Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks

Ahmed Abusnaina; Aminollah Khormali; Dae Hun Nyang; Murat Yuksel; Aziz Mohaisen

doi:10.1109/DSC47296.2019.8937669

Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks

Ahmed Abusnaina, Aminollah Khormali, Dae Hun Nyang, Murat Yuksel, Aziz Mohaisen

Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

14 Scopus citations

Abstract

With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.

Original language	English
Title of host publication	2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781728123196
DOIs	https://doi.org/10.1109/DSC47296.2019.8937669
State	Published - Nov 2019
Event	3rd IEEE Conference on Dependable and Secure Computing, DSC 2019 - Hangzhou, China Duration: 18 Nov 2019 → 20 Nov 2019

Publication series

Name	2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings

Conference

Conference	3rd IEEE Conference on Dependable and Secure Computing, DSC 2019
Country/Territory	China
City	Hangzhou
Period	18/11/19 → 20/11/19

Bibliographical note

Funding Information:
Acknowledgement. This work is supported in part by NRF-2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207.

Funding Information:
This work is supported in part by NRF- 2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207.

Publisher Copyright:
© 2019 IEEE.

Keywords

Adversarial Machine Learning
Deep Learning
Intrusion Detection Systems
Software Defined Networking

Access to Document

10.1109/DSC47296.2019.8937669

Cite this

Abusnaina, A., Khormali, A., Nyang, D. H., Yuksel, M., & Mohaisen, A. (2019). Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks. In 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings Article 8937669 (2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSC47296.2019.8937669

Abusnaina, Ahmed ; Khormali, Aminollah ; Nyang, Dae Hun et al. / Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks. 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. (2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings).

@inproceedings{6328959b769b43768032b98fa21a6707,

title = "Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks",

abstract = "With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.",

keywords = "Adversarial Machine Learning, Deep Learning, Intrusion Detection Systems, Software Defined Networking",

author = "Ahmed Abusnaina and Aminollah Khormali and Nyang, {Dae Hun} and Murat Yuksel and Aziz Mohaisen",

note = "Funding Information: Acknowledgement. This work is supported in part by NRF-2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207. Funding Information: This work is supported in part by NRF- 2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207. Publisher Copyright: {\textcopyright} 2019 IEEE.; 3rd IEEE Conference on Dependable and Secure Computing, DSC 2019 ; Conference date: 18-11-2019 Through 20-11-2019",

year = "2019",

month = nov,

doi = "10.1109/DSC47296.2019.8937669",

language = "English",

series = "2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings",

}

Abusnaina, A, Khormali, A, Nyang, DH, Yuksel, M & Mohaisen, A 2019, Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks. in 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings., 8937669, 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 3rd IEEE Conference on Dependable and Secure Computing, DSC 2019, Hangzhou, China, 18/11/19. https://doi.org/10.1109/DSC47296.2019.8937669

Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks. / Abusnaina, Ahmed; Khormali, Aminollah; Nyang, Dae Hun et al.
2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. 8937669 (2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks

AU - Abusnaina, Ahmed

AU - Khormali, Aminollah

AU - Nyang, Dae Hun

AU - Yuksel, Murat

AU - Mohaisen, Aziz

N1 - Funding Information: Acknowledgement. This work is supported in part by NRF-2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207. Funding Information: This work is supported in part by NRF- 2016K1A1A2912757 and NVIDIA GPU Grant, and NSF awards 1647189, 1814086, and 1643207. Publisher Copyright: © 2019 IEEE.

PY - 2019/11

Y1 - 2019/11

N2 - With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.

AB - With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. Recently, an amalgamation of work has realized such defenses using Deep Learning (DL) based algorithms. Although DL-based algorithms are generally prone to adversarial learning attacks, the extent to which those attacks are applicable to DDoS defenses in SDN is unexamined. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN, and demonstrate that while they lead to misclassification, these attacks do not preserve the characteristics of flows. As a result, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate, with both targeted and untargeted misclassification attacks. The proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious, while preserving original characteristics of flows. Using state-of-the-art defenses, we show that the adversarial flows generated using Flow-Merge are difficult to detect, with only 49.31% detection rate when using adversarial training.

KW - Adversarial Machine Learning

KW - Deep Learning

KW - Intrusion Detection Systems

KW - Software Defined Networking

UR - http://www.scopus.com/inward/record.url?scp=85077964005&partnerID=8YFLogxK

U2 - 10.1109/DSC47296.2019.8937669

DO - 10.1109/DSC47296.2019.8937669

M3 - Conference contribution

AN - SCOPUS:85077964005

T3 - 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings

BT - 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 3rd IEEE Conference on Dependable and Secure Computing, DSC 2019

Y2 - 18 November 2019 through 20 November 2019

ER -

Abusnaina A, Khormali A, Nyang DH, Yuksel M, Mohaisen A. Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks. In 2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. 8937669. (2019 IEEE Conference on Dependable and Secure Computing, DSC 2019 - Proceedings). doi: 10.1109/DSC47296.2019.8937669

Examining the Robustness of Learning-Based DDoS Detection in Software Defined Networks

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this