Benchmarking Machine Learning for Multivariate Malware Detection in Software-Defined Networks
摘要
Software Defined Networking (SDN) has been developed to enhance networks by separating the control plane from the data plane. However, the increasing adoption of these networks has introduced security challenges, particularly the potential for malware attacks. Classical security mechanisms struggle to maintain protection and mitigation due to the constantly changing behavior of SDN traffic. To address security issues in the SDN environment, this paper presents a benchmarking Machine Learning (ML) approach for multivariate malware detection that incorporates six ML algorithms within the SDN's control plane. It utilizes the CIC-MalMem-2022 dataset to train the algorithms. The ML algorithms deployed in this work are Naïve Bayes (NB), Logistic Regression (LR), Support Vector Machine (SVM), CatBoost, LightGBM, and Multi-layer Perceptron (MLP), which are used to distinguish between malicious (3*5 classes) and benign traffic. Experimental results demonstrate that the LightGBM algorithm exhibits the best performance, achieving the highest classification accuracy of 76.56%, precision of 76.48%, recall of 76.56%, specificity score of 99.16%, and F1 score of 76.25%. It outperformed the other algorithms. The modest classification results stem from overlapping malware behaviors in the CIC-MalMem-2022 dataset, which hindered the ML algorithms from achieving better malware detection outcomes, emphasizing the need for more sophisticated methods to enhance SDN cybersecurity.