A federated threat hunting system with big data analysis for SDN-enabled networks

RESEARCH CREW
6:36 24/11/2022

Software-defined networking (SDN) is a potential approach for modern network architecture, which has received great attention recently. SDN-based networks also face security issues, and they can become targets of cyberattacks. Cyber threat hunting is one of the security solutions proposed for early attack detection in SDN. Developing machine learning-based IDS for threat hunting can detect sophisticated and complex cyber-attacks. To improve the accuracy of ML-IDS models, it is necessary to provide data from a variety of sources for the training process. However, participants that join the training process are providing their own data because of issues of security and privacy. In this paper, we propose an approach using federated learning for IDS. Participants can train models themselves on their devices instead of providing their data. In addition, the combination of differential privacy and homomorphic encryption techniques ensures the privacy of model exchange. Moreover, a distributed processing system is used for big data workloads, which are generated from several devices in the SDN-based network. We perform the experiment not only on the CIC-TON-IOT 2018 dataset but also on the real network traffic to evaluate the proposed model. The results have proven the potentiality of our solution in protecting SDN.

TIN LIÊN QUAN
The increasing proliferation of phishing and scamming websites has become a significant threat to the safety and security of internet users. Accurately detecting such websites is crucial in mitigating their negative impact. While various techniques for detecting phishing and scamming websites exist, machine learning-based approaches have gained significant attention in...
Penetration testing is one of the most common methods for assessing the security of a system, application, or network. Although there are different support tools with great efficiency in this field, penetration testing is done mostly manually and relies heavily on the experience of the ethical hackers who are doing...