SDN-GAN: Generative Adversarial Deep NNs for Synthesizing Cyber Attacks on Software Defined Networks

  • Ahmed AlEroud
  • George KarabatisEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11878)


The recent evolution in programmable networks such as SDN opens the possibility to control networks using software controllers. However, such networks are vulnerable to attacks that occur in traditional networks. Several techniques are proposed to handle the security vulnerabilities in SDNs. However, it is challenging to create attack signatures, scenarios, or even intrusion detection rules that are applicable to SDN dynamic environments. Generative Adversarial Deep Neural Networks automates the generation of realistic data in a semi supervised manner. This paper describes an approach that generates synthetic attacks that can target SDNs. It can be used to train SDNs to detect different attack variations. It is based on the most recent OpenFlow models/algorithms and it utilizes similarity with known attack patterns to identify attacks. Such synthesized variations of attack signatures are shown to attack SDNs using adversarial approaches.


Cyber-attack detection Software Defined Networks Generative Adversarial Networks 


  1. 1.
    Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)CrossRefGoogle Scholar
  2. 2.
    AlEroud, A., Alsmadi, I.: Identifying DoS attacks on software defined networks: a relation context approach. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 853–857 (2016)Google Scholar
  3. 3.
    Cugola, G., Margara, A.: Processing flows of information: from data stream to complex event processing. ACM Comput. Surv. (CSUR) 44(3), 15 (2012)CrossRefGoogle Scholar
  4. 4.
    Chung, C.J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secur. Comput. 10(4), 198–211 (2013)CrossRefGoogle Scholar
  5. 5.
    Chung, C.J., Cui, J., Khatkar, P., Huang, D.: Non-intrusive process-based monitoring system to mitigate and prevent VM vulnerability explorations. In: 2013 9th International Conference on Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), October 2013, pp. 21–30. IEEE (2013)Google Scholar
  6. 6.
    Shirali-Shahreza, S., Ganjali, Y.: Efficient implementation of security applications in openflow controller with flexam. In: 2013 IEEE 21st Annual Symposium on High Performance Interconnects (HOTI), August 2013, pp. 49–54. IEEE (2013)Google Scholar
  7. 7.
    Jeong, C., Ha, T., Narantuya, J., Lim, H., Kim, J.: Scalable network intrusion detection on virtual SDN environment. In: 2014 IEEE 3rd International Conference on Cloud Networking (CloudNet), October 2014, pp. 264–265. IEEE (2014)Google Scholar
  8. 8.
    Lopez, M.E.A., Duarte, O.C.M.B.: Providing elasticity to intrusion detection systems in virtualized software defined networks. In: IEEE ICC (2015)Google Scholar
  9. 9.
    Alsmadi, I.: The integration of access control levels based on SDN. Int. J. High Perform. Comput. Netw. 9, 281–290 (2016)CrossRefGoogle Scholar
  10. 10.
    AlEroud, A., Alsmadi, I.: Identifying DoS attacks on software defined networks: a relation context approach. In: NOMS (2016)Google Scholar
  11. 11.
    Kerner, S.M.: OpenFlow can provide security too. 14 May 2012
  12. 12.
    Hogg, S.: Using SDN to create a packet monitoring system, packet-level monitoring use case with cisco XNC and monitor manager, network world, technical article, December 2013.
  13. 13.
    Skowyra, R., Bahargam, S., Bestavros, A.: Software-defined ids for securing embedded mobile devices. In: High Performance Extreme Computing Conference (HPEC) 2013, pp. 1–7. IEEE (2013)Google Scholar
  14. 14.
    MIT: DARPA intrusion detection evaluation, ed (2012)Google Scholar
  15. 15.
    Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based modeling for fraud and intrusion detection: results from the JAM project. In: Proceedings of the DARPA Information Survivability Conference and Exposition 2000, DISCEX 2000, pp. 130–144 (2000)Google Scholar
  16. 16.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.-A.: A detailed analysis of the KDD CUP 99 dataset. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defense Applications 2009 (2009)Google Scholar
  17. 17.
    Ding, T., AlEroud, A., Karabatis, G.: Multi-granular aggregation of network flows for security analysis. In: IEEE International Conference on Intelligence and Security Informatics (ISI) 2015, pp. 173–175 (2015)Google Scholar
  18. 18.
    Berman, M., Chase, J.S., Landweber, L., Nakao, A., Ott, M., Raychaudhuri, D., et al.: GENI: a federated testbed for innovative network experiments. Comput. Netw. 61, 5–23 (2014)CrossRefGoogle Scholar
  19. 19.
    The CAIDA “DDoS Attack 2007” dataset.
  20. 20.
    Mirza, F., Khayam, S.A.: Network-embedded security using in-network packet marking.
  21. 21.
    Kreutz, D., Ramos, F., Verissimo, P., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey, no. 2014. arXiv preprint arXiv:1406.0440
  22. 22.
    Zilong, L., Shi, Y., Xue, Z.: IDSGAN: generative adversarial networks for attack gene ration against intrusion detection. arXiv preprint arXiv:1809.02077 (2018)

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Yarmouk UniversityIrbidJordan
  2. 2.University of Maryland, Baltimore County (UMBC)BaltimoreUSA

Personalised recommendations