Uma Abordagem de Aprendizado de Máquina Para Detecção Híbrida de Ataques no Plano de Dados SDN

Abstract: The programmability of the SDN data plane allows users to write algorithms that define how network devices should process packets, including the use of programming interfaces (APIs) to take advantage of the network controller. With this great flexibility, the use of machine learning applications has been proposed for packet classification and attack detection. In this scenario, trained models are used to complete the action and correspondence table of pipeline P4 offering equal detection and processing time. Another approach used is network telemetry, which allows obtaining information on the state of the network and using it by applications running on the controller or external agent. In contrast, this work advances the state of the art by proposing a hybrid AM management architecture for SDN networks, combining the use of the P4 pipeline and strategic agents in the network to provide detection of multilevel attacks.