An Efficient Flow Control Approach for SDN-Based Network Threat Detection and Migration Using Support Vector Machine

2016 IEEE 13th International Conference on e-Business Engineering (ICEBE) Pub Date : 2016-11-01 DOI:10.1109/ICEBE.2016.020

Ping Wang, K. Chao, Hsiao-Chung Lin, Wen-Hui Lin, Chi-Chun Lo

{"title":"An Efficient Flow Control Approach for SDN-Based Network Threat Detection and Migration Using Support Vector Machine","authors":"Ping Wang, K. Chao, Hsiao-Chung Lin, Wen-Hui Lin, Chi-Chun Lo","doi":"10.1109/ICEBE.2016.020","DOIUrl":null,"url":null,"abstract":"Most existing approaches for solving the network threat problems focus on the specific security mechanisms, for example, network intrusion detection system (NIDS) detection, firewall configuration, rather than on flow management approaches to defend network threats with an SDN (Software Defined Networking) architecture. Accordingly, this study proposes an improved behaviour-based SVM (support vector machine) with learning algorithm for use in the security monitoring system (SMS) to categorize network threats for network intrusion detection system. The model also adopted the ID3 decision tree theory to outrank raw features and determine the most qualified features to train support vector classifier (SVC) considering the overall detection precision rate of experiments which speeds up the learning of normal and intrusive patterns and and increases the accuracy of detecting intrusion. By using sFlow collector and analyzer associated with sFlow-RT toolset, the experimental results proved that the SMS enables a defender to classify the network threats with defence strategies and defend network threats.","PeriodicalId":305614,"journal":{"name":"2016 IEEE 13th International Conference on e-Business Engineering (ICEBE)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"53","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 13th International Conference on e-Business Engineering (ICEBE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICEBE.2016.020","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 53

Abstract

Most existing approaches for solving the network threat problems focus on the specific security mechanisms, for example, network intrusion detection system (NIDS) detection, firewall configuration, rather than on flow management approaches to defend network threats with an SDN (Software Defined Networking) architecture. Accordingly, this study proposes an improved behaviour-based SVM (support vector machine) with learning algorithm for use in the security monitoring system (SMS) to categorize network threats for network intrusion detection system. The model also adopted the ID3 decision tree theory to outrank raw features and determine the most qualified features to train support vector classifier (SVC) considering the overall detection precision rate of experiments which speeds up the learning of normal and intrusive patterns and and increases the accuracy of detecting intrusion. By using sFlow collector and analyzer associated with sFlow-RT toolset, the experimental results proved that the SMS enables a defender to classify the network threats with defence strategies and defend network threats.

查看原文本刊更多论文

基于支持向量机的sdn网络威胁检测与迁移的高效流量控制方法

现有的解决网络威胁问题的方法大多侧重于特定的安全机制，例如网络入侵检测系统(NIDS)检测、防火墙配置，而不是利用软件定义网络(SDN)架构来防御网络威胁的流管理方法。因此，本研究提出了一种改进的基于行为的SVM(支持向量机)学习算法，用于安全监控系统(SMS)对网络入侵检测系统的网络威胁进行分类。该模型还采用ID3决策树理论对原始特征进行排序，并考虑实验的整体检测准确率，确定最合格的特征训练支持向量分类器(SVC)，加快了正常模式和入侵模式的学习，提高了入侵检测的准确率。通过使用sFlow- rt工具集关联的sFlow采集器和分析器，实验结果证明，SMS能够使防御者对网络威胁进行分类，并采用防御策略对网络威胁进行防御。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 13th International Conference on e-Business Engineering (ICEBE)

自引率

0.00%

发文量