Machine learning in SDN

S. S. Volkov, I. I. Kurochkin

Abstract


Increase in demand for network connectivity has challenged traditional network architectures. To match demand, SDN (Software-Defined Network) was proposed as a new architecture. Since SDN technology provides network virtualization capabilities, separates control and data planes, implements logically centralized control and opens up network capabilities for higher-level applications, it is especially suitable for implementing data center networks. This network will be distinguished by functionality that supports centralized management. This article provides an overview of software-defined network technology. The features of the architecture of these networks are described, as well as the main advantages of this technology over the architecture of traditional networks. The issue of security in the SDN is considered. The authors concluded that it is possible to solve the security problem of software-defined networks using machine learning methods. A review of various studies and experiments on the use of these methods to detect and prevent potential attacks in the SDN is presented. Machine learning methods also can be used to analyze traffic taking into account QoS (Quality of Service). Several works on ensuring the quality of service for software-defined networks are considered. Among them there are works that also use machine learning methods.


Full Text:

PDF (Russian)

References


Wang P., Lin S. C., Luo M. A framework for QoS-aware traffic classification using semi-supervised machine learning in SDNs //2016 IEEE International Conference on Services Computing (SCC). – IEEE, 2016. – С. 760-765.

Nanda S. et al. Predicting network attack patterns in SDN using machine learning approach //2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). – IEEE, 2016. – С. 167-172.

Qazi Z. A. et al. Application-awareness in SDN //ACM SIGCOMM computer communication review. – ACM, 2013. – Т. 43. – №. 4. – С. 487-488.

Kokila R. T., Selvi S. T., Govindarajan K. DDoS detection and analysis in SDN-based environment using support vector machine classifier //2014 Sixth International Conference on Advanced Computing (ICoAC). – IEEE, 2014. – С. 205-210.

Tang T. A. et al. Deep learning approach for network intrusion detection in software defined networking //2016 International Conference on Wireless Networks and Mobile Communications (WINCOM). – IEEE, 2016. – С. 258-263.

Niyaz Q., Sun W., Javaid A. Y. A deep learning based DDoS detection system in software-defined networking (SDN) //arXiv preprint arXiv:1611.07400. – 2016.

Sultana N. et al. Survey on SDN based network intrusion detection system using machine learning approaches //Peer-to-Peer Networking and Applications. – 2019. – Т. 12. – №. 2. – С. 493-501.

Amaral P. et al. Machine learning in software defined networks: Data collection and traffic classification //2016 IEEE 24th International Conference on Network Protocols (ICNP). – IEEE, 2016. – С. 1-5.

Abubakar A., Pranggono B. Machine learning based intrusion detection system for software defined networks //2017 Seventh International Conference on Emerging Security Technologies (EST). – IEEE, 2017. – С. 138-143.

Li C. et al. Detection and defense of DDoS attack–based on deep learning in OpenFlow‐based SDN //International Journal of Communication Systems. – 2018. – Т. 31. – №. 5. – С. e3497.

Savina O. A. et al. K voprosu o sovmestnom primenenii tekhnologiy sdn i big data [to the question of joint application of sdn and big data technologies] // Doctor of Economic Sciences, Candidate of Technical Sciences, Professor of PV Terelyanskiy, Doctor of Economic Sciences SA Lukianova. – 2017. – С. 74.

Bolodurina I. P., Parphenov D. I. Issledovaniye modeli neyronnoy seti dlya obespecheniya bezopasnosti i kachestva obsluzhivaniya mul'tioblachnoy platformy [research of a neural network model to ensure the safety and quality of service of the multi-cloud platform] // Informatsionnyye i matematicheskiye tekhnologii v nauke i upravlenii [Information and mathematical technologies in science and control]. – 2018. – №. 3. – С. 18-26.

Dotcenko S., Vladyko A., Letenko I. A fuzzy logic-based information security management for software-defined networks //16th International Conference on Advanced Communication Technology. – IEEE, 2014. – С. 167-171.

Lantz B., Heller B., McKeown N. A network in a laptop: rapid prototyping for software-defined networks //Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. – ACM, 2010. – С. 19.

Fralenko V. P. Obnaruzheniye setevykh atak s pomoshch'yu geneticheski sozdavayemykh konechnykh avtomatov [Genetic state machine detection of network attacks] // Herald of the RUDN University. Series: Mathematics, Computer Science, Physics. 2012. №4.

