Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Downloads (Pure)

Abstract

Software Defined Networks (SDN) with OpenFlow (OF) based protocol tend to transform traditional network architecture to vendor independent architecture with data-plane and control-plane programmability. This programmability provides a rich functionality in central traffic management, switch configuration, Intrusion Detection System (IDS) integration and global view of entire deployed infrastructure. The SDN network comprises single point failure vulnerability mainly at central controller unit, the deployment of standalone legacy IDS sensors cannot guarantee for safeguard against intruders. Therefore, in the first stage of proposed work, a signature-based Snort IDS is implemented for malicious activity detection and traffic monitoring with traffic mirroring in Open vSwitch (OVS), then store in csv log file of Barnyard 2. In second stage, for the purpose of effective attack detection in the test-bed, a flowbased anomaly detection is deployed with Deep Neural Networks (DNN) to improve the signature-based IDS limitation with higher detection rate with low false-positive triggers. To assess the efficacy of our proposed collaborative detection technique, a testbed is developed to simulate malicious and benign traffic. From the simulation results, our collaborative detection mechanism achieved more than 90% true positive rate with less than 5% of false alarms for all TCP, UDP and ICMP attacks in general, demonstrating effective malicious traffic detection method as compared to conventional signature based methodologies.
Original languageEnglish
Title of host publication20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems
Subtitle of host publicationHPCC/SmartCity/DSS 2018
PublisherIEEE
Pages915-920
Number of pages6
ISBN (Electronic)9781538666142
ISBN (Print)9781538666159
DOIs
Publication statusPublished - 2018
EventInternational Symposium on Advances in High Performance Computing and Networking: In conjunction with The 20th IEEE International Conference on High Performance Computing and Communications - Exeter, United Kingdom
Duration: 28 Jun 201830 Jun 2018
http://cse.stfx.ca/~hpcc2018/AHPCN.htm

Conference

ConferenceInternational Symposium on Advances in High Performance Computing and Networking
Abbreviated titleAHPCN-2018
CountryUnited Kingdom
CityExeter
Period28/06/1830/06/18
Internet address

Fingerprint

Intrusion detection
Testbeds
Network architecture
Switches
Network protocols
Controllers
Deep neural networks
Monitoring
Sensors

Keywords

  • Software defined networks
  • OpenFlow
  • Open vSwitch
  • Barnyard 2
  • Snort
  • Deep neural networks

Cite this

Ujjan, R. M. A., Pervez, Z., & Dahal, K. (2018). Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks. In 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems : HPCC/SmartCity/DSS 2018 (pp. 915-920). IEEE. https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00152
Ujjan, Raja Majid Ali ; Pervez, Zeeshan ; Dahal, Keshav. / Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks. 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems : HPCC/SmartCity/DSS 2018. IEEE, 2018. pp. 915-920
@inproceedings{c2e2a84f20904d2cab286db5557402ee,
title = "Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks",
abstract = "Software Defined Networks (SDN) with OpenFlow (OF) based protocol tend to transform traditional network architecture to vendor independent architecture with data-plane and control-plane programmability. This programmability provides a rich functionality in central traffic management, switch configuration, Intrusion Detection System (IDS) integration and global view of entire deployed infrastructure. The SDN network comprises single point failure vulnerability mainly at central controller unit, the deployment of standalone legacy IDS sensors cannot guarantee for safeguard against intruders. Therefore, in the first stage of proposed work, a signature-based Snort IDS is implemented for malicious activity detection and traffic monitoring with traffic mirroring in Open vSwitch (OVS), then store in csv log file of Barnyard 2. In second stage, for the purpose of effective attack detection in the test-bed, a flowbased anomaly detection is deployed with Deep Neural Networks (DNN) to improve the signature-based IDS limitation with higher detection rate with low false-positive triggers. To assess the efficacy of our proposed collaborative detection technique, a testbed is developed to simulate malicious and benign traffic. From the simulation results, our collaborative detection mechanism achieved more than 90{\%} true positive rate with less than 5{\%} of false alarms for all TCP, UDP and ICMP attacks in general, demonstrating effective malicious traffic detection method as compared to conventional signature based methodologies.",
keywords = "Software defined networks, OpenFlow, Open vSwitch, Barnyard 2, Snort, Deep neural networks",
author = "Ujjan, {Raja Majid Ali} and Zeeshan Pervez and Keshav Dahal",
year = "2018",
doi = "10.1109/HPCC/SmartCity/DSS.2018.00152",
language = "English",
isbn = "9781538666159",
pages = "915--920",
booktitle = "20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems",
publisher = "IEEE",
address = "United States",

}

Ujjan, RMA, Pervez, Z & Dahal, K 2018, Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks. in 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems : HPCC/SmartCity/DSS 2018. IEEE, pp. 915-920, International Symposium on Advances in High Performance Computing and Networking, Exeter, United Kingdom, 28/06/18. https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00152

Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks. / Ujjan, Raja Majid Ali; Pervez, Zeeshan; Dahal, Keshav.

20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems : HPCC/SmartCity/DSS 2018. IEEE, 2018. p. 915-920.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks

AU - Ujjan, Raja Majid Ali

AU - Pervez, Zeeshan

AU - Dahal, Keshav

PY - 2018

Y1 - 2018

N2 - Software Defined Networks (SDN) with OpenFlow (OF) based protocol tend to transform traditional network architecture to vendor independent architecture with data-plane and control-plane programmability. This programmability provides a rich functionality in central traffic management, switch configuration, Intrusion Detection System (IDS) integration and global view of entire deployed infrastructure. The SDN network comprises single point failure vulnerability mainly at central controller unit, the deployment of standalone legacy IDS sensors cannot guarantee for safeguard against intruders. Therefore, in the first stage of proposed work, a signature-based Snort IDS is implemented for malicious activity detection and traffic monitoring with traffic mirroring in Open vSwitch (OVS), then store in csv log file of Barnyard 2. In second stage, for the purpose of effective attack detection in the test-bed, a flowbased anomaly detection is deployed with Deep Neural Networks (DNN) to improve the signature-based IDS limitation with higher detection rate with low false-positive triggers. To assess the efficacy of our proposed collaborative detection technique, a testbed is developed to simulate malicious and benign traffic. From the simulation results, our collaborative detection mechanism achieved more than 90% true positive rate with less than 5% of false alarms for all TCP, UDP and ICMP attacks in general, demonstrating effective malicious traffic detection method as compared to conventional signature based methodologies.

AB - Software Defined Networks (SDN) with OpenFlow (OF) based protocol tend to transform traditional network architecture to vendor independent architecture with data-plane and control-plane programmability. This programmability provides a rich functionality in central traffic management, switch configuration, Intrusion Detection System (IDS) integration and global view of entire deployed infrastructure. The SDN network comprises single point failure vulnerability mainly at central controller unit, the deployment of standalone legacy IDS sensors cannot guarantee for safeguard against intruders. Therefore, in the first stage of proposed work, a signature-based Snort IDS is implemented for malicious activity detection and traffic monitoring with traffic mirroring in Open vSwitch (OVS), then store in csv log file of Barnyard 2. In second stage, for the purpose of effective attack detection in the test-bed, a flowbased anomaly detection is deployed with Deep Neural Networks (DNN) to improve the signature-based IDS limitation with higher detection rate with low false-positive triggers. To assess the efficacy of our proposed collaborative detection technique, a testbed is developed to simulate malicious and benign traffic. From the simulation results, our collaborative detection mechanism achieved more than 90% true positive rate with less than 5% of false alarms for all TCP, UDP and ICMP attacks in general, demonstrating effective malicious traffic detection method as compared to conventional signature based methodologies.

KW - Software defined networks

KW - OpenFlow

KW - Open vSwitch

KW - Barnyard 2

KW - Snort

KW - Deep neural networks

U2 - 10.1109/HPCC/SmartCity/DSS.2018.00152

DO - 10.1109/HPCC/SmartCity/DSS.2018.00152

M3 - Conference contribution

SN - 9781538666159

SP - 915

EP - 920

BT - 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems

PB - IEEE

ER -

Ujjan RMA, Pervez Z, Dahal K. Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks. In 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems : HPCC/SmartCity/DSS 2018. IEEE. 2018. p. 915-920 https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00152