Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks

Ahmed Abusnaina, Aminollah Khormali, Dae Hun Nyang, Murat Yuksel, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.

Original languageEnglish
Title of host publication2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728123196
DOIs
StatePublished - Nov 2019
Event3rd IEEE Conference on Dependable and Secure Computing, DSC 2019 - Hangzhou, China
Duration: 18 Nov 201920 Nov 2019

Publication series

Name2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings

Conference

Conference3rd IEEE Conference on Dependable and Secure Computing, DSC 2019
Country/TerritoryChina
CityHangzhou
Period18/11/1920/11/19

Keywords

  • Adversarial Machine Learning
  • Deep Learning
  • Intrusion Detection Systems
  • Software Defined Networking

Fingerprint

Dive into the research topics of 'Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks'. Together they form a unique fingerprint.

Cite this