SlideShare a Scribd company logo

Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

Download as PPTX, PDF
S
Sajib Sen

1) The document discusses setting up a virtual SDN network using Mininet and Open vSwitch to study DDoS attack detection using machine learning. It creates a 3-switch topology and configures basic flow rules. 2) A DDoS ping flood attack is launched on the network from multiple hosts. Network traffic data is collected using sFlow for both normal and attack scenarios. 3) Different machine learning classifiers including Bayes Net, Naive Bayes, and AdaBoost are trained on the data and their performance is compared based on metrics like precision, recall and F-measure. AdaBoost performed the best with 0.934 precision and recall.

Engineering
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack Authors Sajib Sen, Kishor Datta Gupta, and Md Manjurul Ahsan 4/30/18 1
Introduction Figure 1: Different planes and network application in SDN[1] Figure 2: Reactive traffic flow set-up in SDN[1] [1]Niyaz Q, Sun W, Javaid AY, and Alam M. A deep learning approach for network intrusion detection system. International conference wireless networks and mobile communications (WINCOM), pages 258{263, 2016
Introduction Figure 3: OpenVSwitch architecture Figure 4: Packet flow
Introduction Figure 5: sFlow-RT interface
Introduction Figure 6: Traffic monitoring Figure 7: Event handling
Implementation: • To create a virtual network SDN topology: • sudo mn --controller=remote,ip=127.0.0.1,port=6653 --topo=single,3 --mac --switch ovsk • This tells Mininet to start up a 3-host, single-(openvSwitch-based)switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost.
Implementation: Figure 8: Setting of Virtual SDN
Flow rules set up in SDN controller: # sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2 # sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1 This will forward packets coming at port 1 to port 2 and vice-verca.
Implementation: • To connect OpenVSwitch to sFlow-RT analyzer: • sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow • Here the OpenVSwitch has been connected to sFlow-RT with eth0 as agent and flow switch as s1. • To start: ./sFlow-rt/start.sh and to check the topology of mininet network in sFlow-RT need to visit • http://localhost:8008/metric/127.0.0.1/html • http://localhost:8080/ui/pages/index.html
Implementation: • xterm h1 h2 • on h1 terminal "python -m SimpleHTTPServer 80& • on h2 terminal "ping 10.0.0.1" Figure 9: Ping request to node h1
Implementation: Figure 10: Network packet information in Wireshark
Implementation: Figure 11 : Packet flow in s1-eth0 interface
Implementation: Data Description: No. Features Description 1 Service network service on the destination, e.g., http, telnet, etc. 2 Header length Length of Header data 3 Flags normal (0) or error(1) status of the connection 4 TTL Time to Live 5 Protocol type of the protocol, e.g. tcp, udp, etc. 6 Data bytes Bytes of data needed for certain protocol 7 Epoch Time Time to complete one epoch 8 Reply Response Time Time to give response 9 Land 1 if connection is from/to the same host/port; 0 otherwise
Implementation: • DDoS flood attack: • ping -f 10.0.0.1 command from different MiniNet hosts. • Besides to create flood attack manually, a payload had been created by python code using scapy library. Figure 12: DDoS Attack
Implementation: Figure 13: Ping flood attack to node h1
Implementation: Figure 14: Ping flood packet data in wireshark
Figure 15: Dos attack in sFlow-RT Implementation:
No Techniques Precision Recall F- Measure ROC Area 1 Bayes Net 0.889 0.885 0.885 0.863 2 Naïve Bayes 0.731 0.705 0.693 0.707 3 Multilayer Perceptron 0.836 0.836 0.836 0.834 4 Support Vector Machine(ker nel=3) 0.853 0.852 0.852 0.853 5 AdaBoost (Decision Stump as weak classifier) 0.934 0.934 0.934 0.887 6 J48 decision tree 0.903 0.902 0.901 0.880 7 Random Forest 0.837 0.836 0.836 0.899 Result and Observation:
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Bayes Net Naïve Bayes Multilayer Perceptron Support Vector Machine(kernel=3) AdaBoost(Decision Stump as weak classifier) J48 decision tree Random Forest Comparison of F-measure Among Classifier Result and Observation
• Virtual SDN testbed environment has been created • DoS attack performed on the network • Data collected for both normal and attack scenario. • Model trained and performance compare for different classifier Conclusion
Thank you 4/30/18 21

