An AI-Assisted Cyber Attack Detection Framework for Software Defined Mobile Networks

Similar documents
Knowledge-Defined Networking: Towards Self-Driving Networks

Dynamic Analytics Extended to all layers Utilizing P4

Exploiting State Information to Support QoS in Software-Defined WSNs

6. NEURAL NETWORK BASED PATH PLANNING ALGORITHM 6.1 INTRODUCTION

ENDPOINT SECURITY AND THE CLOUD: HOW TO APPLY PREDICTIVE ANALYTICS AND BIG DATA

Context-aware Automotive Intrusion Detection

Ensemble methods in machine learning. Example. Neural networks. Neural networks

Opening the Black Box Data Driven Visualizaion of Neural N

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

OpenFlow DDoS Mitigation

International Journal of Scientific Research & Engineering Trends Volume 4, Issue 6, Nov-Dec-2018, ISSN (Online): X

Whitebox and Autonomous Networks

A *69>H>N6 #DJGC6A DG C<>C::G>C<,8>:C8:H /DA 'D 2:6G, ()-"&"3 -"(' ( +-" " " % '.+ % ' -0(+$,

Artificial Neural Network based Curve Prediction

Lecture #11: The Perceptron

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Participatory Networking: An API for Application Control of SDNS SIGCOMM 13

Instantaneously trained neural networks with complex inputs

Motivation. Problem: With our linear methods, we can train the weights but not the basis functions: Activator Trainable weight. Fixed basis function

Performance and Security Evaluation of SDN Networks in OMNeT++/INET. Marco Tiloca, Alexandra Stagkopoulou, Gianluca Dini

Neural Network Approach for Automatic Landuse Classification of Satellite Images: One-Against-Rest and Multi-Class Classifiers

A Data Classification Algorithm of Internet of Things Based on Neural Network

IQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.

CMPT 882 Week 3 Summary

Hardware Neuronale Netzwerke - Lernen durch künstliche Evolution (?)

Machine Learning in WAN Research

Intelligent Programmatic Peering Summary Report

Network Policy Enforcement

Smart Attacks require Smart Defence Moving Target Defence

Lecture 12. Application Layer. Application Layer 1

Network Anomaly Detection Using Autonomous System Flow Aggregates

K a t h y Meier- H e l l s t e r n, P h D

Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow

Intrusion Detection System using AI and Machine Learning Algorithm

Machine Learning for User Behavior Anomaly Detection EUGENE NEYOLOV, HEAD OF R&D

SCALABLE. Network modeling software for: Development Analysis Testing Cyber Assessment DATASHEET NETWORK TECHNOLOGIES. Virtual Network Model

Brainchip OCTOBER

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

Event: PASS SQL Saturday - DC 2018 Presenter: Jon Tupitza, CTO Architect

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

Reification of Boolean Logic

Network Layer: The Control Plane

CLASSIFICATION WITH RADIAL BASIS AND PROBABILISTIC NEURAL NETWORKS

Overview of Honeypot Security System for E-Banking

The Oracle Trust Fabric Securing the Cloud Journey

Instructor: Jessica Wu Harvey Mudd College

NETWORKING. 8. ITDNW08 Congestion Control for Web Real-Time Communication

Synthesizing Adaptive Protocols by Selective Enumeration (SYNAPSE)

Machine Learning in WAN Research

A NEURAL NETWORK BASED TRAFFIC-FLOW PREDICTION MODEL. Bosnia Herzegovina. Denizli 20070, Turkey. Buyukcekmece, Istanbul, Turkey

CS6220: DATA MINING TECHNIQUES

SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks

On User-centric QoE Prediction for VoIP & Video Streaming based on Machine-Learning

Accelerating SDN and NFV Deployments. Malathi Malla Spirent Communications

ODL based AI/ML for Networks Prem Sankar Gopannan, Ericsson YuLing Chen, Cisco

Blackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine

We are innovating in security

Knowledge-Defined Network Orchestration in a Hybrid Optical/Electrical Datacenter Network

Back propagation Algorithm:

SECURECHAIN BLOCKCHAIN-BASED SECURITY FOR SOFTWARE-DEFINED NETWORKS (SDN).

