MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context

TitreMitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context
Publication TypeJournal Article
Year of Publication2020
AuthorsSebbar, A, Zkik, K, Baddi, Y, Boulmalf, M, Kettani, MDE-CE
JournalJournal of Ambient Intelligence and Humanized Computing
Volume11
Pagination5875-5894
Mots-clésAuthentication mechanisms, Centralized architecture, Decision trees, Defense operations, Intrusion detection, Intrusion detection and prevention, Machine learning, Machine learning techniques, Man-In-The-Middle (MITM) Attack, Network abstractions, Network architecture, Network security, Random forest modeling, Security systems
Abstract

Software defined network (SDN) is a promising new network abstraction that aims to improve and facilitate network management. Due to its centralized architecture and the lack of intelligence on the data plane, SDN suffers from many security issues that slows down its deployment. Man in the Middle (MitM) attack is considered as one of the most devastating attacks in an SDN context. In fact, MitM attack allows the attackers to capture, duplicate and spoof flows by targeting southbound interfaces and SDN nodes. Furthermore, it’s very difficult to detect MitM attacks since it is performed passively at the SDN level. To reduce the impact of this attack, we generally set up security policies and authentication mechanisms. However, these techniques are not applicable for a large scale SDN architecture as they require complexes and static configurations and as they negatively influence on network performance. In this paper, we propose an intrusion detection and prevention framework by using machine learning techniques to detect and stop MitM attempts. To do so, we build a context-based node acceptance based on the random forest model (CBNA-RF), which helps to setting-up appropriate security policies and to automating defense operations on a large-scale SDN context. This mechanism can realize a quick and early detection of MitM attacks by automatically detecting malicious nodes without affecting performances. The evaluation of the proposed framework demonstrates that our model can correctly classify and detect malicious connections and nodes while keeping high accuracy and precision scores. © 2020, Springer-Verlag GmbH Germany, part of Springer Nature.

URLhttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85085987877&doi=10.1007%2fs12652-020-02099-4&partnerID=40&md5=cf120767ba875958e97b87ce22203057
DOI10.1007/s12652-020-02099-4
Revues: 

Partenaires

Localisation

Suivez-nous sur

         

    

Contactez-nous

ENSIAS

Avenue Mohammed Ben Abdallah Regragui, Madinat Al Irfane, BP 713, Agdal Rabat, Maroc

  Télécopie : (+212) 5 37 68 60 78

  Secrétariat de direction : 06 61 48 10 97

        Secrétariat général : 06 61 34 09 27

        Service des affaires financières : 06 61 44 76 79

        Service des affaires estudiantines : 06 62 77 10 17 / n.mhirich@um5s.net.ma

        CEDOC ST2I : 06 66 39 75 16

        Résidences : 06 61 82 89 77

Contacts

    

Education - This is a contributing Drupal Theme
Design by WeebPal.