A Data-Driven Approach to Mitigate Evolving Volumetric Attacks in Programmable Networks

A Data-Driven Approach to Mitigate Evolving Volumetric Attacks in Programmable Networks

In-network machine learning (ML) offers a cutting-edge approach for promptly detecting malicious traffic. Existing methods often rely on one-size-fits-all ML models that fail to adapt to evolving attack traffic patterns, leading to a time-consuming and labor-intensive process for updating ML model f...

Full description

Saved in:
Bibliographic Details
Main Authors: Muhammad Saqib, Halima Elbiaze, Roch H. Glitho
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Transactions on Machine Learning in Communications and Networking
Subjects:
Network intrusion detection
machine learning
programmable networks
P4
Online Access:https://ieeexplore.ieee.org/document/11105473/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In-network machine learning (ML) offers a cutting-edge approach for promptly detecting malicious traffic. Existing methods often rely on one-size-fits-all ML models that fail to adapt to evolving attack traffic patterns, leading to a time-consuming and labor-intensive process for updating ML model from the control to the data plane. To address these limitations, we propose an automated, data-driven method for identifying novel malicious traffic patterns and updating ML model seamlessly in programmable networks. The proposed method sets drift detection thresholds based on baseline performance from historical (i.e., training) data and uses these thresholds to detect anomalies in unseen (i.e., testing) data. We continuously adjust the thresholds to accommodate data distribution changes and in-network inference results while minimizing sensitivity to minor fluctuations. We evaluate the proposed method using two intrusion detection datasets, CICIDS2017 and UNSW-NB15. The experimental results demonstrate its efficacy in safeguarding against evolving volumetric attacks. Additionally, we compare the conventional model performance-based drift detection method with an adaptive monitoring window-based approach, highlighting the latter’s advantage in balancing drift detection efficacy and minimizing its adaptation impact, i.e., disruptions to normal network traffic are reduced by an average of 20%. The adaptive method dynamically adjusts the drift monitoring window size to adapt to the characteristics of the unseen traffic patterns.
ISSN:2831-316X

Similar Items