Intrusion Detection Systems (IDS) are aimed at analyzing and detecting security problems. IDS based on anomaly detection and, in particular, on statistical analysis, inspect each traffic flow in order to get its statistical characterization, which represents the fingerprint of the flow. Software Defined Networking (SDN) is revolutionizing the networking industry by enabling programmability, easier management and faster innovation. These benefits are made possible by its centralized control plane architecture which allows the network to be programmed and controlled by one central entity. The fusion of these two technologies can lead to an innovative system of malware detection. This paper tries to join these two concepts in order to obtain the best from the two worlds. We use a well known machine learning scheme (Support Vector Machine) as core system for detecting malware by using only traffic features that can be extracted using an SDN controller.

Support Vector Machine Meets Software Defined Networking in IDS Domain

Boero, Luca;Marchese, Mario;Zappatore, Sandro
2017-01-01

Abstract

Intrusion Detection Systems (IDS) are aimed at analyzing and detecting security problems. IDS based on anomaly detection and, in particular, on statistical analysis, inspect each traffic flow in order to get its statistical characterization, which represents the fingerprint of the flow. Software Defined Networking (SDN) is revolutionizing the networking industry by enabling programmability, easier management and faster innovation. These benefits are made possible by its centralized control plane architecture which allows the network to be programmed and controlled by one central entity. The fusion of these two technologies can lead to an innovative system of malware detection. This paper tries to join these two concepts in order to obtain the best from the two worlds. We use a well known machine learning scheme (Support Vector Machine) as core system for detecting malware by using only traffic features that can be extracted using an SDN controller.
File in questo prodotto:
File Dimensione Formato  
ITC_29_2017.pdf

accesso chiuso

Tipologia: Documento in Post-print
Dimensione 250.99 kB
Formato Adobe PDF
250.99 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11567/933926
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 30
  • ???jsp.display-item.citation.isi??? 24
social impact