[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

Journal of Information Science and Engineering, Vol. 38 No. 6, pp. 1189-1211

SandboxNet: A Learning-Based Malicious Application Detection Framework in SDN Networks

1Department of Computer Science and Information Engineering
National Taiwan Normal University
Taipei, 106 Taiwan

2Department of Information Engineering and Computer Science
Feng Chia University
Taichung, 407 Taiwan

3Department of Computer Science and Information Engineering
National Chung Cheng University
Chiayi, 621 Taiwan
E-mail: neokent@gapps.ntnu.edu.tw; 60747041s@gapps.ntnu.edu.tw;
m0907194@o365.fcu.edu.tw; tonymhwang@cs.ccu.edu.tw

Software Defined Networking (SDN) is a concept that decouples the control plane and the user plane. So, the network administrator can easily control the network behavior through its own programs. However, the administrator may unconsciously set up some malicious programs on SDN controllers so that the whole network may be under the attacker’s control. In this paper, we discuss the malicious software issue on SDN networks. We use the idea of the sandbox to propose a sandbox network called SanboxNet. We emulate a virtual isolated network environment to verify the SDN application functions. With continuous monitoring, we can locate the suspicious SDN applications if the system detects some pre-defined malicious behaviors. We also apply machine learning (ML) techniques to identify unknown malicious applications. Considering the sandbox-evading issue, in our work, we make the emulated networks, and the real-world networks will be indistinguishable to the SDN controller.

Keywords: software defined networking, intrusion detection, SDN application, machine learning, software testing

  Retrieve PDF document (JISE_202206_06.pdf)