loading page

Bringing To Light: Adversarial Poisoning Detection in Multi-controller Software-defined Networks
  • +1
  • Tapadhir Das ,
  • Raj Shukla ,
  • Shamik Sengupta ,
  • Suman Rath
Tapadhir Das
University of Nevada, University of Nevada

Corresponding Author:[email protected]

Author Profile
Raj Shukla
Author Profile
Shamik Sengupta
Author Profile
Suman Rath
Author Profile

Abstract

Machine learning (ML)-based network intrusion detection systems (NIDS) have become a contemporary approach to efficiently protect network communications from cyber attacks. However, ML models are starting to become exploited by adversarial poisonings, like random label manipulation (RLM), which can compromise multi-controller software-defined network (MSDN) operations. In this paper, we develop the Trans-controller Adversarial Perturbation Detection (TAPD) framework for NIDS in multi-controller SDN setups. The detection framework takes advantage of the SDN architecture and focuses on the periodic transference of network intrusion detection models across the SDN controllers in the topology, and validates the models using the local datasets to calculate errors in their predictions with the ground truth. We demonstrate the efficacy of this framework in detecting RLM attacks in an MSDN setup. Results indicate efficient detection performance achieved by the TAPD framework in determining the presence of RLM attacks and the localization of the compromised controllers. We also note that the frameworks work well when there is a low number of compromised controllers in the topology proportional to the total number of SDN controllers. However, the performance begins to deteriorate when more than 30% of the SDN controllers in the MSDN have become compromised.