A federated threat hunting system with big data analysis for SDN-enabled networks

6:36 24/11/2022

Software-defined networking (SDN) is a potential approach for modern network architecture, which has received great attention recently. SDN-based networks also face security issues, and they can become targets of cyberattacks. Cyber threat hunting is one of the security solutions proposed for early attack detection in SDN. Developing machine learning-based IDS for threat hunting can detect sophisticated and complex cyber-attacks. To improve the accuracy of ML-IDS models, it is necessary to provide data from a variety of sources for the training process. However, participants that join the training process are providing their own data because of issues of security and privacy. In this paper, we propose an approach using federated learning for IDS. Participants can train models themselves on their devices instead of providing their data. In addition, the combination of differential privacy and homomorphic encryption techniques ensures the privacy of model exchange. Moreover, a distributed processing system is used for big data workloads, which are generated from several devices in the SDN-based network. We perform the experiment not only on the CIC-TON-IOT 2018 dataset but also on the real network traffic to evaluate the proposed model. The results have proven the potentiality of our solution in protecting SDN.

The diverse landscape of network models, including Software-Defined Networking (SDN), Cloud Computing (C2), and Internet of Things (IoT), is evolving to meet the demands of flexibility and performance. However, these environments face numerous security challenges due to cyber-attack complexity. Traditional defense mechanisms are no longer effective against modern attacks. Therefore,...
As data driven-based Windows malware detectors become increasingly prevalent, the need for robust evaluation and enhancement of adversarial malware generation techniques also becomes imperative, as malicious actors will adapt and enhance their malware to evade detection. There are numerous works that introduce new techniques or enhancements for adversarial malware. One...