Skip to main content
SpringerLink
Log in

A Survey on Machine Learning Applications for Software Defined Network Security

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11605))

Included in the following conference series:

Abstract

The number of machine learning (ML) applications on networking security has increased recently thanks to the availability of processing and storage capabilities. Combined with new technologies such as Software Defined Networking (SDN) and Network Function Virtualization (NFV), it becomes an even more interesting topic for the research community. In this survey, we present studies that employ ML techniques in SDN environments for security applications. The surveyed papers are classified into ML techniques (used to identify general anomalies or specific attacks) and IDS frameworks for SDN. The latter category is relevant since reviewed paers include the implementation of data collection and mitigation techniques, besides just defining a ML model, as the first category. We also identify the standard datasets, testbeds, and additional tools for researchers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Apache spot. http://spot.incubator.apache.org

  2. CTools:CBench - cTuning.org. http://ctuning.org/wiki/index.php/CTools:CBench

  3. Open vSwitch. https://www.openvswitch.org/

  4. sFlow.org - Making the Network Visible. https://sflow.org/

  5. Welcome to Scapy’s documentation!—Scapy 2.4.2-dev documentation. https://scapy.readthedocs.io/en/latest/

  6. Ahmed, M.E., Kim, H., Park, M.: Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking. In: Proceedings - IEEE Military Communications Conference MILCOM (2017). https://doi.org/10.1109/MILCOM.2017.8170802

  7. Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015). https://doi.org/10.1109/TR.2015.2421391

    Article  Google Scholar 

  8. Alshamrani, A., Chowdhary, A., Pisharody, S., Lu, D., Huang, D.: A defense system for defeating DDoS attacks in SDN based Networks. In: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access - MobiWac 2017, pp. 83–92. ACM Press, New York (2017). https://doi.org/10.1145/3132062.3132074

  9. Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst. Appl. 67, 296–303 (2017). https://doi.org/10.1016/j.eswa.2016.09.041

    Article  Google Scholar 

  10. Amaral, P., Dinis, J., Pinto, P., Bernardo, L., Tavares, J., Mamede, H.S.: Machine learning in software defined networks: data collection and traffic classification. In: 2016 IEEE 24th International Conference on Network Protocols (ICNP), pp. 1–5. IEEE, November 2016. https://doi.org/10.1109/ICNP.2016.7785327

  11. Ashraf, J., Latif, S.: Handling intrusion and DDoS attacks in software defined networks using machine learning techniques. In: 2014 National Software Engineering Conference, pp. 55–60. IEEE, November 2014. https://doi.org/10.1109/NSEC.2014.6998241

  12. Bakhshi, T.: Multi-feature enterprise traffic characterization in openflow-based software defined networks. In: 2017 International Conference on Frontiers of Information Technology (FIT), pp. 23–28. IEEE, December 2017. https://doi.org/10.1109/FIT.2017.00012. http://ieeexplore.ieee.org/document/8261006/

  13. Canadian Institute for Cybersecurity: NSL-KDD Datasets. https://www.unb.ca/cic/datasets/nsl.html

  14. Carvalo, L.F., Abrao, T., de Souza Mendes, L., Proença, M.L.: An ecosystem for anomaly detection and mitigation in software-defined networking. Expert Syst. Appl. 104, 121–133 (2018). https://doi.org/10.1016/j.eswa.2018.03.027

    Article  Google Scholar 

  15. Paper, N.W.: Network functions virtualisation: an introduction, benefits, enablers, challenges & call for action. Issue 1 (Technical report, ETSI) (2012)

    Google Scholar 

  16. Chowdhary, A., Pisharody, S., Huang, D.: SDN based Scalable MTD solution in cloud network. In: Proceedings of the 2016 ACM Workshop on Moving Target Defense - MTD 2016, pp. 27–36. ACM Press, New York (2016). https://doi.org/10.1145/2995272.2995274

  17. Chung, C.J., Xing, T., Huang, D., Medhi, D., Trivedi, K.: SeReNe: on establishing secure and resilient networking services for an SDN-based multi-tenant datacenter environment. In: 2015 IEEE International Conference on Dependable Systems and Networks Workshops, pp. 4–11. IEEE, June 2015. https://doi.org/10.1109/DSN-W.2015.25. http://ieeexplore.ieee.org/document/7272544/

  18. Clark, D.D., Partridge, C., Ramming, J.C., Wroclawski, J.T.: A knowledge plane for the internet. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications - SIGCOMM 2003, p. 3. ACM Press, New York (2003). https://doi.org/10.1145/863955.863957

  19. Coughlin, M.: A survey of SDN security research. Technical report. http://ngn.cs.colorado.edu/~coughlin/doc/a_survey_of_sdn_security_research.pdf

