Enhanced Scanning in SDN Networks and its Detection using Machine Learning

Software-Defined Networking (SDN) is a networking approach that is dynamic and programmable, making network configuration easier and improving network efficiency. The separation of the control plane from the network plane and the global visibility of the controller to the whole network make the monitoring and collection of data much easier than in traditional networks. Advanced Persistent Threats (APTs) are notoriously hard to detect and prevent as they have sophisticated characteristics compared to traditional attacks. Little research has been carried out on the detection of APTs in the context of SDNs. In SDN, scanning is a fundamental part of the reconstruction of flow rules maintained at nodes (and underpins many further attacks). In this paper, we propose a more stealthy means of scanning within SDN networks, typical of the "low and slow" approach taken by APTs, and enhance a network scanning tool to implement it. We evaluate how well Machine Learning (ML) algorithms can detect such APT scanning activities inside SDN. We use the XGBoost classifier for the proposed detection model, achieving at least 97.8% in Accuracy, Recall, Precision and F1-measures using just 5 features. Datasets over different network sizes are generated to form the basis for experiments and are offered free public use.

• Publication year

  2022

• Venue

  International Conference on Trust, Privacy and Security in Intelligent Systems and Applications

• Publication date

  2022-12-01

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/TPS-ISA56441.2022.00032
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks

  2021cited by this paper
• SDN-Based Detection of Self-Propagating Ransomware: The Case of BadRabbit

  2021cited by this paper
• A comprehensive security assessment framework for software-defined networks

  2020cited by this paper
• A Novel Stealthy Attack to Gather SDN Configuration-Information

  2020cited by this paper
• InSDN: A Novel SDN Intrusion Dataset

  2020cited by this paper
• NSL-KDD Dataset

  2019cited by this paper
• Cyber Deception Architecture: Covert Attack Reconnaissance Using a Safe SDN Approach

  2019cited by this paper
• Lightweight IPS for port scan in OpenFlow SDN networks

  2018cited by this paper
• Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense

  2018cited by this paper
• Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks

  2018cited by this paper
• Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

  2018cited by this paper
• Machine learning based intrusion detection system for software defined networks

  2017cited by this paper
• An Introduction to Advanced Malware and How It Avoids Detection

  2017cited by this paper
• Flow-based Intrusion Detection System for SDN

  2017cited by this paper
• Adversarial Network Forensics in Software Defined Networking

  2017cited by this paper
• Advanced or Not? A Comparative Study of the Use of Anti-debugging and Anti-VM Techniques in Generic and Targeted Malware

  2016cited by this paper
• A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions

  2016cited by this paper
• Timing-based reconnaissance and defense in software-defined networks

  2016cited by this paper
• Deep learning approach for Network Intrusion Detection in Software Defined Networking

  2016cited by this paper
• Cyber Deception: Virtual Networks to Defend Insider Reconnaissance

  2016cited by this paper
• MARS: An SDN-based malware analysis solution

  2016cited by this paper
• On the Fingerprinting of Software-Defined Networks

  2016cited by this paper
• Hacking For Dummies

  2016cited by this paper
• Security in Software-Defined Networking: Threats and Countermeasures

  2016cited by this paper
• UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)

  2015cited by this paper
• Adversary-aware IP address randomization for proactive agility against sophisticated attackers

  2015cited by this paper
• Generation of a new IDS test dataset: Time to retire the KDD collection

  2013cited by this paper
• APT INFECTION DISCOVERY USING DNS DATA

  2013cited by this paper
• The Cousins of Stuxnet: Duqu, Flame, and Gauss

  2012cited by this paper
• Behavior-Based Worm Detectors Compared

  2010cited by this paper

• Hybrid CNN-LSTM Model for DDoS Detection and Mitigation in Software-Defined Networks

  2026influential citation
• SDN-ATK: a novel SDN-specific attack dataset

  2026cites this paper
• Detection and mitigation of cyber-attacks in software defined networks using machine learning/deep learning: a systematic literature review, research challenges and future directions

  2025cites this paper
• An incremental hybrid adaptive network-based IDS in Software Defined Networks to detect stealth attacks

  2024cites this paper
• A cybersecurity review in IoT 5G networks

  2024cites this paper
• Deep Reinforcement Learning for Advanced Persistent Threat Detection in Wireless Networks

  2023cites this paper