Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques

Nasser Alshammari; Shumaila Shahzadi; Saad Awadh Alanazi; Shahid Naseem; Muhammad Anwar; Madallah Alruwaili; Muhammad Rizwan Abid; Omar Alruwaili; Ahmed Alsayat; Fahad Ahmad

doi:10.32604/csse.2023.040721

Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques

Nasser Alshammari, Shumaila Shahzadi, Saad Awadh Alanazi, Shahid Naseem, Muhammad Anwar, Madallah Alruwaili, Muhammad Rizwan Abid, Omar Alruwaili, Ahmed Alsayat, Fahad Ahmad

Research output: Contribution to journal › Article › peer-review

154 Downloads (Pure)

Abstract

Software Defined Network (SDN) and Network Function Virtualization (NFV) technology promote several benefits to network operators, including reduced maintenance costs, increased network operational performance, simplified network lifecycle, and policies management. Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration (NFV MANO), and malicious attacks in different scenarios disrupt the NFV Orchestrator (NFVO) and Virtualized Infrastructure Manager (VIM) lifecycle management related to network services or individual Virtualized Network Function (VNF). This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users. An anomaly detector investigates these identified risks and provides secure network services. It enables virtual network security functions and identifies anomalies in Kubernetes (a cloud-based platform). For training and testing purpose of the proposed approach, an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf, Neptune, Teardrop, Pod, Land, IPsweep, etc., categorized as Probing (Prob), Denial of Service (DoS), User to Root (U2R), and Remote to User (R2L) attacks. An anomaly detector is anticipated with the capabilities of a Machine Learning (ML) technique, making use of supervised learning techniques like Logistic Regression (LR), Support Vector Machine (SVM), Random Forest (RF), Naïve Bayes (NB), and Extreme Gradient Boosting (XGBoost). The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes. RF classifier has shown better outcomes (99.90% accuracy) than other classifiers in detecting anomalies/intrusions in the containerized environment.

Original language	English
Pages (from-to)	363-394
Number of pages	32
Journal	Computer Systems Science and Engineering
Volume	48
Issue number	2
DOIs	https://doi.org/10.32604/csse.2023.040721
Publication status	Published - 19 Mar 2024

Keywords

software defined network
network function visualization
network function virtualization management and orchestration
virtual infrastructure manager
virtual network function
Kubernetes
Kubectl
artificial intelligence
machine learning

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.32604/csse.2023.040721

TSP_CSSE_40721Final published version, 2.12 MBLicence: CC BY

Cite this

Alshammari, N., Shahzadi, S., Alanazi, S. A., Naseem, S., Anwar, M., Alruwaili, M., Abid, M. R., Alruwaili, O., Alsayat, A., & Ahmad, F. (2024). Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques. Computer Systems Science and Engineering, 48(2), 363-394. https://doi.org/10.32604/csse.2023.040721

@article{01b79c4867a64faebe9f517980224d95,

title = "Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques",

abstract = "Software Defined Network (SDN) and Network Function Virtualization (NFV) technology promote several benefits to network operators, including reduced maintenance costs, increased network operational performance, simplified network lifecycle, and policies management. Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration (NFV MANO), and malicious attacks in different scenarios disrupt the NFV Orchestrator (NFVO) and Virtualized Infrastructure Manager (VIM) lifecycle management related to network services or individual Virtualized Network Function (VNF). This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users. An anomaly detector investigates these identified risks and provides secure network services. It enables virtual network security functions and identifies anomalies in Kubernetes (a cloud-based platform). For training and testing purpose of the proposed approach, an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf, Neptune, Teardrop, Pod, Land, IPsweep, etc., categorized as Probing (Prob), Denial of Service (DoS), User to Root (U2R), and Remote to User (R2L) attacks. An anomaly detector is anticipated with the capabilities of a Machine Learning (ML) technique, making use of supervised learning techniques like Logistic Regression (LR), Support Vector Machine (SVM), Random Forest (RF), Na{\"i}ve Bayes (NB), and Extreme Gradient Boosting (XGBoost). The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes. RF classifier has shown better outcomes (99.90% accuracy) than other classifiers in detecting anomalies/intrusions in the containerized environment.",

keywords = "software defined network, network function visualization, network function virtualization management and orchestration, virtual infrastructure manager, virtual network function, Kubernetes, Kubectl, artificial intelligence, machine learning",

author = "Nasser Alshammari and Shumaila Shahzadi and Alanazi, {Saad Awadh} and Shahid Naseem and Muhammad Anwar and Madallah Alruwaili and Abid, {Muhammad Rizwan} and Omar Alruwaili and Ahmed Alsayat and Fahad Ahmad",

year = "2024",

month = mar,

day = "19",

doi = "10.32604/csse.2023.040721",

language = "English",

volume = "48",

pages = "363--394",

journal = "Computer Systems Science and Engineering",

issn = "0267-6192",

publisher = "Tech Science Press",

number = "2",

}

Alshammari, N, Shahzadi, S, Alanazi, SA, Naseem, S, Anwar, M, Alruwaili, M, Abid, MR, Alruwaili, O, Alsayat, A & Ahmad, F 2024, 'Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques', Computer Systems Science and Engineering, vol. 48, no. 2, pp. 363-394. https://doi.org/10.32604/csse.2023.040721

