Application Protocol Engineer at BreakingPoint Systems Ixia
Software Engineer with a strong background in computer networks, object oriented programming, operating systems, security, parallel and distributed algorithms and embedded development.
My main focus area is on Distributed Computer Systems and the intricacies they entail. I like understanding, designing, building, optimising and securing such systems as well as working on all of the abstraction layers involved.
Presentation: Securing Networks using SDN and Machine Learning
Software Defined Networking (SDN) holds the key for building networks that can adapt effectively and efficiently to ever changing conditions: traffic flows, network policies, security constraints, etc. Although it has this power, defining security policies that take into account all of the different scenarios and new applications that are running on the network can be an overwhelming task even if you use high level abstraction languages based on reactive programming.
In this paper we try to alleviate this complexity by using machine learning traffic flow classification techniques and defining high level SDN policies based on the derived flow classes. We employ both supervised learning techniques in which you have some pre-trained models for different types of traffic as well as unsupervised learning where we try to cluster together different traffic flows. If the clusters are pure enough, we can attempt to use them to automatically train a new supervised flow model. Finally, after classifying the flows, we run a flow grouping algorithm that will determine which flows are generally seen together in the same time frame. For supervised learning we’re using C4.5 decision tree classifiers having as features for a flow: inter-packet arrival time, packet size, packet count, flow tuple and other statistical information derived from these: means, sums, minimums, maximums, standard deviations. For the unsupervised case we use the k-means algorithm on the same group of features.
After obtaining the traffic flow information derived via machine learning we explore how to integrate it in a high level SDN language such as Nettle and provide an overview of the hardware and software architecture needed to support such a system.
From a security standpoint we also explore how we can leverage such information for the scenarios of network anomaly detection, botnet detection and rerouting interesting traffic to a network honeypot. For each of these scenarios we outline how a basic proof of concept Nettle based SDN controller would be implemented.
We also evaluate and discuss different aspects of the overall system such as classification accuracy, system response time, resource usage, traffic flow delays and scalability issues. The experimental testbed for these results is based on Mininet virtual machines (that also run the Diffuse ML traffic classifier) through which different legitimate and malicious application traffic generated by the BreakingPoint system is routed.
Finally, we conclude the paper by emphasizing the different working aspects of the system as well as the challenges it faces with regards to scalability and accuracy.
Are you the next cyber security superstar?
Ready for this year's presentations?
By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.
Sponsors & Partners
They help us make this conference possible.
Orange Romania is the leader of the local telecom market and part of the Orange Group, one of the largest global telecommunications operators, connecting hundreds of millions of customers worldwide. With over 11 million customers and an annual turnover exceeding 1.5 billion euros, Orange Romania connects 1 in 2 Romanians and offers an extensive range of communication solutions to its customers, both individual users and companies, from basic services up to complete voice services, fixed and mobile data, TV services or smart home services, but also mobile financial services. Orange is also a leader in innovation investing yearly over 200 million euros in network infrastructure and R&D initiatives in Romania. In the past 3 years Orange has launched two 5G Labs in Bucharest and Iasi, that aim to support researchers, startups and companies to test their 5G solutions in advance. In addition, Orange is a long-term supporter of the startup ecosystem through the Orange Fab accelerator program designed to support entrepreneurs in the development of innovative products and their distribution locally and internationally.
Orange Services was created in 2013 and is a 100% owned subsidiary of Orange Group. As a technology services company, our DNA is in IT, but our teams also work in other domains including mobile networks and a number of commercial and business functions. Orange Services is one of the largest technology hubs in the Orange Group, working internationally for both Orange corporate functions and country operations. Through a unique combination of cutting edge know-how and expertise, our teams provide a broad range of services: development and supervision of IT services in domains such as Big Data, Cloud, M2M, IoT, TV, Connected Objects; design and development of IT infrastructure and desktop solutions; testing & planning for mobile networks; implementation of supply chain solutions and also improvement of commercial & business performance including BI, CRM, Analytics, Digital learning and Customer Care. Visit us on LinkedIn.