Towards prediction of security attacks on software defined networks: A big data analytic approach



Journal Title

Journal ISSN

Volume Title



Cyber-physical systems (CPS) tightly integrate physical and computing processes by monitoring and control data interacting between them via underlying networks. Software Defined Network (SDN) Technology has increasingly become essential in many advanced computer networks, including those in modern CPS, to provide flexible and agile network development. Despite many benefits that SDN offers, malicious attacks that can eventually prevent network services are unavoidable. Among the most predominant attacks on SDN controller layer, Link Discovery Attack and ARP (Address Resolution Protocol) Spoofing Attack are fundamental in that they are the gateways of many other SDN threats and attacks. To defend these attacks, most existing techniques either rely on relatively complex data validation techniques or use thresholds that can be subjective and unable to detect more than one type of attacks at a time if one deciding factor is used. While Big data technology, particularly machine learning, has been widely used for intrusion/anomaly detection, little has been done in SDN. This paper explores how well this technology can be used to predict these SDN attacks. By employing typical machine learning algorithms on simulated data of routing in SDN when attacks occur, preliminary results, obtained from four machine learning models, show the average area under ROC curve of over 96% and 92% for sample size 50,970 (12 switches) and 60,000 (20 switches), respectively. Further experiments show near-linear scaling in training time for the best performing algorithm when sample size grows up to 100,000.



Software-defined networking, SDN-specific security, Link discovery attack, ARP spoofing attack, Machine learning, Data analytic applications