  20. Cui, Y., et al.: SD-Anti-DDoS: fast and efficient DDoS defense in software-defined networks. J. Netw. Comput. Appl. 68, 65–79 (2016). https://doi.org/10.1016/J.JNCA.2016.04.005. https://www-sciencedirect-com.ezproxy.unal.edu.co/science/article/pii/S1084804516300480

    Article  Google Scholar 

  21. Dawoud, A., Shahristani, S., Raun, C.: A deep learning framework to enhance software defined networks security. In: 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 709–714. IEEE, May 2018. https://doi.org/10.1109/WAINA.2018.00172. https://ieeexplore.ieee.org/document/8418157/

  22. Dawoud, A., Shahristani, S., Raun, C.: Deep learning and software-defined networks: towards secure IoT architecture. Internet Things 3–4, 82–89 (2018). https://doi.org/10.1016/J.IOT.2018.09.003. https://www.sciencedirect.com/science/article/pii/S2542660518300593

    Article  Google Scholar 

  23. Eric Wedaa: LongTail (2015). http://longtail.it.marist.edu/honey/dashboard.shtml

  24. Gangadhar, S., Sterbenz, J.P.G.: Machine learning aided traffic tolerance to improve resilience for software defined networks, pp. 1–7 (2017)

    Google Scholar 

  25. He, L., Xu, C., Luo, Y.: vTC. In: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization - SDN-NFV Security 2016, pp. 53–56. ACM Press, New York (2016). https://doi.org/10.1145/2876019.2876029

  26. Kloti, R., Kotronis, V., Smith, P.: Openflow: a security analysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP), pp. 1–6. IEEE (2013)

    Google Scholar 

  27. Kokila, R.T., Thamarai Selvi, S., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 6th International Conference on Advanced Computing, ICoAC 2014 (2015). https://doi.org/10.1109/ICoAC.2014.7229711

  28. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: Ddos in the IoT: mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/MC.2017.201

    Article  Google Scholar 

  29. Koning, R., de Graaff, B., Polevoy, G., Meijer, R., de Laat, C., Grosso, P.: Measuring the efficiency of SDN mitigations against attacks on computer infrastructures. Future Gener. Comput. Syst. 91(1), 144–156 (2019). https://doi.org/10.1016/j.future.2018.08.011

    Article  Google Scholar 

  30. Koponen, T., et al.: Onix: a distributed control platform for large-scale production networks. In: Proceedinds of the 9th USENIX Conference on Operating Systems Design and Implementation, vol. 16, no, 2, pp. 133–169 (2010). https://dl.acm.org/citation.cfm?id=279229

  31. Kreutz, D., Ramos, F.M., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking - HotSDN 2013, p. 55. ACM Press, New York (2013). https://doi.org/10.1145/2491185.2491199

  32. Kwon, D., et al.: A survey of deep learning-based network anomaly detection. Cluster Comput. https://doi.org/10.1007/s10586-017-1117-8

    Article  Google Scholar 

  33. Lamport, L.: The part-time parliament. ACM Trans. Comput. Syst. (TOCS) 16, 133–169 (1998). https://doi.org/10.1145/279227.279229

    Article  Google Scholar 

  34. Latah, M., Toker, L.: An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks. CoRR, June 2018. http://arxiv.org/abs/1806.03875

  35. Latah, M., Toker, L.: Towards an efficient anomaly-based intrusion detection for software-defined networks. CoRR, March 2018. http://arxiv.org/abs/1803.06762

    Article  Google Scholar 

  36. Le, A., Dinh, P., Le, H., Tran, N.C.: Flexible network-based intrusion detection and prevention system on software-defined networks. In: 2015 International Conference on Advanced Computing and Applications (ACOMP), pp. 106–111. IEEE (2015)

    Google Scholar 

  37. Leland, W.E., Willinger, W., Taqqu, M.S., Wilson, D.V.: On the self-similar nature of ethernet traffic. ACM SIGCOMM Comput. Commun. Rev. 25(1), 202–213 (2004). https://doi.org/10.1145/205447.205464

    Article  Google Scholar 

  38. Li, J., Zhao, Z., Li, R.: A machine learning based intrusion detection system for software defined 5G network. CoRR, July 2017. http://arxiv.org/abs/1708.04571

  39. Lincoln Laboratory, Massachusetts Institute of Technology: 1999 DARPA Intrusion Detection Evaluation Dataset—MIT Lincoln Laboratory (1999). https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset

  40. Marotta, A., Carrozza, G., Avallone, S., Manetti, V.: An OpenFlow-based architecture for IaaS security. In: Proceedings of the 3rd International Conference on Application and Theory of Automation in Command and Control Systems - ATACCS 2013, p. 118. ACM Press, New York (2013). https://doi.org/10.1145/2494493.2494510

