Deep Learning Based Detection Method for SDN Malicious Applications
SDN is a new type of network architecture. The core technology of the SDN is to separate the control plane of the network device from the data plane so as to achieve flexible control of network traffic. Such structure and characteristics have put forward higher requirements on the security protection capability of the SDN controller. However, there are still less researches on malicious applications for the SDN network architecture. This article aims at this problem, based on the analysis of the existing malicious application detection methods and on deep learning technology proposed by a detection method for SDN malicious applications. Finally, under the TensorFlow deep learning simulation environment Keras, 30 SDN malicious samples were studied and tested. The experimental data show that the detection rate of this method for malicious applications can reach 89%, which proves the feasibility and scientificity of the program.
KeywordsSDN Malicious applications Deep learning
This research was financially supported by the National Key R&D Program of China (No: 2018YFB1004101).
- 1.Zhang, Y., Pan, X., Liu, Q.: APT attacks and defenses. pp. 1–7 (2017-08-10). https://doi.org/10.16511/j.cnki.qhdxxb.2017.21.024
- 2.Ceron, J.M., Margi, C.B., Granville, L.Z.: MARS: an SDN-based malware analysis solution. In: Computers and Communication, pp. 525–530. IEEE (2016); Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure. Morgan Kaufmann, San Francisco (1999)Google Scholar
- 3.Lee, C., Shin, S.: SHIELD: an automated framework for static analysis of SDN applications. In: ACM, pp. 29–34 (2016)Google Scholar
- 4.Röpke, C.: SDN Malware: Problems of Current Protection Systems and Potential Countermeasures. Lecture Notes in Informatics (LNI), Gesellschaft fur Informatik, Bonn (2016)Google Scholar
- 5.Röpke, C., Holz, T.: SDN Rootkits: subverting network operating systems of software-defined networks. In: Research in Attacks, Intrusions, and Defenses, pp. 339–356. Springer International Publishing (2015)Google Scholar
- 6.Lee, S., Yoon, C., Shin, S.: The smaller, the shrewder: a simple malicious application can kill an entire SDN environment. In: ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 23–28. ACM (2016)Google Scholar
- 7.Dai, H., Dai, B., Song, L.: Discriminative embeddings of latent variable models for structured data (2016)Google Scholar
- 8.Cheung, S., Fong, M., Porras, P., et al.: Securing the software-defined network control layer (2015)Google Scholar
- 10.Feng, Q., Zhou, R., Xu, C., et al.: Scalable graph-based bug search for firmware images. In: ACM Sigsac Conference on Computer and Communications Security, pp. 480–491. ACM (2016)Google Scholar
- 11.Xu, X., Liu, C., Feng, Q., et al.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: National Center for Biotechnology Information (2017). http://www.ncbi.nlm.nih.gov