Kondratiev A. A. Raspredelonnaya sistema obnaruzheniya i predotvrashcheniya setevykh atak na sistemy oblachnykh vychisleniy [Distributed system for detecting and preventing network attacks on cloud computing systems] // Herald of the RUDN University. Series: Mathematics, Computer Science, Physics. 2014. №1.

Ivanov V. G. Kireev S. H., Lyzhkin K. V. Primeneniye metodov iskusstvennogo intellekta dlya obnaruzheniya komp'yuternykh atak [The use of artificial intelligence to detect computer attacks]// Trudy CNIIS. Sankt-Peterburgskiy filial [Proceedings of CNIIS. St. Petersburg branch.]. 2017. Т. 1. № 4. С. 109-116.

Yan Q. et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges //IEEE communications surveys & tutorials. – 2015. – Т. 18. – №. 1. – С. 602-622.

Semenovykh A. A., Laponina O. R. Sravnitel'nyy analiz SDN-kontrollerov [Comparative analysis of SDN controllers]. // International Journal of Open Information Technologies ISSN: 2307-8162. - 2018. - vol. 6. - №. 7.

Oshkina Ye. V. Setevaya tekhnologiya SDN (obzor, sovremennyye tendentsii) [Network technology SDN (review, current trends)] // Tekhnicheskiye nauki: problemy i perspektivy: materialy 5 Mezhdunarodnoy nauchnoy konferentsii [Engineering: problems and prospects: proceedings of the 5th International Scientific Conference] (St. Petersburg, July 2017.). — SPb.: Svoye izdatel'stvo [SPb .: Own publishing house], 2017. — С. 3-6. — URL https://moluch.ru/conf/tech/archive/231/12628/ (accessed: 30.05.2019).

Kolomeyets A. Ye., Surkov L. V. Programmno-konfiguriruyemyye seti na baze protokola OpenFlow [Software-configured networks based on the OpenFlow protocol]// Inzhenernyy vestnik [Engineering Herald]. – 2014. – №. 5. – С. 2-2.

Borshevnikov A. Ye. Setevyye ataki. Vidy. Sposoby bor'by [Network attacks. Kinds. Ways to deal with it.] // Sovremennyye tendentsii tekhnicheskikh nauk: materialy mezhdunarodnoy nauchnoy konferentsii [Current Trends in Engineering: Proceedings of an International Scientific Conference]. — Ufa: Summer, 2011. — С. 8-13. — URL:https://moluch.ru/conf/tech/archive/5/1115/ (accessed: 12.03.2019).

Zakharov A. A., Popov Ye. F., Fuchko M. M. Aspekty informatsionnoy bezopasnosti arkhitektury SDN [Aspects of information security of the SDN architecture]// Vestnik SibGUTI [SibGUTI Herald]. – 2016. – №. 1. – С. 83-92.

Loginov S.S. Ob urovnyakh upravleniya v programmno-konfiguriruyemoy seti (SDN) [About control levels in a software-configured network (SDN)]// T-Comm: Telekommunikatsii i transport [T-Comm: Telecommunications and transport]. 2017. Vol 11. No3. С. 50-55.

Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman Dan Boneh, Nick McKeown, Scott Shenker. SANE: A Protection Architecture for Enterprise Networks //15-th Usenix Security Symposium. Vancouver, Canada. 2006.

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, J. Turner. Openflow: Enabling innovation in campus networks // SIGCOMM Computer Communication Review. vol. 38. № 2. pp. 69–74, 2008.

SDN Technical Specifications. URL:https://www.opennetworking.org/software-defined-standards/specifications/ (accessed: 10.10.2019)

Hu Y. N. et al. On the placement of controllers in software-defined networks //The Journal of China Universities of Posts and Telecommunications. – 2012. – Т. 19. – С. 92-171.

Hu Y. et al. Reliability-aware controller placement for software-defined networks //Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on. – IEEE, 2013. – С. 672-675.

Chugreyev D.A., Shkrebets A.Ye., Shevel' A.Ye., Vlasov D.V., Grudinin V.A., Kairkanov A.B., Sadov O.L., Titov V.B., Khoruzhnikov S.E., Soms L.N. Razrabotka interfeysa vzaimodeystviya s kontrollerom programmno-konfiguriruyemykh setey [Development of interface for interaction with the program-configurable networks controller]// Sovremennyye problemy nauki i obrazovaniya [Modern problems of science and education]. - 2013. - № 3. - С. 83.

