A GRU deep learning system against attacks in software defined networks

[EN] The management of modern network environments is becoming more and more complex due to new requirements of devices' heterogeneity regarding the popularization of the Internet of Things (IoT), as well as the dynamic traffic required by next-generation applications and services. To addre...

Descripción completa

Detalles Bibliográficos
Autores: Assis, Marcos V.O., Carvalho, Luiz F., Proença Jr, Mario L., Lloret, Jaime|||0000-0002-0862-0533
Tipo de recurso: artículo
Fecha de publicación:2021
País:España
Institución:Universitat Politècnica de València (UPV)
Repositorio:RiuNet. Repositorio Institucional de la Universitat Politécnica de Valéncia
Idioma:inglés
OAI Identifier:oai:riunet.upv.es:10251/189732
Acceso en línea:https://riunet.upv.es/handle/10251/189732
Access Level:acceso abierto
Palabra clave:Gated recurrent units
SDN
Deep learning
DDoS
Intrusion detection
INGENIERIA TELEMATICA
Descripción
Sumario:[EN] The management of modern network environments is becoming more and more complex due to new requirements of devices' heterogeneity regarding the popularization of the Internet of Things (IoT), as well as the dynamic traffic required by next-generation applications and services. To address this problem, Software-defined Networking (SDN) emerges as a management paradigm able to handle these problems through a centralized high-level network approach. However, this centralized characteristic also creates a critical failure spot since the central controller may be targeted by malicious users aiming to impair the network operation. This paper proposes an SDN defense system based on the analysis of single IP flow records, which uses the Gated Recurrent Units (GRU) deep learning method to detect DDoS and intrusion attacks. This direct flow inspection enables faster mitigation responses, minimizing the attack's impact over the SDN. The proposed model is tested against several different machine learning approaches over two public datasets, the CICDDoS 2019 and the CICIDS 2018. Furthermore, a lightweight mitigation approach is presented and evaluated through performance tests regarding each detection method. Finally, a feasibility test is performed regarding the throughput of flows per second that each detection method can analyze. This test is accomplished through the use of real IP Flow data collected at a large-scale network. The results point out promising detection rates and an elevated amount of analyzed flows per second, which makes GRU a feasible approach for the proposed system.