  41. Mathas, C.M., et al.: Evaluation of Apache Spot’s machine learning capabilities in an SDN/NFV enabled environment. In: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, pp. 1–10. ACM Press, New York (2018). https://doi.org/10.1145/3230833.3233278

  42. Mckeown, N., Anderson, T., Peterson, L., Rexford, J., Shenker, S., Louis, S.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008). http://ccr.sigcomm.org/online/files/p69-v38n2n-mckeown.pdf

    Article  Google Scholar 

  43. Jain, S., et al.: B4: Experience with a globally-deployed software defined WAN. ACM SIGCOMM Comput. Commun. Rev. 43(4), 3–14 (2013). https://doi.org/10.1145/2534169.2486019

    Article  Google Scholar 

  44. Mestres, A., et al.: Knowledge-defined networking. ACM SIGCOMM Comput. Commun. Rev. 47(3), 4–10 (2016). https://doi.org/10.1145/3138808.3138810

    Article  Google Scholar 

  45. Mohanapriya, P., Shalinie, S.M.: Restricted Boltzmann machine based detection system for DDoS attack in software defined networks. In: 2017 4th International Conference on Signal Processing, Communication and Networking, ICSCN 2017, pp. 14–19 (2017). https://doi.org/10.1109/ICSCN.2017.8085731

  46. Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., Yang, B.: Predicting network attack patterns in SDN using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pp. 167–172. IEEE, November 2016. https://doi.org/10.1109/NFV-SDN.2016.7919493

  47. Navid, W., Bhutta, M.N.M.: Detection and mitigation of denial of service (DoS) attacks using performance aware software defined networking (SDN). In: 2017 International Conference on Information and Communication Technologies (ICICT), pp. 47–57. IEEE, December 2017. https://doi.org/10.1109/ICICT.2017.8320164

  48. Neupane, R.L., et al.: Dolus. In: Proceedings of the 19th International Conference on Distributed Computing and Networking - ICDCN 2018, pp. 1–10. ACM Press, New York (2018). https://doi.org/10.1145/3154273.3154346

  49. Nguyen, T.N.: The challenges in SDN/ML based network security: a survey. CoRR abs/1804-0, April 2018. https://doi.org/10.1109/CSNET.2018.8602680. http://arxiv.org/abs/1804.03539

  50. Pan, J., Yang, Z.: Cybersecurity challenges and opportunities in the new “edge computing + IoT” world. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization - SDN-NFV Sec 2018, pp. 29–32. ACM Press, New York (2018). https://doi.org/10.1145/3180465.3180470

  51. Pastor, A., Mozo, A., Lopez, D.R., Folgueira, J., Kapodistria, A.: The Mouseworld, a security traffic analysis lab based on NFV/SDN. In: Proceedings of the 13th International Conference on Availability, Reliability and Security - ARES 2018, pp. 1–6. ACM Press, New York (2018). https://doi.org/10.1145/3230833.3233283

  52. Prakash, A., Priyadarshini, R.: An intelligent software defined network controller for preventing distributed denial of service attack. In: 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), pp. 585–589. IEEE, April 2018. https://doi.org/10.1109/ICICCT.2018.8473340

  53. Prasath, M.K., Perumal, B.: A meta-heuristic Bayesian network classification for intrusion detection. Int. J. Netw. Manag. 29, e2047 (2018). https://doi.org/10.1002/nem.2047

    Article  Google Scholar 

  54. Qazi, Z.A., et al.: Application-awareness in SDN. ACM SIGCOMM Comput. Commun. Rev. 43, 487–488 (2013). https://doi.org/10.1145/2534169.2491700

    Article  Google Scholar 

  55. Raj, A., Truong-Huu, T., Mohan, P.M., Gurusamy, M.: Crossfire attack detection using deep learning in software defined ITS networks. CoRR, December 2018. http://arxiv.org/abs/1812.03639

  56. Rawat, D.B., Reddy, S.R.: Software defined networking architecture, security and energy efficiency: a survey. IEEE Commun. Surv. Tutor. 19(1), 325–346 (2017). https://doi.org/10.1109/COMST.2016.2618874

    Article  Google Scholar 

  57. Scott-Hayward, S., Natarajan, S., Sezer, S.: Survey of security in software defined networks. Surv. Tutor. 18(1), 623–654 (2016). https://doi.org/10.1109/COMST.2015.2474118. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=7150550

    Article  Google Scholar 

  58. Shin, S., Gu, G.: Attacking software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking - HotSDN 2013, p. 165. ACM Press, New York (2013). https://doi.org/10.1145/2491185.2491220

