TY - GEN
T1 - Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks
AU - Abusnaina, Ahmed
AU - Khormali, Aminollah
AU - Nyang, Dae Hun
AU - Yuksel, Murat
AU - Mohaisen, Aziz
N1 - Funding Information:
Acknowledgement. This work is supported in part by NRF-2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207.
Funding Information:
This work is supported in part by NRF- 2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207.
Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.
AB - With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.
KW - Adversarial Machine Learning
KW - Deep Learning
KW - Intrusion Detection Systems
KW - Software Defined Networking
UR - http://www.scopus.com/inward/record.url?scp=85077964005&partnerID=8YFLogxK
U2 - 10.1109/DSC47296.2019.8937669
DO - 10.1109/DSC47296.2019.8937669
M3 - Conference contribution
AN - SCOPUS:85077964005
T3 - 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings
BT - 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 18 November 2019 through 20 November 2019
ER -