More Related Content

What's hot (20)

PDF
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
PDF
TC Flower Offload
Netronome
 
DOCX
Ccna notes
Mubeen Chughtai
 
PDF
Network time protocol
Mohd Amir
 
PPTX
Basic ntp configuration
Raghu nath
 
PDF
Open vSwitch Implementation Options
Netronome
 
PDF
Getting date and time from ntp server with esp8266 node mcu
Elaf A.Saeed
 
PDF
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
ODP
Network for amin
adnan alshulah
 
PPSX
Adaptation of tcp window
priya Nithya
 
PDF
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
PPTX
Pentesting ntp-17-02-18
Vengatesh Nagarajan
 
PPTX
Byte blower basic setting full_v2
Chen-Chih Lee
 
PPT
Types Of Attack.
Greater Noida Institute Of Technology
 
PPTX
Beyond TCP: The evolution of Internet transport protocols
Olivier Bonaventure
 
PDF
Traceroute- A Networking Tool
Amit Kumar
 
PPTX
Area25 Learning DS1
Ali Hamieh
 
PDF
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OpenvSwitch
 
PDF
Offloading TC Rules on OVS Internal Ports
Netronome
 
PDF
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
 
DDoS Attack Preparation and Mitigation
Jerod Brennen
 
TC Flower Offload
Netronome
 
Ccna notes
Mubeen Chughtai
 
Network time protocol
Mohd Amir
 
Basic ntp configuration
Raghu nath
 
Open vSwitch Implementation Options
Netronome
 
Getting date and time from ntp server with esp8266 node mcu
Elaf A.Saeed
 
LF_OVS_17_OVS/OVS-DPDK connection tracking for Mobile usecases
LF_OpenvSwitch
 
Network for amin
adnan alshulah
 
Adaptation of tcp window
priya Nithya
 
LF_OVS_17_OVN and Containers - An update.
LF_OpenvSwitch
 
Pentesting ntp-17-02-18
Vengatesh Nagarajan
 
Byte blower basic setting full_v2
Chen-Chih Lee
 
Types Of Attack.
Greater Noida Institute Of Technology
 
Beyond TCP: The evolution of Internet transport protocols
Olivier Bonaventure
 
Traceroute- A Networking Tool
Amit Kumar
 
Area25 Learning DS1
Ali Hamieh
 
LF_OVS_17_Open vSwitch Offload: Conntrack and the Upstream Kernel
LF_OpenvSwitch
 
Offloading TC Rules on OVS Internal Ports
Netronome
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Pavel Odintsov
 

Similar to Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack (20)

PPT
Floodlight OpenFlow DDoS
Yoav Francis
 
DOCX
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Shakas Technologies
 
PDF
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET Journal
 
PDF
Evaluation of distributed denial of service attacks detection in software def...
IAESIJAI
 
PDF
Review Paper on Predicting Network Attack Patterns in SDN using ML
ijtsrd
 
DOCX
Entropy based DDos Detection in SDN
Vishal Vasudev
 
PDF
Implementation of ICMP flood detection and mitigation system based on softwar...
TELKOMNIKA JOURNAL
 
PDF
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET Journal
 
PDF
IRJET- A Study of DDoS Attacks in Software Defined Networks
IRJET Journal
 
PDF
IRJET- Software Defined Network: DDOS Attack Detection
IRJET Journal
 
PDF
An ensemble-based approach for effective distributed denial of service attack...
IAESIJAI
 
