Yazılım Tanımlı Ağlarda Makine Öğrenimi ile Anomali Tespiti

Yıl 2019, , 748 - 756, 31.01.2019

Soumaine Bouba Mahamat , Celal Çeken

https://doi.org/10.29130/dubited.433825

Cited By: 2

Öz

Son yıllarda, bilgisayar ağlarını daha esnek bir hale getirmeyi amaçlayan Yazılım Tanımlı Ağ yaklaşımı ortaya
çıkmıştır. Google’ın iç ağındaki Yazılım tanımlı ağ uygulaması, Yazılım Tanımlı Ağ yaklaşımının kullanışlılığını
ve gelecek vadeden bir teknoloji olacağını kanıtlamasına rağmen güvenlik konusu göz ardı edilemeyecek hayati
bir sorundur. SDN mimarisinde, Veri Düzlemini Kontrol Düzleminden ayrıldığı için saldırganlar artık üç
düzlemden herhangi birinden ağa saldırabilirler. Makine öğrenimi algoritmaları, bilgisayar ağlarına yapılan
saldırıları ve izinsiz girişleri tespit etmede kullanılan yöntemlerdir ve Yazılım Tanımlı Ağlar için de
kullanılabilir. Bu çalışmada, Yazılım Tanımlı Ağlarda makine öğrenme algoritmaları kullanılarak anomali tespiti
için yeni bir test düzeneği geliştirilmiştir. Oluşturulan sistem OpenFlow destekli anahtar cihazından geçen akışları
inceler ve karar ağacı makine öğrenmesi algoritmasını kullanarak anormal durumları tespit etmeye çalışır. Elde
edilen sonuçlar karar ağacı algoritması kullanılarak oluşturulan sistemin DDoS saldırılarına karşı başarılı bir
şekilde çalıştığını göstermiştir.

Anahtar Kelimeler

Yazılım Tanımlı Ağ, Anomali Tespiti, Makine Öğrenimi, POX

Anomaly Detection in Software-Defined Networking Using Machine Learning

Öz

In recent years, the Software-Defined Networking (SDN) approach has emerged that aims to make computer
networks more flexible. Although the SDN application on Google's internal network demonstrates the usefulness
of the Software-Defined Network approach and the promise of future technology, security is a vital concern that
cannot be ignored. In the SDN architecture, the attacker can now attack the network from any of the three planes
because the Data Plane is separated from the Control Plane. Machine learning algorithms are methods used to
detect attacks and intrusions on computer networks and can also be used for SDN. In this study, a new testbed has
been implemented for anomaly detection using machine learning algorithms in SDN. The developed system
analyzes flows passing through the OpenFlow supported switch and tries to detect abnormal situations using the
decision tree machine learning algorithm. The results show that the system constructed using the decision tree
algorithm works successfully against Distributed Denial of Service (DDoS) attacks.

Anahtar Kelimeler

Anomaly Detection, Machine Learning, Software Defined Networking, POX Controller

Kaynakça

• [1] Jonathan Crane. (2017, October 09). “Outage Prevention: Taking Humans Out Of The IT Equation,” Forbes, [Online]. Available https://www.forbes.com/sites/ciocentral/2012/10/22/outageprevention-taking-humans-out-of-the-it-equation/#3603b7504dd1.
• [2] Kathleen Hickey. (2017, October 09). “What’s behind most data center outages? [Online]. Available: https://gcn.com/articles/2016/02/09/data-center-outages.aspx.
• [3] Press Release. (2017, October 09). “Global Survey: Complexity, Change and Human Factors Cause Network Outages - The Data Center Journal,” 2016 [Online]. Available: http://www.datacenterjournal.com/global-survey-complexity-change-human-factors-cause-networkoutages/.
• [4] J. Networks Inc. “What’s Behind Network Downtime? Proactive Steps to Reduce Human Error and Improve Availability of Networks” May, 2008.
• [5] Rachel King. (2017, October 09). “Amazon Web Services Outage Caused by Human Error: A Typo | Fortune,” 2017 [Online]. Available: http://fortune.com/2017/03/02/amazon-cloud-outage/.
• [6] E. Description, “Cisco Certified Network Associate,” 2016.
• [7] ONF. (2018, June 13) “Software-Defined Networking (SDN) Definition - Open Networking Foundation.” [Online]. Available: https://www.opennetworking.org/sdn-definition/.
• [8] ONF. (2018, June 05) “Single Point of Failure. Not. - Open Networking Foundation.” [Online]. Available: https://www.opennetworking.org/news-and-events/blog/single-point-of-failure-not/.
• [9] E. Banks. (2018, June 05) “SDN FAQ | Network World.” [Online]. Available: https://www.networkworld.com/article/2167706/lan-wan/lan-wan-sdn-faq.html.
• [10] A. Mestres et al., “Knowledge-Defined Networking,” ACM SIGCOMM Computer Communication Review, vol. 47, no. 3, 2017.
• [11] Y. L. Chen, (2018, June 05) “OpenDaylight Summit 2016: OpenDaylight Machine Learning & Artifici...” [Online]. Available: https://opendaylightsummit2016.sched.com/event/80Nz.
• [12] R. Braga, E. Mota, and A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX / OpenFlow Network-Based Mechanisms Using SDN Network-Based Mechanisms Using SDN,” pp. 408–415, 2018.
• [13] L. Dongsoo, “Improving Detection Capability of Flow-based IDS in SDN,” M.S. thesis, Department of Computer Science, KAIST University, Daejeon, South Korea, 2015.
• [14] SDxCentral, (2018, June 02) “What are SDN Southbound APIs? - Where they are used.” [Online]. Available: https://www.sdxcentral.com/sdn/definitions/southbound-interface-api/.
• [15] M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Network Anomaly Detection: Methods, Systems and Tools," in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 303-336, First Quarter 2014.
• [16] Bob Lantz, (2018, June 01) “Mininet.” [Online]. Available: http://mininet.org/download/.