abstract
An approach is proposed to detect network attacks in software-defined networks. These networks are specific from a security standpoint, so the modified algorithm of the isolation forest is taken as a network security basis. The results of experimental studies are presented featuring optimal parameters for conventional and enhanced isolation forest algorithms. Based on the results, a conclusion is made about the efficiency of isolation forest to detect network attacks in software-configured networks.
Similar content being viewed by others
REFERENCES
Kalinin, M.O., Krundyshev, V.M., Rezedinova, E.Yu., and Reshetov, D.V., Hierarchical software-defined security management for large-scale dynamic networks, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 906–911. https://doi.org/10.3103/S014641161808014X
Specification, O.F.S., Open Networking Foundation Std, ONF TS-023, Rev., 2015, vol. 1, no. 5, p. 03.
Kuroki, K., Matsumoto, N., and Hayashi, M., Scalable OpenFlow controller redundancy tackling local and global recoveries, Proc. Fifth Int. Conf. on Advances in Future Internet, Barcelona, 2013, IARIA, 2013, pp. 25–31.
Hori, Y., Mizoguchi, S., Miyazaki, R., Yamada, A., Feng, Y., Kubota, A., and Sakurai, K., A comprehensive security analysis checksheet for OpenFlow networks, Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016, Barolli, L., Xhafa, F., and Yim, K., Eds., Lecture Notes on Data Engineering and Communications Technologies, Cham: Springer, 2017, pp. 231–242. https://doi.org/10.1007/978-3-319-49106-6_22
Latah, M. and Toker, L., A novel intelligent approach for detecting DoS flooding attacks in software-defined networks, Int. J. Adv. Intell. Inf., 2018, vol. 4, no. 1, pp. 11–20. https://doi.org/10.26555/ijain.v4i1.138
Gao, D., Liu, Z., Liu, Y., Foh, C.H., Zhi, T., and Chao, H.-C., Defending against Packet-In messages flooding attack under SDN context, Soft Comput., 2018, vol. 22, no. 20, pp. 6797–6809. https://doi.org/10.1007/s00500-018-3407-3
Zhang, M., Li, G., Xu, L., Bi, J., Gu, G., and Bai, J., Control plane reflection attacks in SDNs: New attacks and countermeasures, Research in Attacks, Intrusions, and Defenses. RAID 2018, Bailey, M., Holz, T., Stamatogiannakis, M., and Ioannidis, S., Eds., Lecture Notes in Computer Science, vol. 11050, Cham: Springer, 2018, pp. 161–183. https://doi.org/10.1007/978-3-030-00470-5_8
Zhou, Y., Chen, K., Zhang, J., Leng, J., and Tang, Y., Exploiting the vulnerability of flow table overflow in software-defined network: Attack model, evaluation, and defense, Secur. Commun. Networks, 2018, vol. 2018, p. 4760632. https://doi.org/10.1155/2018/4760632
Elsayed, M.S., Le-Khac, N.-A., Dev, S., and Jurcut, A.D., Machine-learning techniques for detecting attacks in SDN, IEEE 7th Int. Conf. on Computer Science and Network Technology (ICCSNT), Dalian, China, 2019, IEEE, 2019, pp. 277–281. https://doi.org/10.1109/ICCSNT47585.2019.8962519
Polat, H., Polat, O., and Cetin, A., Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models, Sustainability, 2020, vol. 12, no. 3, p. 1035. https://doi.org/10.3390/su12031035
Satheesh, N., Rathnamma, M.V., Rajeshkumar, G., Vidya Sagar, P., Dadheech, P., Dogiwal, S.R., Velayutham, P., and Sengan, S., Flow-based anomaly intrusion detection using machine learning model with software defined networking for OpenFlow network, Microprocess. Microsyst., 2020, vol. 79, p. 103285. https://doi.org/10.1016/j.micpro.2020.103285
Mousavi, S.M. and St-Hilaire, M., Early detection of DDoS attacks against SDN controllers, Int. Conf. on Computing, Networking and Communications (ICNC), Garden Grove, Calif., 2015, IEEE, 2015, pp. 77–81. https://doi.org/10.1109/ICCNC.2015.7069319
Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., and Peng, J., XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud, IEEE Int. Conf. on Big Data and Smart Computing (BigComp), Shanghai, 2018, IEEE, 2018, pp. 251–256. https://doi.org/10.1109/BigComp.2018.00044
Shohani, R.B. and Mostafavi, S.A., Introducing a new linear regression based method for early DDoS attack detection in SDN, 6th Int. Conf. on Web Research (ICWR), Tehran, 2020, IEEE, 2020, pp. 126–132. https://doi.org/10.1109/ICWR49608.2020.9122310
Ma, Z. and Li, B., A DDoS attack detection method based on SVM and K-nearest neighbour in SDN environment, Int. J. Comput. Sci. Eng., 2020, vol. 23, no. 3, pp. 224–234. https://doi.org/10.1504/IJCSE.2020.111431
Liu, F.T., Ting, K.M., and Zhou, Z.-H., Isolation forest, Eighth IEEE Int. Conf. on Data Mining, Pisa, 2008, IEEE, 2008, pp. 413–422. https://doi.org/10.1109/ICDM.2008.17
Leevy, J.L. and Khoshgoftaar, T.M., A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 big data, J. Big Data, 2020, vol. 7, no. 1, p. 104. https://doi.org/10.1186/s40537-020-00382-x
Elsayed, M.S., Le-Khac, N.-A., and Jurcut, A.D., InSDN: A novel SDN intrusion dataset, IEEE Access, 2020, vol. 8, pp. 165263–165284. https://doi.org/10.1109/ACCESS.2020.3022633
Li, X., Gong, X., Peng, X., and Peng, S., SSiCP: a new SVM based recursive feature elimination algorithm for multiclass cancer classification, Int. J. Multimedia Ubiquitous Eng., 2014, vol. 9, no. 6, pp. 347–360. https://doi.org/10.14257/ijmue.2014.9.6.33
Chawla, N.V., Bowyer, K.W., Hall, L.O., and Kegelmeyer, W.P., SMOTE: Synthetic minority over-sampling technique, J. Artif. Intell. Res., 2002, vol. 16, pp. 321–357. https://doi.org/10.1613/jair.953
Elsayed, M.S., Le-Khac, N.-A., Dev, S., and Jurcut, A.D., Network anomaly detection using LSTM based autoencoder, Proc. 16th ACM Symp. on QoS and Security for Wireless and Mobile Networks, Alicante, Spain, 2020, New York: Association for Computing Machinery, 2020, pp. 37–45. https://doi.org/10.1145/3416013.3426457
Funding
The study was carried out using a scholarship of the President of the Russian Federation for young scientists and graduate students SP-1932.2019.5.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by V. Vetrov
About this article
Cite this article
Stepanov, M.D., Pavlenko, E.Y. & Lavrova, D.S. Detecting Network Attacks on Software Configured Networks Using the Isolating Forest Algorithm. Aut. Control Comp. Sci. 55, 1039–1050 (2021). https://doi.org/10.3103/S0146411621080307
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411621080307