TY - JOUR

T1 - Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques

AU - Alshammari, Nasser

AU - Shahzadi, Shumaila

AU - Alanazi, Saad Awadh

AU - Naseem, Shahid

AU - Anwar, Muhammad

AU - Alruwaili, Madallah

AU - Abid, Muhammad Rizwan

AU - Alruwaili, Omar

AU - Alsayat, Ahmed

AU - Ahmad, Fahad

PY - 2024/3/19

Y1 - 2024/3/19

N2 - Software Defined Network (SDN) and Network Function Virtualization (NFV) technology promote several benefits to network operators, including reduced maintenance costs, increased network operational performance, simplified network lifecycle, and policies management. Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration (NFV MANO), and malicious attacks in different scenarios disrupt the NFV Orchestrator (NFVO) and Virtualized Infrastructure Manager (VIM) lifecycle management related to network services or individual Virtualized Network Function (VNF). This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users. An anomaly detector investigates these identified risks and provides secure network services. It enables virtual network security functions and identifies anomalies in Kubernetes (a cloud-based platform). For training and testing purpose of the proposed approach, an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf, Neptune, Teardrop, Pod, Land, IPsweep, etc., categorized as Probing (Prob), Denial of Service (DoS), User to Root (U2R), and Remote to User (R2L) attacks. An anomaly detector is anticipated with the capabilities of a Machine Learning (ML) technique, making use of supervised learning techniques like Logistic Regression (LR), Support Vector Machine (SVM), Random Forest (RF), Naïve Bayes (NB), and Extreme Gradient Boosting (XGBoost). The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes. RF classifier has shown better outcomes (99.90% accuracy) than other classifiers in detecting anomalies/intrusions in the containerized environment.

AB - Software Defined Network (SDN) and Network Function Virtualization (NFV) technology promote several benefits to network operators, including reduced maintenance costs, increased network operational performance, simplified network lifecycle, and policies management. Network vulnerabilities try to modify services provided by Network Function Virtualization MANagement and Orchestration (NFV MANO), and malicious attacks in different scenarios disrupt the NFV Orchestrator (NFVO) and Virtualized Infrastructure Manager (VIM) lifecycle management related to network services or individual Virtualized Network Function (VNF). This paper proposes an anomaly detection mechanism that monitors threats in NFV MANO and manages promptly and adaptively to implement and handle security functions in order to enhance the quality of experience for end users. An anomaly detector investigates these identified risks and provides secure network services. It enables virtual network security functions and identifies anomalies in Kubernetes (a cloud-based platform). For training and testing purpose of the proposed approach, an intrusion-containing dataset is used that hold multiple malicious activities like a Smurf, Neptune, Teardrop, Pod, Land, IPsweep, etc., categorized as Probing (Prob), Denial of Service (DoS), User to Root (U2R), and Remote to User (R2L) attacks. An anomaly detector is anticipated with the capabilities of a Machine Learning (ML) technique, making use of supervised learning techniques like Logistic Regression (LR), Support Vector Machine (SVM), Random Forest (RF), Naïve Bayes (NB), and Extreme Gradient Boosting (XGBoost). The proposed framework has been evaluated by deploying the identified ML algorithm on a Jupyter notebook in Kubeflow to simulate Kubernetes for validation purposes. RF classifier has shown better outcomes (99.90% accuracy) than other classifiers in detecting anomalies/intrusions in the containerized environment.

KW - software defined network

KW - network function visualization

KW - network function virtualization management and orchestration

KW - virtual infrastructure manager

KW - virtual network function

KW - Kubernetes

KW - Kubectl

KW - artificial intelligence

KW - machine learning

UR - http://www.scopus.com/inward/record.url?scp=85191054491&partnerID=8YFLogxK

U2 - 10.32604/csse.2023.040721

DO - 10.32604/csse.2023.040721

M3 - Article

SN - 0267-6192

VL - 48

SP - 363

EP - 394

JO - Computer Systems Science and Engineering

JF - Computer Systems Science and Engineering

IS - 2

ER -

Security monitoring and management for the network services in the orchestration of SDN-NFV environment using machine learning techniques

Abstract

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this