Examining the security of DDoS detection systems in software defined networks

Ahmed Abusnaina, Murat Yuksel, Dae Hun Nyang, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

With the rapid development of Software-Defined Networking (SDN) advocating a centralized view of networks, efficient and reliable Distributed Denial of Service (DDoS) defenses are necessary to protect the centralized SDN controller. In this work, we explore the robustness of DL-based DDoS defenses in SDN against adversarial learning attacks. First, we investigate generic off-the-shelf adversarial attacks to test the robustness of DDoS defenses in SDN. Then, we propose Flow-Merge for realistic adversarial flows while achieving a high evasion rate. The evaluation shows that the proposed Flow-Merge is able to force the DL-based DDoS defenses to misclassify 100% of benign flows as malicious.

Original languageEnglish
Title of host publicationCoNEXT 2019 Companion - Proceedings of the 15th International Conference on Emerging Networking EXperiments and Technologies, Part of CoNEXT 2019
PublisherAssociation for Computing Machinery, Inc
Pages49-50
Number of pages2
ISBN (Electronic)9781450370066
DOIs
StatePublished - 9 Dec 2019
Event15th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2019 - Part of CoNEXT 2019 - Orlando, United States
Duration: 9 Dec 201912 Dec 2019

Publication series

NameCoNEXT 2019 Companion - Proceedings of the 15th International Conference on Emerging Networking EXperiments and Technologies, Part of CoNEXT 2019

Conference

Conference15th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT 2019 - Part of CoNEXT 2019
Country/TerritoryUnited States
CityOrlando
Period9/12/1912/12/19

Keywords

  • Adversarial Attacks
  • Deep Learning
  • Distributed Denial of Service
  • Intrusion Detection

Fingerprint

Dive into the research topics of 'Examining the security of DDoS detection systems in software defined networks'. Together they form a unique fingerprint.

Cite this