MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context

Software defined network (SDN) is a promising new network abstraction that aims to improve and facilitate network management. Due to its centralized architecture and the lack of intelligence on the data plane, SDN suffers from many security issues that slows down its deployment. Man in the Middle (MitM) attack is considered as one of the most devastating attacks in an SDN context. In fact, MitM attack allows the attackers to capture, duplicate and spoof flows by targeting southbound interfaces and SDN nodes. Furthermore, it's very difficult to detect MitM attacks since it is performed passively at the SDN level. To reduce the impact of this attack, we generally set up security policies and authentication mechanisms. However, these techniques are not applicable for a large scale SDN architecture as they require complexes and static configurations and as they negatively influence on network performance. In this paper, we propose an intrusion detection and prevention framework by using machine learning techniques to detect and stop MitM attempts. To do so, we build a context-based node acceptance based on the random forest model (CBNA-RF), which helps to setting-up appropriate security policies and to automating defense operations on a large-scale SDN context. This mechanism can realize a quick and early detection of MitM attacks by automatically detecting malicious nodes without affecting performances. The evaluation of the proposed framework demonstrates that our model can correctly classify and detect malicious connections and nodes while keeping high accuracy and precision scores.