Open Access Open Access  Restricted Access Subscription or Fee Access

On Detecting Wi-Fi Unauthorized Access Utilizing Software Define Network (SDN) and Machine Learning Algorithms


(*) Corresponding author


Authors' affiliations


DOI: https://doi.org/10.15866/irecos.v12i1.11020

Abstract


Software Defined Network (SDN) emerged as a new paradigm to tackle issues in computer networks field. In this paradigm, data plane and control plan are separated. A controller is introduced in the network. This controller acts on behalf of network middle boxes. In this work, the implication of anomaly breaches in wireless networks is investigated. The ossified authentication techniques of wireless access points are not sufficient to secure their networks. To this end, hybrid network intrusion detection algorithm (HNID) is proposed based on user behaviors in the network. This algorithm adopts two different machine learning algorithms. The first algorithm utilizes Artificial Neural Network (ANN) model with genetic algorithm (GANN-AD) to detect anomaly behaviors in the network. The second algorithm tailored the unsupervised soft-clustering based on estimation maximization (EM) model(SCAD).HNID adopts these models to train the first model from the output of the second model if anomaly is detected in the second model only. The algorithm works in real time and the models can be trained on the fly. To test the proposed model, HNID has been implemented in Ryu controller. A testbed has been implemented using openflow enabled HP-2920 switch. Our results show that GANN-AD model detected anomaly with 88% and negative detection of 5%. Moreover, SCAD detected anomaly with 80% and produces a probability of 45% anomaly for 35% of traffic. When combining these algorithms in HNID, the accuracy reached 92%.
Copyright © 2017 Praise Worthy Prize - All rights reserved.

Keywords


Software Defined Network (SDN); Genetic Artificial Neural Network-Anomaly Detection (GANN-AD); Anomaly Detection; Soft Clustering; Hybrid Network Intrusion Detection Algorithm (HNID); Ryu Controller

Full Text:

PDF


References


W. Conklin, D. Williams, G. White, R. Davis, and C. Cothern, “Principles of Computer Security,” McGraw Hill Technology Education, 2004
http://dx.doi.org/10.1177/002072098502200412

Ramachandran, Vivek. Backtrack 5 Wireless Penetration Testing: Beginner's Guide. Packt Publishing Ltd, 2011.
http://dx.doi.org/10.1016/b978-1-59749-627-8.10009-1

Gude, N., Koponen, T., Pettit, J., Pfa_, B., Casado, M., McKeown, N., Shenker, S.: Nox: towards an operating system for networks. SIGCOMM Comput. Commun.Rev. 38, 105{110 (July 2008)
http://dx.doi.org/10.1145/1384609.1384625

McKeown, Nick, Tom Anderson, HariBalakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. "OpenFlow: enabling innovation in campus networks." ACM SIGCOMM Computer Communication Review 38, no. 2 (2008): 69-74.
http://dx.doi.org/10.1145/1355734.1355746

Ryu SDN controller, http://osrg.github.io/ryu/, visited in 1/2015 online
http://dx.doi.org/10.2529/piers091107220431

Dorothy E. Denning. An intrusion-detection model. IEEE Trans. Softw. Eng., 13(2):222–232, 1987
http://dx.doi.org/10.1109/tse.1987.232894

Patcha, Animesh, and Jung-Min Park. "An overview of anomaly detection techniques: Existing solutions and latest technological trends." Computer networks 51.12 (2007): 3448-3470.
http://dx.doi.org/10.1016/j.comnet.2007.02.001

Gu, Yu, Andrew McCallum, and Don Towsley. "Detecting anomalies in network traffic using maximum entropy estimation." In Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement, pp. 32-32. USENIX Association, 2005.
http://dx.doi.org/10.1145/1330107.1330148

Paul Barford, Jeffery Kline, David Plonka, and Amos Ron. A signal analysis of network traffic anomalies. In IMW ’02: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pages 71–82, New York, NY, USA, 2002. ACM Press.
http://dx.doi.org/10.1145/637209.637210

AnukoolLakhina, Mark Crovella, and Christophe Diot. Diagnosing network-wide traffic anomalies. In SIGCOMM ’04: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, pages 219–230, New York, NY, USA, 2004. ACM Press.
http://dx.doi.org/10.1145/1015467.1015492

Farid, D. M., Harbi, N., & Rahman, M. Z. (2010). Combining naive bayes and decision tree for adaptive intrusion detection.arXiv preprint arXiv:1005.4496.
http://dx.doi.org/10.5121/ijnsa.2010.2202

Kumari, R., Singh, M. K., Jha, R., & Singh, N. K. (2016, March). Anomaly detection in network traffic using K-mean clustering. In Recent Advances in Information Technology (RAIT), 2016 3rd International Conference on (pp. 387-393). IEEE.
http://dx.doi.org/10.1109/rait.2016.7507933

Chitrakar, R., &Chuanhe, H. (2012, November). Anomaly detection using Support Vector Machine classification with k-Medoids clustering. In 2012 Third Asian Himalayas International Conference on Internet (pp. 1-5). IEEE.
http://dx.doi.org/10.1109/ahici.2012.6408446

Yasami, Y., &Mozaffari, S. P. (2010). A novel unsupervised classification approach for network anomaly detection by k-Means clustering and ID3 decision tree learning methods. The Journal of Supercomputing, 53(1), 231-245.
http://dx.doi.org/10.1007/s11227-009-0338-x

Masoud M., Jaradat Y., Jannoud I. “On Preventing ARP Poisoning Attack Utilizing Software Defined Network (SDN) Paradigm” IEEE AEECT 2015, Amman-Jordan.
http://dx.doi.org/10.1109/aeect.2015.7360549

Masoud M., Jaradat Y. “On Tackling Social Engineering Web Phishing Attacks Utilizing Software Defined Networks (SDN) Approach”, IEEE OSSCOM 2016, Lebanon
http://dx.doi.org/10.1109/osscom.2016.7863679

Barki, L., Shidling, A., Meti, N., Narayan, D. G., &Mulla, M. M. (2016, November). Detection of distributed denial of service attacks in software defined networks. In Advances in Computing, Communications and Informatics (ICACCI), 2016 International Conference on (pp. 2576-2581). IEEE.
http://dx.doi.org/10.1109/icacci.2016.7732445

Wang, R., Jia, Z., &Ju, L. (2015, August). An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 310-317). IEEE.
http://dx.doi.org/10.1109/trustcom.2015.389

Kokila, R. T., Selvi, S. T., &Govindarajan, K. (2014, December). DDoS detection and analysis in SDN-based environment using support vector machine classifier. In 2014 Sixth International Conference on Advanced Computing (ICoAC) (pp. 205-210). IEEE.
http://dx.doi.org/10.1109/icoac.2014.7229711

Piedrahita, A. F. M., Rueda, S., Mattos, D. M., & Duarte, O. C. M. (2015, October). FlowFence: a denial of service defense system for software defined networking. In Global Information Infrastructure and Networking Symposium (GIIS), 2015 (pp. 1-6). IEEE.
http://dx.doi.org/10.1109/giis.2015.7347185

Chin, T., Mountrouidou, X., Li, X., &Xiong, K. (2015, October). An SDN-supported collaborative approach for DDoS flooding detection and containment. In Military Communications Conference, MILCOM 2015-2015 IEEE (pp. 659-664). IEEE.
http://dx.doi.org/10.1109/milcom.2015.7357519

Sahri, N. M., & Okamura, K. (2016, June). Collaborative Spoofing Detection and Mitigation--SDN Based Looping Authentication for DNS Services. In Computer Software and Applications Conference (COMPSAC), 2016 IEEE 40th Annual (Vol. 2, pp. 565-570). IEEE.
http://dx.doi.org/10.1109/compsac.2016.6

Seyedebrahimi, M., Bouhafs, F., Raschellà, A., Mackay, M., & Shi, Q. (2016, June). SDN-based channel assignment algorithm for interference management in dense Wi-Fi networks. In Networks and Communications (EuCNC), 2016 European Conference on (pp. 128-132). IEEE.
http://dx.doi.org/10.1109/eucnc.2016.7561018

Buragohain, C., &Medhi, N. (2016, February). FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers. In Signal Processing and Integrated Networks (SPIN), 2016 3rd International Conference on (pp. 519-524). IEEE
http://dx.doi.org/10.1109/spin.2016.7566750

Mehdi, Syed Akbar, Junaid Khalid, and Syed Ali Khayam. "Revisiting traffic anomaly detection using software defined networking." Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, 2011.
http://dx.doi.org/10.1007/978-3-642-23644-0_9

Kayacik, H. Günes, A. NurZincir-Heywood, and Malcolm I. Heywood. "Selecting features for intrusion detection: A feature relevance analysis on KDD 99 intrusion detection datasets." In Proceedings of the third annual conference on privacy, security and trust. 2005.
http://dx.doi.org/10.4018/978-1-59140-561-0.ch071

Somwang, Preecha, and WoraphonLilakiatsakun. "Anomaly Traffic Detection Based on PCA and SFAM." International Arab Journal of Information Technology (IAJIT) 12.3 (2015).
http://dx.doi.org/10.2316/p.2012.769-035

K. Kira and L. A. Rendell, “A practical approach to featureselection,” in Proceedings of the Ninth International Workshop onMachine Learning, ser. ML92. San Francisco, CA, USA: MorganKaufmann Publishers Inc., 1992, pp. 249–256.
http://dx.doi.org/10.1016/b978-1-55860-247-2.50037-1

W. Peng, J. Chen, and H. Zhou, “An implementation of id3—decision treelearning algorithm,” From web. arch. usyd. edu. au/wpeng/DecisionTree2.pdf Retrieved date: May, vol. 13, 2009.
http://dx.doi.org/10.1109/iccse.2009.5228509

KaliappanJeyakumar, ThiagarajanRevathi, and SundararajanKarpagam. “Intrusion Detection using Artificial Neural Networks with Best Set of Features” International Arab Journal of Information Technology (IAJIT) , (2013).
http://dx.doi.org/10.4018/9781591409021.ch015

Jaradat, Y., Masoud, M., Jannoud, I., Azzawi, H., Basic Review of Low Rate Denial of Service Attack on Wired and Wireless Networks, (2016) International Journal on Communications Antenna and Propagation (IRECAP), 6 (6), pp. 390-399.
http://dx.doi.org/10.15866/irecap.v6i6.10932


Refbacks

  • There are currently no refbacks.



Please send any question about this web site to info@praiseworthyprize.com
Copyright © 2005-2024 Praise Worthy Prize