Detecting BHP Flood Attacks in OBS Networks: A Machine Learning Prospective

Abstract

The Optical Bust Switching (OBS) network has become the most promising switching technology for building the next generation of internet backbone infrastructure. However, an OBS network still faces a number of security and Quality of Service (QoS) challenges, particularly from Burst Header Packet (BHP) flood attacks. If a source node (ingress) becomes compromised by an attacker, overloading the network with malicious BHPs, the network resources will be reserved without proper utilization. This prevents legitimate BHPs from reserving the required resources, and can lead to severe issues, such as burst loss and Denial of Service (DoS) among others. One way to prevent a BHP flood attack is to detect the misbehaving edge nodes overloading the network with malicious BHPs, and taking the proper action to secure and sustain the QoS performance in an OBS network. A powerful and promising approach in identifying misbehaving edge nodes causing BHP flooding attacks is Machine Learning (ML), and in particular, classification techniques. A classification technique learns models by applying them to a large historical data set derived from an edge node’s performance during a simulation run. The data set contains behavior traces from a number of edge nodes, with respect to input data characteristics, sensitivity, efficiency performance, predictive performance, and model content. The learned model can then be utilized to single out (classify) misbehaving edge nodes based on their future performance as accurately as possible, hence disciplining them. In this paper, we investigate the BHP flood attack problem by evaluating a number of ML techniques in classifying edge nodes, and determine the most suitable method to prevent this type of attack. Specifically, we evaluate Decision Tree (C4.5), Bagging, Boosting (AdaBosst), Probabilistic (Naïve Bayes), Rule Induction (RIppleDOwn Rule Learner- RIDOR), Neural Network (NN-MultilayerPerceptron), Logistic Regression, and Support Vector Machine-Sequential Minimal Optimization (SVM-SMO) on a real dataset to identify the method(s) most appropriate to combat the BHP flood attack problem in OBS networks.