Image Compression: An Artificial Neural Network Approach

Functional Safety beyond ISO26262 for Neural Networks in Highly Automated Driving

Multilayer Feed-forward networks

Emerging Threat Intelligence using IDS/IPS. Chris Arman Kiloyan

Graph Neural Network. learning algorithm and applications. Shujia Zhang

Collision Avoidance in Mobile Wireless Ad-Hoc Networks with Enhanced MACAW Protocol Suite

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

Modelling Cyber Security Risk Across the Organization Hierarchy

Measuring the efficiency of SDN mitigations against cyber attacks

International Journal of Advanced Research in Computer Science and Software Engineering

An Anomaly-Based Intrusion Detection System for the Smart Grid Based on CART Decision Tree

Automatic Classification of Attacks on IP Telephony

The SIEM That Gives SIEM a Good Name. Avi Chesla Founder & CTO

Nearly-optimal associative memories based on distributed constant weight codes

ALGORITHM AND SOFTWARE BASED ON MLPNN FOR ESTIMATING CHANNEL USE IN THE SPECTRAL DECISION STAGE IN COGNITIVE RADIO NETWORKS

Logical Rhythm - Class 3. August 27, 2018

Registration Workshop. Nov. 1, 2017 CS/SE Freshman Seminar

FP7 NEMESYS Project: Advances on Mobile Network Security

Computer Engineering Syllabus 2017

Research Article International Journals of Advanced Research in Computer Science and Software Engineering ISSN: X (Volume-7, Issue-6)

Hybrid Feature Selection for Modeling Intrusion Detection Systems

SECURED KEY MANAGEMENT ALGORITHM FOR DATA TRANSMISSION IN MOBILE ADHOC NETWORKS

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Threat Detection and Mitigation for IoT Systems using Self Learning Networks (SLN)

PSU Student Research Symposium 2017 Bayesian Optimization for Refining Object Proposals, with an Application to Pedestrian Detection Anthony D.

Information Fusion Dr. B. K. Panigrahi

1. Introduction. 2. Motivation and Problem Definition. Volume 8 Issue 2, February Susmita Mohapatra

Liquefaction Analysis in 3D based on Neural Network Algorithm

Innovation policy for Industry 4.0

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

EE 589 INTRODUCTION TO ARTIFICIAL NETWORK REPORT OF THE TERM PROJECT REAL TIME ODOR RECOGNATION SYSTEM FATMA ÖZYURT SANCAR

The Method of Seed Based Grouping Malicious Traffic by Deep-Learning

Neural Network and Deep Learning. Donglin Zeng, Department of Biostatistics, University of North Carolina

Cyber Attack Information System CAIS. DI Thomas Bleier, MSc, CISSP, CEH

Traffic Signs Recognition using HP and HOG Descriptors Combined to MLP and SVM Classifiers

Intrusion Detection Systems (IDS)

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

11/14/2010 Intelligent Systems and Soft Computing 1

MOBILE THREAT LANDSCAPE. February 2018

TITLE FIELD OF THE INVENTION BACKGROUND OF THE INVENTION

Transcription:

An AI-Assisted Cyber Attack Detection Framework for Software Defined Mobile Networks G. Catania 1, L. Ganga 1, S. Milardo 2, G. Morabito 3, A. Mursia 1 1 Land & Naval Defence Electronics Division - Leonardo Spa 2 Senseable Lab MIT 3 DIEEI University of Catania

Summary Introduction Background Proposed approach Numerical example Conclusions

Introduction

Introduction Software Defined Networking (SDN) clearly separates control and data planes (Controller and Forwarding Elements/Switches) SDN solutions for ad hoc networks: Software Defined Mobile Networks (SDNM)s SDMNs can be utilized in several tactical scenarios. Recently focus on security for SDMNs: SDN paradigm shift radical change in the way security must be dealt with need for new tools that should assist cyber and IT operators Idea: Run Artificial Intelligence (AI) engines at the Controller to detect security attacks and suggest countermeasure to cyber and IT operators

The proposed platform can be used To demonstrate how AI can be used to support IT operators in handling the security of tactical networks using SDN To train military professionals in interacting with AI to improve the security of tactical networks based on SDN In all cases we exploit simulation because: It is a very valuable methodology for validating innovative concepts with small investments It is largely used for training in the military domain most organizations have simulation infrastructures and facilities

Background

SDN and tactical networks OpenFlowlike protocol Tactical network

SDN and AI Artificial Neural Networks (ANN)s mimic the behaviour of the human brain. An ANN consists of multiple interconnected nodes, called neurons, that resemble a neural network. Each neuron is connected to other neurons through weighted links and neurons are grouped together into layers. The process that allows to select the weights of the links of the network is called training. ANNs have been widely used for network management: recently ANNs have been utilized for management of SDNs for Predicting QoE Determining optimal routing More recently, AI solutions running over SDNs have been proposed to improve security as well neural networks have been utilized to detect DDoS attacks in SDNs machine learning utilized to predict attack patterns in SDN networks.

CSSE: Cyber Security Simulation Environment User GUI Database Configuration manager Scenario generator Network/ cyber simulator HLA Run Time Infrastructure Proprietary software Built on Stage Presagis Built on Riverbed Modeler

Proposed platform

An enhancement of CSSE SITL = System in The Loop Trainer Trainee GUI 2 Controller AI App Network Operating System Net App GUI 1 SiTL Database Configuration manager Scenario generator Network/ cyber simulator HLA Run Time Infrastructure

The AI App Three major modules: Measurement module: based on ONOS REST APIs which are used to collect information about the network conditions Attack detection and classification module: an LSTM-ANN trained on historical data to detect anomalies. It also implements a classification engine which identifies the type of attack Attack countermeasure module: it exploits the output of the Attack detection and classification module to determine the most appropriate countermeasure to propose to the Trainee. The Trainee is the only responsible for deciding whether to apply such countermeasure. The Attack countermeasure module also implements the interface (GUI 2) for the interactions between the AI App and the Trainee.

Numerical example

Scenario N = 8 nodes based on 802.11g, working at 24 Mbps moving in an area of 1 km 2 Transmission power of each node is p TX = 0.001 W, and the packet reception power threshold is -95dBm. There is a malicious node which performs a black hole attack, fake topology information to the Controller to attract packets and then drop them Our AI module running in the Controller detects the attack, tries to identify the malicious node(s) and informs the network manager It also provides a view of the current topology with an interface which allows to exclude the suspected node

ANN design and training The Measurement module collects local status info by nodes. This is the number of packets forwarded by the node to all other nodes, up to the current period t. It also considers the overall number of packets forwarded to the upper layers of the protocol stack the status of the network is represented as the NxN matrix V[t] in our experimental N=8 nodes V[t] contains 64 values. We focus on black hole the Attack detection and classification module is a binary classifier, it is an ANN consisting of 3 hidden layers each with 64 neurons We trained the ANN with 10000 measures, each labelled as Normal operation or Cyber attack in progress, depending on the state of the malicious node To train the network, we divided the measures into two subsets The training set contains the 75% of the measures, and The test the remaining 25% The maximum number of iterations used is 200 and the convergence is reached when the score of the ANN is not increasing by 0.0001 for two consecutive iterations 1 1 2 64 1 2 64 1 2 64 v 11 v 12 v 88 Out = {Normal operation, black hole attack in progress} Input

Numerical results 86% 86% 86% 86% 85% 85% 85% 85% 85% 84% 86% 86% 86% 86% 86% 86% 86% 85% 85% Precision Recall F1-Score Normal operations Cyber attack in progress Average Reality Classified as Normal operation Cyber attacks in progress Normal operation 1095 182 Cyber attacks in progress 173 1050

Conclusions

Concluding remarks A platform that exploits artificial intelligence to assist IT operators in detecting cyber attacks and triggering the corresponding countermeasures An enhancement of the CSSE has been designed Experimental results assess the feasibility of the overall concept Future work: Develop appropriate tools and methodologies for training the AI engines Design the most appropriate interactions modes between military IT professionals and AI tools

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback