Deceiving Machine Learning-Based Saturation Attack Detection Systems in SDN

Recently, different machine learning-based detection systems are proposed to detect DDoS saturation attacks in Software-defined Networking (SDN). Meanwhile, different research studies highlight the vulnerabilities of adapting such systems in SDN. For instance, an adversary can fool the machine learning classifiers of these systems by crafting specific adversarial attack samples, preventing the detection of DoS saturation attacks. To better understand the security properties of these classifiers in adversarial settings, this paper investigates the robustness of the supervised and unsupervised machine learning classifiers against adversarial attacks. First, we propose an adversarial testing tool that can generate adversarial attacks that avoid the detection of four saturation attacks (i.e., SYN, UDP, ICMP, and TCP-SARFU), by perturbing different traffic features. Second, we propose a machine learning-based saturation attack detection system that utilizes different supervised and unsupervised machine learning classifiers as a testing platform. The experimental results demonstrate that the generated adversarial attacks can reduce the detection performance of the proposed detection system dramatically. Specifically, the detection performance of the four saturation attacks was decreased by more than 90% across several machine learning classifiers. This indicates that the proposed adversarial testing tool can effectively compromise the machine learning-based saturation attack detection systems.