  59. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357–374 (2012). https://doi.org/10.1016/J.COSE.2011.12.012. https://www.sciencedirect.com/science/article/pii/S0167404811001672

    Article  Google Scholar 

  60. Smith, R.J., Zincir-Heywood, A.N., Heywood, M.I., Jacobs, J.T.: Initiating a moving target network defense with a real-time neuro-evolutionary detector. In: Proceedings of the 2016 on Genetic and Evolutionary Computation Conference Companion - GECCO 2016 Companion, pp. 1095–1102. ACM Press, New York (2016). https://doi.org/10.1145/2908961.2931681

  61. Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12, 1–9 (2018). https://doi.org/10.1007/s12083-017-0630-0

    Article  Google Scholar 

  62. Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pp. 258–263. IEEE, October 2016. https://doi.org/10.1109/WINCOM.2016.7777224

  63. Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep recurrent neural network for intrusion detection in SDN-based networks. In: 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), pp. 202–206. IEEE, June 2018. https://doi.org/10.1109/NETSOFT.2018.8460090

  64. Tantar, E., Palattella, M.R., Avanesov, T., Kantor, M., Engel, T.: Cognition: a tool for reinforcing security in software defined networks. In: Tantar, A.-A., et al. (eds.) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V. AISC, vol. 288, pp. 61–78. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07494-8_6

    Chapter  MATH  Google Scholar 

  65. Mininet Team: Mininet: an instant virtual network on your laptop (or other PC) - Mininet (2012). http://mininet.org/

  66. University of California, Irvine: KDD Cup 1999 Data (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  67. Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015). https://doi.org/10.1016/J.COMNET.2015.02.026. https://www.sciencedirect.com/science/article/pii/S1389128615000742

    Article  Google Scholar 

  68. Wang, B., Sun, Y., Yuan, C., Xu, X.: LESLA - a smart solution for SDN-enabled mMTC E-health monitoring system. In: Proceedings of the 8th ACM MobiHoc 2018 Workshop on Pervasive Wireless Healthcare Workshop - MobileHealth 2018, pp. 1–6. ACM Press, New York (2018). https://doi.org/10.1145/3220127.3220128

  69. Wang, P., Ye, F., Chen, X., Qian, Y.: Datanet: deep learning based encrypted network traffic classification in SDN home gateway. IEEE Access 6, 55380–55391 (2018). https://doi.org/10.1109/ACCESS.2018.2872430

    Article  Google Scholar 

  70. Wang, P., Chao, K.M., Lin, H.C., Lin, W.H., Lo, C.C.: An efficient flow control approach for SDN-based network threat detection and migration using support vector machine. In: Proceedings - 13th IEEE International Conference on E-Business Engineering, ICEBE 2016 - Including 12th Workshop on Service-Oriented Applications, Integration and Collaboration, SOAIC 2016, pp. 56–63 (2017). https://doi.org/10.1109/ICEBE.2016.020

  71. Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016). https://doi.org/10.1109/COMST.2015.2487361

    Article  Google Scholar 

  72. Yasrebi, P., Monfared, S., Bannazadeh, H., Leon-Garcia, A.: Security function virtualization in software defined infrastructure. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 778–781. IEEE, May 2015. https://doi.org/10.1109/INM.2015.7140374

  73. Zhang, H., Wang, Y., Chen, H., Zhao, Y., Zhang, J.: Exploring machine-learning-based control plane intrusion detection techniques in software defined optical networks. Opt. Fiber Technol. 39, 37–42 (2017). https://doi.org/10.1016/J.YOFTE.2017.09.023. https://www-sciencedirect-com.ezproxy.unal.edu.co/science/article/pii/S1068520017303644

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidad Santo Tomás, Bogotá, Colombia

    Juliana Arevalo Herrera

  2. Universidad Nacional de Colombia, Bogotá, Colombia

    Jorge E. Camargo

Authors
  1. Juliana Arevalo Herrera
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorge E. Camargo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Juliana Arevalo Herrera or Jorge E. Camargo .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. Singapore Management University, Singapore, Singapore

    Robert Deng

  3. University of California, Irvine, USA

    Zhou Li

  4. Massry Center for Business, University at Albany-SUNY, Albany, NY, USA

    Suryadipta Majumdar

  5. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  6. Concordia University, Montreal, QC, Canada

    Lingyu Wang

  7. Chinese University of Hong Kong, Shatin, Hong Kong

    Kehuan Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Arevalo Herrera, J., Camargo, J.E. (2019). A Survey on Machine Learning Applications for Software Defined Network Security. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2019. Lecture Notes in Computer Science(), vol 11605. Springer, Cham. https://doi.org/10.1007/978-3-030-29729-9_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29729-9_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29728-2

  • Online ISBN: 978-3-030-29729-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation