Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks

Raja Majid Ali Ujjan, Zeeshan Pervez, Keshav Dahal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Downloads (Pure)

Abstract

Software Defined Networks (SDN) with OpenFlow (OF) based protocol tend to transform traditional network architecture to vendor independent architecture with data-plane and control-plane programmability. This programmability provides a rich functionality in central traffic management, switch configuration, Intrusion Detection System (IDS) integration and global view of entire deployed infrastructure. The SDN network comprises single point failure vulnerability mainly at central controller unit, the deployment of standalone legacy IDS sensors cannot guarantee for safeguard against intruders. Therefore, in the first stage of proposed work, a signature-based Snort IDS is implemented for malicious activity detection and traffic monitoring with traffic mirroring in Open vSwitch (OVS), then store in csv log file of Barnyard 2. In second stage, for the purpose of effective attack detection in the test-bed, a flowbased anomaly detection is deployed with Deep Neural Networks (DNN) to improve the signature-based IDS limitation with higher detection rate with low false-positive triggers. To assess the efficacy of our proposed collaborative detection technique, a testbed is developed to simulate malicious and benign traffic. From the simulation results, our collaborative detection mechanism achieved more than 90% true positive rate with less than 5% of false alarms for all TCP, UDP and ICMP attacks in general, demonstrating effective malicious traffic detection method as compared to conventional signature based methodologies.
Original languageEnglish
Title of host publication20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems
Subtitle of host publicationHPCC/SmartCity/DSS 2018
PublisherIEEE
Pages915-920
Number of pages6
ISBN (Electronic)9781538666142
ISBN (Print)9781538666159
DOIs
Publication statusPublished - 2018
EventInternational Symposium on Advances in High Performance Computing and Networking: In conjunction with The 20th IEEE International Conference on High Performance Computing and Communications - Exeter, United Kingdom
Duration: 28 Jun 201830 Jun 2018
http://cse.stfx.ca/~hpcc2018/AHPCN.htm

Conference

ConferenceInternational Symposium on Advances in High Performance Computing and Networking
Abbreviated titleAHPCN-2018
CountryUnited Kingdom
CityExeter
Period28/06/1830/06/18
Internet address

    Fingerprint

Keywords

  • Software defined networks
  • OpenFlow
  • Open vSwitch
  • Barnyard 2
  • Snort
  • Deep neural networks

Cite this

Ujjan, R. M. A., Pervez, Z., & Dahal, K. (2018). Suspicious traffic detection in SDN with collaborative techniques of snort and deep neural networks. In 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems : HPCC/SmartCity/DSS 2018 (pp. 915-920). IEEE. https://doi.org/10.1109/HPCC/SmartCity/DSS.2018.00152