PDF
SDN and Mininet: Some Basic Concepts
Eswar Publications
 
PDF
Distributed denial of service (DDoS) attack mitigation in software defined ne...
mokamojah
 
PDF
Banv
netvis
 
PDF
IRJET- Build SDN with Openflow Controller
IRJET Journal
 
PDF
Optimal software-defined network topology for distributed denial of service a...
journalBEEI
 
PDF
Final_Report
Tlhologelo Mphahlele
 
PDF
Security defined routing_cybergamut_v1_1
Joel W. King
 
PPTX
SDN Demystified, by Dean Pemberton [APNIC 38]
APNIC
 
PDF
Encountering distributed denial of service attack utilizing federated softwar...
IJECEIAES
 
Floodlight OpenFlow DDoS
Yoav Francis
 
Detecting_and_Mitigating_Botnet_Attacks_in_Software-Defined_Networks_Using_De...
Shakas Technologies
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET Journal
 
Evaluation of distributed denial of service attacks detection in software def...
IAESIJAI
 
Review Paper on Predicting Network Attack Patterns in SDN using ML
ijtsrd
 
Entropy based DDos Detection in SDN
Vishal Vasudev
 
Implementation of ICMP flood detection and mitigation system based on softwar...
TELKOMNIKA JOURNAL
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET Journal
 
IRJET- A Study of DDoS Attacks in Software Defined Networks
IRJET Journal
 
IRJET- Software Defined Network: DDOS Attack Detection
IRJET Journal
 
An ensemble-based approach for effective distributed denial of service attack...
IAESIJAI
 
SDN and Mininet: Some Basic Concepts
Eswar Publications
 
Distributed denial of service (DDoS) attack mitigation in software defined ne...
mokamojah
 
Banv
netvis
 
IRJET- Build SDN with Openflow Controller
IRJET Journal
 
Optimal software-defined network topology for distributed denial of service a...
journalBEEI
 
Final_Report
Tlhologelo Mphahlele
 
Security defined routing_cybergamut_v1_1
Joel W. King
 
SDN Demystified, by Dean Pemberton [APNIC 38]
APNIC
 
Encountering distributed denial of service attack utilizing federated softwar...
IJECEIAES
 
Ad

More from Sajib Sen (12)

PPTX
An empirical study on algorithmic bias
Sajib Sen
 
PPTX
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Sajib Sen
 
PPTX
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
Sajib Sen
 
PPTX
Equifax data breach
Sajib Sen
 
PPTX
Weka tutorial
Sajib Sen
 
PPTX
A Crowdsourcing Review Technique to Prevent Spreading Fake News
Sajib Sen
 
PPTX
Image Recognition with Neural Network
Sajib Sen
 
PPTX
K-means Clustering
Sajib Sen
 
PPTX
Machine Learning Landscape
Sajib Sen
 
PPTX
Raspberry-Pi GPIO
Sajib Sen
 
PPTX
An Updated Survey on Niching Methods and Their Applications
Sajib Sen
 
PPTX
Binary classification with logistic regression algorithm using hadoop
Sajib Sen
 
An empirical study on algorithmic bias
Sajib Sen
 
Battery Less Solar Power Controller to Drive Load at Constant Power Irrespect...
Sajib Sen
 
PMCN 2017- workshop presentation(Instrumentation for Detecting Cervical Cance...
Sajib Sen
 
Equifax data breach
Sajib Sen
 
Weka tutorial
Sajib Sen
 
A Crowdsourcing Review Technique to Prevent Spreading Fake News
Sajib Sen
 
Image Recognition with Neural Network
Sajib Sen
 
K-means Clustering
Sajib Sen
 
Machine Learning Landscape
Sajib Sen
 
Raspberry-Pi GPIO
Sajib Sen
 
An Updated Survey on Niching Methods and Their Applications
Sajib Sen
 
Binary classification with logistic regression algorithm using hadoop
Sajib Sen
 
Ad

Recently uploaded (20)

