Yazılım Tanımlı Ağlarda Makine Öğrenimi ile Anomali Tespiti

Abstract

Son yıllarda, bilgisayar ağlarını daha esnek bir hale getirmeyi amaçlayan Yazılım Tanımlı Ağ yaklaşımı ortaya çıkmıştır. Google’ın iç ağındaki Yazılım tanımlı ağ uygulaması, Yazılım Tanımlı Ağ yaklaşımının kullanışlılığını ve gelecek vadeden bir teknoloji olacağını kanıtlamasına rağmen güvenlik konusu göz ardı edilemeyecek hayati bir sorundur. SDN mimarisinde, Veri Düzlemini Kontrol Düzleminden ayrıldığı için saldırganlar artık üç düzlemden herhangi birinden ağa saldırabilirler. Makine öğrenimi algoritmaları, bilgisayar ağlarına yapılan saldırıları ve izinsiz girişleri tespit etmede kullanılan yöntemlerdir ve Yazılım Tanımlı Ağlar için de kullanılabilir. Bu çalışmada, Yazılım Tanımlı Ağlarda makine öğrenme algoritmaları kullanılarak anomali tespiti için yeni bir test düzeneği geliştirilmiştir. Oluşturulan sistem OpenFlow destekli anahtar cihazından geçen akışları inceler ve karar ağacı makine öğrenmesi algoritmasını kullanarak anormal durumları tespit etmeye çalışır. Elde edilen sonuçlar karar ağacı algoritması kullanılarak oluşturulan sistemin DDoS saldırılarına karşı başarılı bir şekilde çalıştığını göstermiştir.

Keywords

• Yazılım Tanımlı Ağ,Anomali Tespiti,Makine Öğrenimi,POX

Anomaly Detection in Software-Defined Networking Using Machine Learning

Abstract

In recent years, the Software-Defined Networking (SDN) approach has emerged that aims to make computer networks more flexible. Although the SDN application on Google's internal network demonstrates the usefulness of the Software-Defined Network approach and the promise of future technology, security is a vital concern that cannot be ignored. In the SDN architecture, the attacker can now attack the network from any of the three planes because the Data Plane is separated from the Control Plane. Machine learning algorithms are methods used to detect attacks and intrusions on computer networks and can also be used for SDN. In this study, a new testbed has been implemented for anomaly detection using machine learning algorithms in SDN. The developed system analyzes flows passing through the OpenFlow supported switch and tries to detect abnormal situations using the decision tree machine learning algorithm. The results show that the system constructed using the decision tree algorithm works successfully against Distributed Denial of Service (DDoS) attacks.

Keywords

• Anomaly Detection,Machine Learning,Software Defined Networking,POX Controller

References

1. [1] Jonathan Crane. (2017, October 09). “Outage Prevention: Taking Humans Out Of The IT Equation,” Forbes, [Online]. Available https://www.forbes.com/sites/ciocentral/2012/10/22/outageprevention-taking-humans-out-of-the-it-equation/#3603b7504dd1.
2. [2] Kathleen Hickey. (2017, October 09). “What’s behind most data center outages? [Online]. Available: https://gcn.com/articles/2016/02/09/data-center-outages.aspx.
3. [3] Press Release. (2017, October 09). “Global Survey: Complexity, Change and Human Factors Cause Network Outages - The Data Center Journal,” 2016 [Online]. Available: http://www.datacenterjournal.com/global-survey-complexity-change-human-factors-cause-networkoutages/.
4. [4] J. Networks Inc. “What’s Behind Network Downtime? Proactive Steps to Reduce Human Error and Improve Availability of Networks” May, 2008.
5. [5] Rachel King. (2017, October 09). “Amazon Web Services Outage Caused by Human Error: A Typo | Fortune,” 2017 [Online]. Available: http://fortune.com/2017/03/02/amazon-cloud-outage/.
6. [6] E. Description, “Cisco Certified Network Associate,” 2016.
7. [7] ONF. (2018, June 13) “Software-Defined Networking (SDN) Definition - Open Networking Foundation.” [Online]. Available: https://www.opennetworking.org/sdn-definition/.
8. [8] ONF. (2018, June 05) “Single Point of Failure. Not. - Open Networking Foundation.” [Online]. Available: https://www.opennetworking.org/news-and-events/blog/single-point-of-failure-not/.

9. [9] E. Banks. (2018, June 05) “SDN FAQ | Network World.” [Online]. Available: https://www.networkworld.com/article/2167706/lan-wan/lan-wan-sdn-faq.html.
10. [10] A. Mestres et al., “Knowledge-Defined Networking,” ACM SIGCOMM Computer Communication Review, vol. 47, no. 3, 2017.
11. [11] Y. L. Chen, (2018, June 05) “OpenDaylight Summit 2016: OpenDaylight Machine Learning & Artifici...” [Online]. Available: https://opendaylightsummit2016.sched.com/event/80Nz.
12. [12] R. Braga, E. Mota, and A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX / OpenFlow Network-Based Mechanisms Using SDN Network-Based Mechanisms Using SDN,” pp. 408–415, 2018.
13. [13] L. Dongsoo, “Improving Detection Capability of Flow-based IDS in SDN,” M.S. thesis, Department of Computer Science, KAIST University, Daejeon, South Korea, 2015.
14. [14] SDxCentral, (2018, June 02) “What are SDN Southbound APIs? - Where they are used.” [Online]. Available: https://www.sdxcentral.com/sdn/definitions/southbound-interface-api/.
15. [15] M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Network Anomaly Detection: Methods, Systems and Tools," in IEEE Communications Surveys & Tutorials, vol. 16, no. 1, pp. 303-336, First Quarter 2014.
16. [16] Bob Lantz, (2018, June 01) “Mininet.” [Online]. Available: http://mininet.org/download/.