Detection of Zero-Day Attacks in a Software-Defined LEO Constellation Network Using Enhanced Network Metric Predictions

IF 6.3 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of the Communications Society Pub Date : 2024-10-16 DOI:10.1109/OJCOMS.2024.3481965

Dennis Agnew;Ashlee Rice-Bladykas;Janise Mcnair

{"title":"Detection of Zero-Day Attacks in a Software-Defined LEO Constellation Network Using Enhanced Network Metric Predictions","authors":"Dennis Agnew;Ashlee Rice-Bladykas;Janise Mcnair","doi":"10.1109/OJCOMS.2024.3481965","DOIUrl":null,"url":null,"abstract":"SATCOM is crucial for tactical networks, particularly submarines with sporadic communication requirements. Emerging SATCOM technologies, such as low-earth-orbit (LEO) satellite networks, provide lower latency, greater data reliability, and higher throughput than long-distance geostationary (GEO) satellites. Software-defined networking (SDN) has been introduced to SATCOM networks due to its ability to enhance management while strengthening network control and security. In our previous work, we proposed a SD-LEO constellation for naval submarine communication networks, as well as an extreme gradient boosting (XGBoost) machine-learning (ML) approach for classifying denial-of-service attacks against the constellation. Nevertheless, zero-day attacks have the potential to cause major damage to the SATCOM network, particularly the controller architecture, due to the scarcity of data for training and testing ML models due to their novelty. This study tackles this challenge by employing a predictive queuing analysis of the SD-SATCOM controller design to rapidly generate ML training data for zero-day attack detection. In addition, we redesign our singular controller architecture to a decentralized controller architecture to eliminate singular points of failure. To our knowledge, no prior research has investigated using queuing analysis to predict SD-SATCOM controller architecture network performance for ML training to prevent zero-day attacks. Our queuing analysis accelerates the training of ML models and enhances data adaptability, enabling network operators to defend against zero-day attacks without precollected data. We utilized the CatBoost algorithm to train a multi-output regression model to predict network performance statistics. Our method successfully identified and classified normal, non-attack samples and zero-day cyberattacks with over 94% accuracy, precision, recall, and f1-scores.","PeriodicalId":33803,"journal":{"name":"IEEE Open Journal of the Communications Society","volume":"5 ","pages":"6611-6634"},"PeriodicalIF":6.3000,"publicationDate":"2024-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10720072","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Communications Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10720072/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

SATCOM is crucial for tactical networks, particularly submarines with sporadic communication requirements. Emerging SATCOM technologies, such as low-earth-orbit (LEO) satellite networks, provide lower latency, greater data reliability, and higher throughput than long-distance geostationary (GEO) satellites. Software-defined networking (SDN) has been introduced to SATCOM networks due to its ability to enhance management while strengthening network control and security. In our previous work, we proposed a SD-LEO constellation for naval submarine communication networks, as well as an extreme gradient boosting (XGBoost) machine-learning (ML) approach for classifying denial-of-service attacks against the constellation. Nevertheless, zero-day attacks have the potential to cause major damage to the SATCOM network, particularly the controller architecture, due to the scarcity of data for training and testing ML models due to their novelty. This study tackles this challenge by employing a predictive queuing analysis of the SD-SATCOM controller design to rapidly generate ML training data for zero-day attack detection. In addition, we redesign our singular controller architecture to a decentralized controller architecture to eliminate singular points of failure. To our knowledge, no prior research has investigated using queuing analysis to predict SD-SATCOM controller architecture network performance for ML training to prevent zero-day attacks. Our queuing analysis accelerates the training of ML models and enhances data adaptability, enabling network operators to defend against zero-day attacks without precollected data. We utilized the CatBoost algorithm to train a multi-output regression model to predict network performance statistics. Our method successfully identified and classified normal, non-attack samples and zero-day cyberattacks with over 94% accuracy, precision, recall, and f1-scores.

查看原文本刊更多论文

利用增强型网络度量预测检测软件定义的低地轨道星座网络中的零日攻击

SATCOM 对于战术网络，特别是有零星通信需求的潜艇至关重要。新兴的 SATCOM 技术，如低地球轨道 (LEO) 卫星网络，与长距离地球静止 (GEO) 卫星相比，具有更低的延迟、更高的数据可靠性和更大的吞吐量。软件定义网络（SDN）能够在加强网络控制和安全性的同时提高管理水平，因此已被引入 SATCOM 网络。在我们之前的工作中，我们提出了一种用于海军潜艇通信网络的 SD-LEO 星座，以及一种极端梯度提升（XGBoost）机器学习（ML）方法，用于对针对该星座的拒绝服务攻击进行分类。尽管如此，零日攻击仍有可能对 SATCOM 网络，尤其是控制器架构造成重大破坏，因为其新颖性导致用于训练和测试 ML 模型的数据稀缺。本研究通过对 SD-SATCOM 控制器设计进行预测排队分析，快速生成用于零日攻击检测的 ML 训练数据，从而应对这一挑战。此外，我们将单一控制器架构重新设计为分散控制器架构，以消除单一故障点。据我们所知，此前还没有研究使用队列分析来预测 SD-SATCOM 控制器架构网络性能，以便为防止零日攻击进行 ML 训练。我们的队列分析加快了 ML 模型的训练速度，增强了数据适应性，使网络运营商能够在没有预先收集数据的情况下防御零日攻击。我们利用 CatBoost 算法来训练多输出回归模型，以预测网络性能统计数据。我们的方法成功识别并分类了正常、非攻击样本和零日网络攻击，准确率、精确率、召回率和 f1 分数均超过 94%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Open Journal of the Communications Society Multiple-

CiteScore

13.70

自引率

3.80%

发文量

审稿时长

10 weeks

期刊介绍： The IEEE Open Journal of the Communications Society (OJ-COMS) is an open access, all-electronic journal that publishes original high-quality manuscripts on advances in the state of the art of telecommunications systems and networks. The papers in IEEE OJ-COMS are included in Scopus. Submissions reporting new theoretical findings (including novel methods, concepts, and studies) and practical contributions (including experiments and development of prototypes) are welcome. Additionally, survey and tutorial articles are considered. The IEEE OJCOMS received its debut impact factor of 7.9 according to the Journal Citation Reports (JCR) 2023. The IEEE Open Journal of the Communications Society covers science, technology, applications and standards for information organization, collection and transfer using electronic, optical and wireless channels and networks. Some specific areas covered include: Systems and network architecture, control and management Protocols, software, and middleware Quality of service, reliability, and security Modulation, detection, coding, and signaling Switching and routing Mobile and portable communications Terminals and other end-user devices Networks for content distribution and distributed computing Communications-based distributed resources control.