Identification and predication of network attack patterns in software-defined networking

Abstract

Software-defined networking (SDN) is earning popularity in enterprise network for simplifying network management service and reducing operational cost. However, security enhancement is required for concerns. In this paper, we analyze the network attack patterns of governments and enterprises, whose networking paradigm are constructed in SDN. In detail, methods of time series data mining including clustering and forecasting are proposed to discover hidden information in temporal network attack data. To start with, hierarchical clustering with modified dynamic time warping distance measure was developed to classify time series data of nine departments of China, which is aimed to identify patterns of network attack. We then explored autoregressive integrated moving average to build a model describing relationships and behavior of network attack as well as forecast the frequency of the future network attack, which is targeted to prevent extensive exposure of attack events. Experiments demonstrated that our models have the ability to distinguish the complex phenomena of temporal network attack and realize statistically accurate predication of network attack under SDN architecture. Our work provides the foundation for decision-making when dealing with issues of network safety.