A GRU deep learning system against attacks in software defined networks
[EN] The management of modern network environments is becoming more and more complex due to new requirements of devices' heterogeneity regarding the popularization of the Internet of Things (IoT), as well as the dynamic traffic required by next-generation applications and services. To addre...
| Autores: | , , , |
|---|---|
| Tipo de recurso: | artículo |
| Fecha de publicación: | 2021 |
| País: | España |
| Institución: | Universitat Politècnica de València (UPV) |
| Repositorio: | RiuNet. Repositorio Institucional de la Universitat Politécnica de Valéncia |
| Idioma: | inglés |
| OAI Identifier: | oai:riunet.upv.es:10251/189732 |
| Acceso en línea: | https://riunet.upv.es/handle/10251/189732 |
| Access Level: | acceso abierto |
| Palabra clave: | Gated recurrent units SDN Deep learning DDoS Intrusion detection INGENIERIA TELEMATICA |
| Sumario: | [EN] The management of modern network environments is becoming more and more complex due to new requirements of devices' heterogeneity regarding the popularization of the Internet of Things (IoT), as well as the dynamic traffic required by next-generation applications and services. To address this problem, Software-defined Networking (SDN) emerges as a management paradigm able to handle these problems through a centralized high-level network approach. However, this centralized characteristic also creates a critical failure spot since the central controller may be targeted by malicious users aiming to impair the network operation. This paper proposes an SDN defense system based on the analysis of single IP flow records, which uses the Gated Recurrent Units (GRU) deep learning method to detect DDoS and intrusion attacks. This direct flow inspection enables faster mitigation responses, minimizing the attack's impact over the SDN. The proposed model is tested against several different machine learning approaches over two public datasets, the CICDDoS 2019 and the CICIDS 2018. Furthermore, a lightweight mitigation approach is presented and evaluated through performance tests regarding each detection method. Finally, a feasibility test is performed regarding the throughput of flows per second that each detection method can analyze. This test is accomplished through the use of real IP Flow data collected at a large-scale network. The results point out promising detection rates and an elevated amount of analyzed flows per second, which makes GRU a feasible approach for the proposed system. |
|---|