Dragos Comaneci

Application Protocol Engineer at BreakingPoint Systems Ixia

BIOGRAPHY

Software Engineer with a strong background in computer networks, object oriented programming, operating systems, security, parallel and distributed algorithms and embedded development.
My main focus area is on Distributed Computer Systems and the intricacies they entail. I like understanding, designing, building, optimising and securing such systems as well as working on all of the abstraction layers involved.

Presentation: Securing Networks using SDN and Machine Learning

Software Defined Networking (SDN) holds the key for building networks that can adapt effectively and efficiently to ever changing conditions: traffic flows, network policies, security constraints, etc. Although it has this power, defining security policies that take into account all of the different scenarios and new applications that are running on the network can be an overwhelming task even if you use high level abstraction languages based on reactive programming.
In this paper we try to alleviate this complexity by using machine learning traffic flow classification techniques and defining high level SDN policies based on the derived flow classes. We employ both supervised learning techniques in which you have some pre-trained models for different types of traffic as well as unsupervised learning where we try to cluster together different traffic flows. If the clusters are pure enough, we can attempt to use them to automatically train a new supervised flow model. Finally, after classifying the flows, we run a flow grouping algorithm that will determine which flows are generally seen together in the same time frame. For supervised learning we’re using C4.5 decision tree classifiers having as features for a flow: inter-packet arrival time, packet size, packet count, flow tuple and other statistical information derived from these: means, sums, minimums, maximums, standard deviations. For the unsupervised case we use the k-means algorithm on the same group of features.
After obtaining the traffic flow information derived via machine learning we explore how to integrate it in a high level SDN language such as Nettle and provide an overview of the hardware and software architecture needed to support such a system.
From a security standpoint we also explore how we can leverage such information for the scenarios of network anomaly detection, botnet detection and rerouting interesting traffic to a network honeypot. For each of these scenarios we outline how a basic proof of concept Nettle based SDN controller would be implemented.
We also evaluate and discuss different aspects of the overall system such as classification accuracy, system response time, resource usage, traffic flow delays and scalability issues. The experimental testbed for these results is based on Mininet virtual machines (that also run the Diffuse ML traffic classifier) through which different legitimate and malicious application traffic generated by the BreakingPoint system is routed.
Finally, we conclude the paper by emphasizing the different working aspects of the system as well as the challenges it faces with regards to scalability and accuracy.

Are you the next cyber security superstar?

If you are passionate about an information security topic or you have strong technical skills developing researches on your own, you should definitely Apply at Call for Papers. By submitting you will have the chance to showcase your work to +2000 attendees.

Other speakers joining this year

Alex “Jay” Balan

Head of Product Management BullGuard

Fahad Ehsan

Lead Architect UBS AG

Celil ÜNÜVER

Co-Founder SignalSEC Ltd

Ready for this year's presentations?

By registering you will unlock access to 60+ speakers and two full days with cyber security news & showcases from worldwide leaders.

0
SPEAKERS
0
COUNTRIES
0
ATTENDEES
0
HACKING
COMPETITIONS
0
COMPANIES

Sponsors & Partners

They help us make this conference possible.

POWERED BY

As an infrastructure operator, technology integrator and IT&C services provider, Orange Business Services supports businesses and public entities in their digital transformation. Collect, transport, protect, store and process and analyze: they orchestrate every phase of the data journey, for your business to create even more value.

WWW.ORANGE.RO

PLATINUM PARTNERS

Ixia provides testing, visibility, security solutions, network testing tools and virtual network security solutions to strengthen applications across physical and virtual networks.

WWW.IXIACOM.COM

Secureworks provides threat intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

WWW.SECUREWORKS.COM

GOLD PARTNERS
SILVER PARTNERS
GAMING PARTNERS
VIP & SPEAKER LOUNGE PARTNER
BRONZE PARTNERS
COMMUNITY & MEDIA PARTNERS