MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context

Autor: Anass Sebbar, Youssef Baddi, Mohammed Boulmalf, Mohamed Dafir Ech-Cherif El Kettani, Karim Zkik
Rok vydání: 2020
Předmět:
Zdroj: Journal of Ambient Intelligence and Humanized Computing. 11:5875-5894
ISSN: 1868-5145
1868-5137
DOI: 10.1007/s12652-020-02099-4
Popis: Software defined network (SDN) is a promising new network abstraction that aims to improve and facilitate network management. Due to its centralized architecture and the lack of intelligence on the data plane, SDN suffers from many security issues that slows down its deployment. Man in the Middle (MitM) attack is considered as one of the most devastating attacks in an SDN context. In fact, MitM attack allows the attackers to capture, duplicate and spoof flows by targeting southbound interfaces and SDN nodes. Furthermore, it’s very difficult to detect MitM attacks since it is performed passively at the SDN level. To reduce the impact of this attack, we generally set up security policies and authentication mechanisms. However, these techniques are not applicable for a large scale SDN architecture as they require complexes and static configurations and as they negatively influence on network performance. In this paper, we propose an intrusion detection and prevention framework by using machine learning techniques to detect and stop MitM attempts. To do so, we build a context-based node acceptance based on the random forest model (CBNA-RF), which helps to setting-up appropriate security policies and to automating defense operations on a large-scale SDN context. This mechanism can realize a quick and early detection of MitM attacks by automatically detecting malicious nodes without affecting performances. The evaluation of the proposed framework demonstrates that our model can correctly classify and detect malicious connections and nodes while keeping high accuracy and precision scores.
Databáze: OpenAIRE
Externí odkaz: