Dragos Comaneci
Application Protocol Engineer at BreakingPoint Systems Ixia
BIOGRAPHY
Software Engineer with a strong background in computer networks, object oriented programming, operating systems, security, parallel and distributed algorithms and embedded development.
My main focus area is on Distributed Computer Systems and the intricacies they entail. I like understanding, designing, building, optimising and securing such systems as well as working on all of the abstraction layers involved.
Presentation: Securing Networks using SDN and Machine Learning
Software Defined Networking (SDN) holds the key for building networks that can adapt effectively and efficiently to ever changing conditions: traffic flows, network policies, security constraints, etc. Although it has this power, defining security policies that take into account all of the different scenarios and new applications that are running on the network can be an overwhelming task even if you use high level abstraction languages based on reactive programming.
In this paper we try to alleviate this complexity by using machine learning traffic flow classification techniques and defining high level SDN policies based on the derived flow classes. We employ both supervised learning techniques in which you have some pre-trained models for different types of traffic as well as unsupervised learning where we try to cluster together different traffic flows. If the clusters are pure enough, we can attempt to use them to automatically train a new supervised flow model. Finally, after classifying the flows, we run a flow grouping algorithm that will determine which flows are generally seen together in the same time frame. For supervised learning we’re using C4.5 decision tree classifiers having as features for a flow: inter-packet arrival time, packet size, packet count, flow tuple and other statistical information derived from these: means, sums, minimums, maximums, standard deviations. For the unsupervised case we use the k-means algorithm on the same group of features.
After obtaining the traffic flow information derived via machine learning we explore how to integrate it in a high level SDN language such as Nettle and provide an overview of the hardware and software architecture needed to support such a system.
From a security standpoint we also explore how we can leverage such information for the scenarios of network anomaly detection, botnet detection and rerouting interesting traffic to a network honeypot. For each of these scenarios we outline how a basic proof of concept Nettle based SDN controller would be implemented.
We also evaluate and discuss different aspects of the overall system such as classification accuracy, system response time, resource usage, traffic flow delays and scalability issues. The experimental testbed for these results is based on Mininet virtual machines (that also run the Diffuse ML traffic classifier) through which different legitimate and malicious application traffic generated by the BreakingPoint system is routed.
Finally, we conclude the paper by emphasizing the different working aspects of the system as well as the challenges it faces with regards to scalability and accuracy.
Are you the next cyber security superstar?
If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.
Other speakers joining this year
Cristian Stoica
IT & Cyber Security Director UTI Grup
Alexandru George Andrei
Security Engineer Safetech Innovations
Miguel Mota Veiga
Senior Security Consultant Dognædis
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
COMPETITIONS
Sponsors & Partners
They help us make this conference possible.
POWERED BY
Orange Romania is part of the Orange Group, one of the largest global telecommunications operators that connects hundreds of millions of customers worldwide. With over 11 million local customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions for both individual and corporate customers, from basic connectivity services to complete mobile, fixed internet, TV packages, and complex IT&C solutions through Orange Business.
Orange Romania is the number 1 operator in terms of network performance, and also holds nine consecutive Top Employer certifications, which confirm that Orange Romania, in addition to the remarkable products and services it offers, pays special attention to its employees and working environment. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance.
In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.