f-AnoGAN for Unsupervised Attack Detection in SDN Environment

IF 6.7 2区计算机科学 Q1 ENGINEERING, MULTIDISCIPLINARY

IEEE Transactions on Network Science and Engineering Pub Date : 2025-04-10 DOI:10.1109/TNSE.2025.3558936

Vitor Gabriel da Silva Ruffo;Luiz Fernando Carvalho;Jaime Lloret;Mario Lemes Proença Jr

{"title":"f-AnoGAN for Unsupervised Attack Detection in SDN Environment","authors":"Vitor Gabriel da Silva Ruffo;Luiz Fernando Carvalho;Jaime Lloret;Mario Lemes Proença Jr","doi":"10.1109/TNSE.2025.3558936","DOIUrl":null,"url":null,"abstract":"Network management solutions remain essential for proper network service delivery. The software-defined networking (SDN) paradigm brought flexibility and programmability to today's large-scale networks, easing their governance. Another critical factor in the quality of network services is network security for protection against cyberattacks. This work proposes an unsupervised volume anomaly detection and mitigation system for securing SDN environments. We implement a fast AnoGAN (f-AnoGAN) to model legitimate user behavior and identify outlier samples. The generative network is trained on a low-dimensional representation of network traffic to reduce computational overhead. The f-AnoGAN model performance is further investigated through hyperparameter tuning and ablation study. The security system is evaluated on four public datasets: Orion, CIC-DDoS2019, CIC-IDS2017, and TON_IoT. We implement state-of-the-art alternative models for comparison analysis, namely Autoencoder, BiGAN, and FID-GAN. The f-AnoGAN presents improved class separation capacity and anomaly identification performance compared to the other models. The anomaly mitigation module can drop between 95% and 99% of malign traffic, supporting network resilience and correct functioning.","PeriodicalId":54229,"journal":{"name":"IEEE Transactions on Network Science and Engineering","volume":"12 4","pages":"3271-3285"},"PeriodicalIF":6.7000,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network Science and Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10960662/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

Network management solutions remain essential for proper network service delivery. The software-defined networking (SDN) paradigm brought flexibility and programmability to today's large-scale networks, easing their governance. Another critical factor in the quality of network services is network security for protection against cyberattacks. This work proposes an unsupervised volume anomaly detection and mitigation system for securing SDN environments. We implement a fast AnoGAN (f-AnoGAN) to model legitimate user behavior and identify outlier samples. The generative network is trained on a low-dimensional representation of network traffic to reduce computational overhead. The f-AnoGAN model performance is further investigated through hyperparameter tuning and ablation study. The security system is evaluated on four public datasets: Orion, CIC-DDoS2019, CIC-IDS2017, and TON_IoT. We implement state-of-the-art alternative models for comparison analysis, namely Autoencoder, BiGAN, and FID-GAN. The f-AnoGAN presents improved class separation capacity and anomaly identification performance compared to the other models. The anomaly mitigation module can drop between 95% and 99% of malign traffic, supporting network resilience and correct functioning.

查看原文本刊更多论文

SDN环境下无监督攻击检测的anogan

网络管理解决方案对于正确的网络服务交付仍然是必不可少的。软件定义网络（SDN）范例为当今的大规模网络带来了灵活性和可编程性，简化了它们的管理。网络服务质量的另一个关键因素是防止网络攻击的网络安全。本工作提出了一种用于保护SDN环境的无监督卷异常检测和缓解系统。我们实现了一个快速AnoGAN （f-AnoGAN）来模拟合法用户行为并识别异常样本。生成网络在网络流量的低维表示上进行训练，以减少计算开销。通过超参数调谐和烧蚀研究进一步研究了f-AnoGAN模型的性能。该安全系统在Orion、CIC-DDoS2019、CIC-IDS2017和TON_IoT四个公共数据集上进行了评估。我们实现了最先进的替代模型进行比较分析，即Autoencoder， BiGAN和FID-GAN。与其他模型相比，f-AnoGAN具有更好的类分离能力和异常识别性能。异常缓解模块可以减少95%到99%的恶意流量，支持网络弹性和正常运行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Network Science and Engineering Engineering-Control and Systems Engineering

CiteScore

12.60

自引率

9.10%

发文量

393

期刊介绍： The proposed journal, called the IEEE Transactions on Network Science and Engineering (TNSE), is committed to timely publishing of peer-reviewed technical articles that deal with the theory and applications of network science and the interconnections among the elements in a system that form a network. In particular, the IEEE Transactions on Network Science and Engineering publishes articles on understanding, prediction, and control of structures and behaviors of networks at the fundamental level. The types of networks covered include physical or engineered networks, information networks, biological networks, semantic networks, economic networks, social networks, and ecological networks. Aimed at discovering common principles that govern network structures, network functionalities and behaviors of networks, the journal seeks articles on understanding, prediction, and control of structures and behaviors of networks. Another trans-disciplinary focus of the IEEE Transactions on Network Science and Engineering is the interactions between and co-evolution of different genres of networks.