Skip to main content
SpringerLink
Log in

Detecting Network Attacks on Software Configured Networks Using the Isolating Forest Algorithm

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

An approach is proposed to detect network attacks in software-defined networks. These networks are specific from a security standpoint, so the modified algorithm of the isolation forest is taken as a network security basis. The results of experimental studies are presented featuring optimal parameters for conventional and enhanced isolation forest algorithms. Based on the results, a conclusion is made about the efficiency of isolation forest to detect network attacks in software-configured networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

Similar content being viewed by others

REFERENCES

  1. Kalinin, M.O., Krundyshev, V.M., Rezedinova, E.Yu., and Reshetov, D.V., Hierarchical software-defined security management for large-scale dynamic networks, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 906–911.  https://doi.org/10.3103/S014641161808014X

    Article  Google Scholar 

  2. Specification, O.F.S., Open Networking Foundation Std, ONF TS-023, Rev., 2015, vol. 1, no. 5, p. 03.

  3. Kuroki, K., Matsumoto, N., and Hayashi, M., Scalable OpenFlow controller redundancy tackling local and global recoveries, Proc. Fifth Int. Conf. on Advances in Future Internet, Barcelona, 2013, IARIA, 2013, pp. 25–31.

  4. Hori, Y., Mizoguchi, S., Miyazaki, R., Yamada, A., Feng, Y., Kubota, A., and Sakurai, K., A comprehensive security analysis checksheet for OpenFlow networks, Advances on Broad-Band Wireless Computing, Communication and Applications. BWCCA 2016, Barolli, L., Xhafa, F., and Yim, K., Eds., Lecture Notes on Data Engineering and Communications Technologies, Cham: Springer, 2017, pp. 231–242.  https://doi.org/10.1007/978-3-319-49106-6_22

  5. Latah, M. and Toker, L., A novel intelligent approach for detecting DoS flooding attacks in software-defined networks, Int. J. Adv. Intell. Inf., 2018, vol. 4, no. 1, pp. 11–20.  https://doi.org/10.26555/ijain.v4i1.138

    Article  Google Scholar 

  6. Gao, D., Liu, Z., Liu, Y., Foh, C.H., Zhi, T., and Chao, H.-C., Defending against Packet-In messages flooding attack under SDN context, Soft Comput., 2018, vol. 22, no. 20, pp. 6797–6809.  https://doi.org/10.1007/s00500-018-3407-3

    Article  Google Scholar 

  7. Zhang, M., Li, G., Xu, L., Bi, J., Gu, G., and Bai, J., Control plane reflection attacks in SDNs: New attacks and countermeasures, Research in Attacks, Intrusions, and Defenses. RAID 2018, Bailey, M., Holz, T., Stamatogiannakis, M., and Ioannidis, S., Eds., Lecture Notes in Computer Science, vol. 11050, Cham: Springer, 2018, pp. 161–183.  https://doi.org/10.1007/978-3-030-00470-5_8

    Book  Google Scholar 

  8. Zhou, Y., Chen, K., Zhang, J., Leng, J., and Tang, Y., Exploiting the vulnerability of flow table overflow in software-defined network: Attack model, evaluation, and defense, Secur. Commun. Networks, 2018, vol. 2018, p. 4760632.  https://doi.org/10.1155/2018/4760632

    Article  Google Scholar 

  9. Elsayed, M.S., Le-Khac, N.-A., Dev, S., and Jurcut, A.D., Machine-learning techniques for detecting attacks in SDN, IEEE 7th Int. Conf. on Computer Science and Network Technology (ICCSNT), Dalian, China, 2019, IEEE, 2019, pp. 277–281.  https://doi.org/10.1109/ICCSNT47585.2019.8962519

  10. Polat, H., Polat, O., and Cetin, A., Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models, Sustainability, 2020, vol. 12, no. 3, p. 1035.  https://doi.org/10.3390/su12031035

    Article  Google Scholar 

  11. Satheesh, N., Rathnamma, M.V., Rajeshkumar, G., Vidya Sagar, P., Dadheech, P., Dogiwal, S.R., Velayutham, P., and Sengan, S., Flow-based anomaly intrusion detection using machine learning model with software defined networking for OpenFlow network, Microprocess. Microsyst., 2020, vol. 79, p. 103285. https://doi.org/10.1016/j.micpro.2020.103285

    Article  Google Scholar 

  12. Mousavi, S.M. and St-Hilaire, M., Early detection of DDoS attacks against SDN controllers, Int. Conf. on Computing, Networking and Communications (ICNC), Garden Grove, Calif., 2015, IEEE, 2015, pp. 77–81.  https://doi.org/10.1109/ICCNC.2015.7069319

  13. Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., and Peng, J., XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud, IEEE Int. Conf. on Big Data and Smart Computing (BigComp), Shanghai, 2018, IEEE, 2018, pp. 251–256.  https://doi.org/10.1109/BigComp.2018.00044

  14. Shohani, R.B. and Mostafavi, S.A., Introducing a new linear regression based method for early DDoS attack detection in SDN, 6th Int. Conf. on Web Research (ICWR), Tehran, 2020, IEEE, 2020, pp. 126–132.  https://doi.org/10.1109/ICWR49608.2020.9122310

  15. Ma, Z. and Li, B., A DDoS attack detection method based on SVM and K-nearest neighbour in SDN environment, Int. J. Comput. Sci. Eng., 2020, vol. 23, no. 3, pp. 224–234.  https://doi.org/10.1504/IJCSE.2020.111431

    Article  Google Scholar 

  16. Liu, F.T., Ting, K.M., and Zhou, Z.-H., Isolation forest, Eighth IEEE Int. Conf. on Data Mining, Pisa, 2008, IEEE, 2008, pp. 413–422.  https://doi.org/10.1109/ICDM.2008.17

  17. Leevy, J.L. and Khoshgoftaar, T.M., A survey and analysis of intrusion detection models based on CSE-CIC-IDS2018 big data, J. Big Data, 2020, vol. 7, no. 1, p. 104.  https://doi.org/10.1186/s40537-020-00382-x

    Article  Google Scholar 

  18. Elsayed, M.S., Le-Khac, N.-A., and Jurcut, A.D., InSDN: A novel SDN intrusion dataset, IEEE Access, 2020, vol. 8, pp. 165263–165284.  https://doi.org/10.1109/ACCESS.2020.3022633

    Article  Google Scholar 

  19. Li, X., Gong, X., Peng, X., and Peng, S., SSiCP: a new SVM based recursive feature elimination algorithm for multiclass cancer classification, Int. J. Multimedia Ubiquitous Eng., 2014, vol. 9, no. 6, pp. 347–360.  https://doi.org/10.14257/ijmue.2014.9.6.33

    Article  Google Scholar 

  20. Chawla, N.V., Bowyer, K.W., Hall, L.O., and Kegelmeyer, W.P., SMOTE: Synthetic minority over-sampling technique, J. Artif. Intell. Res., 2002, vol. 16, pp. 321–357.  https://doi.org/10.1613/jair.953

    Article  MATH  Google Scholar 

  21. Elsayed, M.S., Le-Khac, N.-A., Dev, S., and Jurcut, A.D., Network anomaly detection using LSTM based autoencoder, Proc. 16th ACM Symp. on QoS and Security for Wireless and Mobile Networks, Alicante, Spain, 2020, New York: Association for Computing Machinery, 2020, pp. 37–45.  https://doi.org/10.1145/3416013.3426457

Download references

Funding

The study was carried out using a scholarship of the President of the Russian Federation for young scientists and graduate students SP-1932.2019.5.

Author information

Authors and Affiliations

  1. Peter the Great St. Petersburg Polytechnic University, 195251, St. Petersburg, Russia

    M. D. Stepanov, E. Yu. Pavlenko & D. S. Lavrova

Authors
  1. M. D. Stepanov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Yu. Pavlenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. D. S. Lavrova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to E. Yu. Pavlenko or D. S. Lavrova.

Ethics declarations

The authors declare that they have no conflicts of interest.

Additional information

Translated by V. Vetrov

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Stepanov, M.D., Pavlenko, E.Y. & Lavrova, D.S. Detecting Network Attacks on Software Configured Networks Using the Isolating Forest Algorithm. Aut. Control Comp. Sci. 55, 1039–1050 (2021). https://doi.org/10.3103/S0146411621080307

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411621080307

Keywords:

Search

Navigation