PDF
ARC--BUILDING-UTILITIES-2-PART-2 (1).pdf
IzzyBaniquedBusto
 
PPTX
Electron Beam Machining for Production Process
Rajshahi University of Engineering & Technology(RUET), Bangladesh
 
PDF
Book.pdf01_Intro.ppt algorithm for preperation stu used
archu26
 
PPTX
drones for disaster prevention response.pptx
NawrasShatnawi1
 
PDF
PRIZ Academy - Change Flow Thinking Master Change with Confidence.pdf
PRIZ Guru
 
PPTX
EC3551-Transmission lines Demo class .pptx
Mahalakshmiprasannag
 
PPTX
265587293-NFPA 101 Life safety code-PPT-1.pptx
chandermwason
 
PPTX
Innowell Capability B0425 - Commercial Buildings.pptx
regobertroza
 
PDF
BioSensors glucose monitoring, cholestrol
nabeehasahar1
 
PPTX
The Role of Information Technology in Environmental Protectio....pptx
nallamillisriram
 
PPTX
ISO/IEC JTC 1/WG 9 (MAR) Convenor Report
Kurata Takeshi
 
PDF
Statistical Data Analysis Using SPSS Software
shrikrishna kesharwani
 
PDF
MOBILE AND WEB BASED REMOTE BUSINESS MONITORING SYSTEM
ijait
 
PPTX
NEUROMOROPHIC nu iajwojeieheueueueu.pptx
knkoodalingam39
 
PDF
Ethics and Trustworthy AI in Healthcare – Governing Sensitive Data, Profiling...
AlqualsaDIResearchGr
 
PPTX
Types of Bearing_Specifications_PPT.pptx
PranjulAgrahariAkash
 
PPTX
Pharmaceuticals and fine chemicals.pptxx
jaypa242004
 
PPTX
Break Statement in Programming with 6 Real Examples
manojpoojary2004
 
PDF
A presentation on the Urban Heat Island Effect
studyfor7hrs
 
PPTX
Introduction to Neural Networks and Perceptron Learning Algorithm.pptx
Kayalvizhi A
 
ARC--BUILDING-UTILITIES-2-PART-2 (1).pdf
IzzyBaniquedBusto
 
Electron Beam Machining for Production Process
Rajshahi University of Engineering & Technology(RUET), Bangladesh
 
Book.pdf01_Intro.ppt algorithm for preperation stu used
archu26
 
drones for disaster prevention response.pptx
NawrasShatnawi1
 
PRIZ Academy - Change Flow Thinking Master Change with Confidence.pdf
PRIZ Guru
 
EC3551-Transmission lines Demo class .pptx
Mahalakshmiprasannag
 
265587293-NFPA 101 Life safety code-PPT-1.pptx
chandermwason
 
Innowell Capability B0425 - Commercial Buildings.pptx
regobertroza
 
BioSensors glucose monitoring, cholestrol
nabeehasahar1
 
The Role of Information Technology in Environmental Protectio....pptx
nallamillisriram
 
ISO/IEC JTC 1/WG 9 (MAR) Convenor Report
Kurata Takeshi
 
Statistical Data Analysis Using SPSS Software
shrikrishna kesharwani
 
MOBILE AND WEB BASED REMOTE BUSINESS MONITORING SYSTEM
ijait
 
NEUROMOROPHIC nu iajwojeieheueueueu.pptx
knkoodalingam39
 
Ethics and Trustworthy AI in Healthcare – Governing Sensitive Data, Profiling...
AlqualsaDIResearchGr
 
Types of Bearing_Specifications_PPT.pptx
PranjulAgrahariAkash
 
Pharmaceuticals and fine chemicals.pptxx
jaypa242004
 
Break Statement in Programming with 6 Real Examples
manojpoojary2004
 
A presentation on the Urban Heat Island Effect
studyfor7hrs
 
Introduction to Neural Networks and Perceptron Learning Algorithm.pptx
Kayalvizhi A
 

Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack

  • 1. Leveraging Machine Learning Approach to Setup Software Defined Network(SDN) Controller Rules During DDoS Attack Authors Sajib Sen, Kishor Datta Gupta, and Md Manjurul Ahsan 4/30/18 1
  • 2. Introduction Figure 1: Different planes and network application in SDN[1] Figure 2: Reactive traffic flow set-up in SDN[1] [1]Niyaz Q, Sun W, Javaid AY, and Alam M. A deep learning approach for network intrusion detection system. International conference wireless networks and mobile communications (WINCOM), pages 258{263, 2016
  • 3. Introduction Figure 3: OpenVSwitch architecture Figure 4: Packet flow
  • 5. Introduction Figure 6: Traffic monitoring Figure 7: Event handling
  • 6. Implementation: • To create a virtual network SDN topology: • sudo mn --controller=remote,ip=127.0.0.1,port=6653 --topo=single,3 --mac --switch ovsk • This tells Mininet to start up a 3-host, single-(openvSwitch-based)switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost.
  • 8. Flow rules set up in SDN controller: # sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2 # sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1 This will forward packets coming at port 1 to port 2 and vice-verca.
  • 9. Implementation: • To connect OpenVSwitch to sFlow-RT analyzer: • sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0 target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow • Here the OpenVSwitch has been connected to sFlow-RT with eth0 as agent and flow switch as s1. • To start: ./sFlow-rt/start.sh and to check the topology of mininet network in sFlow-RT need to visit • http://localhost:8008/metric/127.0.0.1/html • http://localhost:8080/ui/pages/index.html
  • 10. Implementation: • xterm h1 h2 • on h1 terminal "python -m SimpleHTTPServer 80& • on h2 terminal "ping 10.0.0.1" Figure 9: Ping request to node h1
  • 11. Implementation: Figure 10: Network packet information in Wireshark
  • 12. Implementation: Figure 11 : Packet flow in s1-eth0 interface
  • 13. Implementation: Data Description: No. Features Description 1 Service network service on the destination, e.g., http, telnet, etc. 2 Header length Length of Header data 3 Flags normal (0) or error(1) status of the connection 4 TTL Time to Live 5 Protocol type of the protocol, e.g. tcp, udp, etc. 6 Data bytes Bytes of data needed for certain protocol 7 Epoch Time Time to complete one epoch 8 Reply Response Time Time to give response 9 Land 1 if connection is from/to the same host/port; 0 otherwise
  • 14. Implementation: • DDoS flood attack: • ping -f 10.0.0.1 command from different MiniNet hosts. • Besides to create flood attack manually, a payload had been created by python code using scapy library. Figure 12: DDoS Attack
  • 15. Implementation: Figure 13: Ping flood attack to node h1
  • 16. Implementation: Figure 14: Ping flood packet data in wireshark
  • 17. Figure 15: Dos attack in sFlow-RT Implementation:
  • 18. No Techniques Precision Recall F- Measure ROC Area 1 Bayes Net 0.889 0.885 0.885 0.863 2 Naïve Bayes 0.731 0.705 0.693 0.707 3 Multilayer Perceptron 0.836 0.836 0.836 0.834 4 Support Vector Machine(ker nel=3) 0.853 0.852 0.852 0.853 5 AdaBoost (Decision Stump as weak classifier) 0.934 0.934 0.934 0.887 6 J48 decision tree 0.903 0.902 0.901 0.880 7 Random Forest 0.837 0.836 0.836 0.899 Result and Observation:
  • 19. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Bayes Net Naïve Bayes Multilayer Perceptron Support Vector Machine(kernel=3) AdaBoost(Decision Stump as weak classifier) J48 decision tree Random Forest Comparison of F-measure Among Classifier Result and Observation
  • 20. • Virtual SDN testbed environment has been created • DoS attack performed on the network • Data collected for both normal and attack scenario. • Model trained and performance compare for different classifier Conclusion