Software Defined Networking (SDN) has been developed to enhance networks by separating the control plane from the data plane. However, the increasing adoption of these networks has introduced security challenges, particularly the potential for malware attacks. Classical security mechanisms struggle to maintain protection and mitigation due to the constantly changing behavior of SDN traffic. To address security issues in the SDN environment, this paper presents a benchmarking Machine Learning (ML) approach for multivariate malware detection that incorporates six ML algorithms within the SDN's control plane. It utilizes the CIC-MalMem-2022 dataset to train the algorithms. The ML algorithms deployed in this work are Naïve Bayes (NB), Logistic Regression (LR), Support Vector Machine (SVM), CatBoost, LightGBM, and Multi-layer Perceptron (MLP), which are used to distinguish between malicious (3*5 classes) and benign traffic. Experimental results demonstrate that the LightGBM algorithm exhibits the best performance, achieving the highest classification accuracy of 76.56%, precision of 76.48%, recall of 76.56%, specificity score of 99.16%, and F1 score of 76.25%. It outperformed the other algorithms. The modest classification results stem from overlapping malware behaviors in the CIC-MalMem-2022 dataset, which hindered the ML algorithms from achieving better malware detection outcomes, emphasizing the need for more sophisticated methods to enhance SDN cybersecurity.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Benchmarking Machine Learning for Multivariate Malware Detection in Software-Defined Networks

  • Ali H. Al-Shakarchi,
  • Huthaifa L. Mohamed,
  • Yousif Khalid Yousif,
  • Salama A. Mostafa,
  • Ali Khairi Altoohafi,
  • Abdulamjeed Sulaiman

摘要

Software Defined Networking (SDN) has been developed to enhance networks by separating the control plane from the data plane. However, the increasing adoption of these networks has introduced security challenges, particularly the potential for malware attacks. Classical security mechanisms struggle to maintain protection and mitigation due to the constantly changing behavior of SDN traffic. To address security issues in the SDN environment, this paper presents a benchmarking Machine Learning (ML) approach for multivariate malware detection that incorporates six ML algorithms within the SDN's control plane. It utilizes the CIC-MalMem-2022 dataset to train the algorithms. The ML algorithms deployed in this work are Naïve Bayes (NB), Logistic Regression (LR), Support Vector Machine (SVM), CatBoost, LightGBM, and Multi-layer Perceptron (MLP), which are used to distinguish between malicious (3*5 classes) and benign traffic. Experimental results demonstrate that the LightGBM algorithm exhibits the best performance, achieving the highest classification accuracy of 76.56%, precision of 76.48%, recall of 76.56%, specificity score of 99.16%, and F1 score of 76.25%. It outperformed the other algorithms. The modest classification results stem from overlapping malware behaviors in the CIC-MalMem-2022 dataset, which hindered the ML algorithms from achieving better malware detection outcomes, emphasizing the need for more sophisticated methods to enhance SDN cybersecurity.