Vlasov D.V., Grudinin V.A., Kairkanov A.B., Sadov O.L., Soms L.N., Titov V.B., Khoruzhnikov S.E., Chugreyev D.A., Shevel' A.Ye., Shkrebets A.Ye. Razrabotka prototipov sredstv upravleniya setevymi resursami i potokami dannykh [Development of prototypes of network resources and data flows based on openflow software configurated networks]// Sovremennyye problemy nauki i obrazovaniya [Modern problems of science and education]. - 2013. - № 3. - С. 86.

Sadov O.L., Vlasov D.V., Grudinin V.A., Kairkanov A.B., Soms L.N., Titov V.B., Khoruzhnikov S.E., Chugreyev D.A., Shevel' A.Ye., Shkrebets A.Ye. Issledovaniye seti khraneniya dannykh, postroyennoy s ispol'zovaniyem programmno-konfiguriruyemykh [Researching a storage network built using openflow software-defined networks]// Sovremennyye problemy nauki i obrazovaniya [Modern problems of science and education]. - 2013. - № 4. - С. 64.

Laponina O.R., Sizov M.R. Laboratornyy stend dlya testirovaniya vozmozhnostey integratsii PKS-setey i traditsionnykh setey [Laboratory bench for testing the integration capabilities of SDN and traditional networks]//International Journal of Open Information Technologies. 2017. Т. 5. № 9. С. 3-12.

Amelyanovich A.V., Shpakov M.N., Mutkhanna A.S., Buynevich M.V., Vladyko A.G. Tsentralizovannoye upravleniya potokami trafika v besprovodnykh lokal'nykh setyakh na baze kontseptsii SDN [Centralized traffic flow control in wireless LANs based on the SDN concept]// Sistemy sinkhronizatsii, formirovaniya i obrabotki signalov [Systems of synchronization, formation and processing of signals]. 2017. Т. 8. № 2. С. 31-35.

Man'kov V.A., Krasnova I.A. Algoritm dinamicheskoy klassifikatsii potokov v mul'tiservisnoy SDN-seti [The algorithm for dynamic classification of flows in a multi-service SDN network]// T-Comm: Telekommunikatsii i transport [T-Comm: Telecommunications and transport]. 2017. Том 11. No12. С. 37-42.

Smelyanskiy R.L., Pilyugin P.L. Sovremennyye problemy obespecheniya bezopasnosti v SDN [Modern security problems in SDN]// REDS: Telekommunikatsionnyye ustroystva i sistemy [REDS: Telecommunication devices and systems]. 2017. Т. 7. № 4. С. 523-526.

Wang H., Xu L., Gu G. Floodguard: A dos attack prevention extension in software-defined networks //2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. – IEEE, 2015. – С. 239-250.

Shin S. et al. Enhancing network security through software defined networking (sdn) //2016 25th International Conference on Computer Communication and Networks (ICCCN). – IEEE, 2016. – С. 1-9.

Hong S. et al. Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures //NDSS. – 2015. – Т. 15. – С. 8-11.

Lee S. et al. DELTA: A Security Assessment Framework for Software-Defined Networks //NDSS. – 2017.

An Overview of Misuse / Attack Cases. URL:http://www.sdnsecurity.org/vulnerability/attacks (accessed: 10.10.2019)

Tang T. A. et al. Deep recurrent neural network for intrusion detection in sdn-based networks //2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft). – IEEE, 2018. – С. 202-206.

Karakus M., Durresi A. Quality of service (QoS) in software defined networking (SDN): A survey //Journal of Network and Computer Applications. – 2017. – Т. 80. – С. 200-218.

Wallner R., Cannistra R. An SDN approach: quality of service using big switch’s floodlight open-source controller //Proceedings of the Asia-Pacific Advanced Network. – 2013. – Т. 35. – С. 14-19.

Govindarajan K. et al. Realizing the quality of service (QoS) in software-defined networking (SDN) based cloud infrastructure //2014 2nd International Conference on Information and Communication Technology (ICoICT). – IEEE, 2014. – С. 505-510.


Refbacks

  • There are currently no refbacks.


Abava  Кибербезопасность IT Congress 2024

ISSN: 2307-8162