loading page

Bringing To Light: Adversarial Poisoning Detection in Multi-controller Software-defined Networks
  • +1
  • Tapadhir Das ,
  • Raj Shukla ,
  • Shamik Sengupta ,
  • Suman Rath
Tapadhir Das
University of Nevada, University of Nevada

Corresponding Author:[email protected]

Author Profile
Raj Shukla
Author Profile
Shamik Sengupta
Author Profile
Suman Rath
Author Profile


Machine learning (ML)-based network intrusion detection systems (NIDS) have become a contemporary approach to efficiently protect network communications from cyber attacks. However, ML models can become exploited by adversarial poisonings, like random label manipulation (RLM), which can compromise multi-controller software-defined network (MSDN) operations. In this paper, we develop the Trans-controller Adversarial Perturbation Detection (TAPD) framework for NIDS in multi-controller SDN setups. The detection framework takes advantage of the SDN architecture and focuses on the periodic transference of network intrusion detection models across the SDN controllers in the topology, and validates the models using the local datasets to calculate errors in their predictions with the ground truth. We demonstrate the efficacy of this framework in detecting RLM attacks in an MSDN setup. Results indicate efficient detection performance achieved by the TAPD framework in determining the presence of Random Label Manipulation attacks and the localization of the compromised controllers. We find that the framework works well even when there is a significant number of compromised agents in a large multi-controller setting. However, the performance begins to deteriorate when more than 40% of the SDN controllers in the MSDN have become compromised.