Читать книгу The Smart Cyber Ecosystem for Sustainable Development - Группа авторов - Страница 60

Users only use secure networks. One major issue in networking is the attacks by intrusions. Detecting intrusion and responding to attacks is a real challenge, especially in wireless networks where data is communicated over a shared media. With the advent of ML technology, researchers have been trying to exploit ML techniques to overcome this problem. ML methods can process and classify traffic flows based on observable properties such as number of packets in a flow, flow duration, packet size, inter-packet arrival time, and flow size in bytes. Based on these properties, more advanced features can be computed.

The authors of [40] propose a system for ML-based flow classification integrated in SDN. It exploits methods of extracting knowledge that can be used by the controller in order to classify flows. A supervised ML algorithm has been used for identifying the underlying application flow, while unsupervised learning algorithm has been used for clustering flows in order to identify unknown applications. The system is also able to detect groups of related flows and proved to detect anomaly and botnet, as well as honeypot traffic rerouting.

The authors of [41, 42] show that employing user centric approaches combined with ML can improve the performance of anomaly detection in cellular networks. User centric approaches focus on the end user while developing designs and strategies for networks, thus the need of end users will tailor networking solutions. The study uses the SVM, KNN, and an optimized version of decision tree, wherein algorithms learn and predict QoE scores for users. A node is judged to be dysfunctional if the maximum number of users connected to this network node have poor QoE scores.

In [11], the authors developed an SDN-based system for real time intrusion detection using a deep learning-based approach. Data sets are used to train the ML algorithm, following the supervised learning approach. Then, a flow inspection module examines the flows and decides whether it is an intrusion flow or not. The SDN paradigm facilitates the implementation of the proposed method, as it provides means for designing flow-based monitoring and control mechanisms.

A detailed intelligent system for an automated control of large-scale networks is developed in [43]. The system architecture exploits SDN and deep RL methods for intelligent network control. Among other objectives, the system can serve applications that require traffic analysis and classification. RL involves processes that learn to make better decisions from experiences by interacting with all network elements. The SDN architecture is comprised of three planes: forwarding plane, the CP, and the AI plane. The function of the forwarding plane is forwarding, processing, and monitoring of data packets. The CP connects the AI plane and the forwarding plane. The SDN controller manages the network through standard southbound protocols and interacts with the AI plane through the northbound interface. The AI plane generates policies. It learns the policy through interaction with the network environment. An AI agent processes the network state data collected by the forwarding plane, then transfers the data to a policy through RL that is used to make decisions and optimization.

The researchers in [44] use KNN classification algorithm for detecting several types of attacks. The authors pointed out that with large training dataset, the computation of distances between the test point and training data is time-consuming as the algorithm needs also to sort and find the closest K neighbors. Author in [45] uses unsupervised ML for detecting anomalies in real networks. The proposed approach enables anticipation of anomalies before they become a real problem.

The paper of [46] provides a detailed review of recent studies that combines ML and SDN technology to solve the intrusion detection problem. The authors compare the performance of supervised, unsupervised, semi-supervised, and DL algorithms.