USAGE : Uncertain flow graph and spatio-temporal graph convolutional network-based saturation attack detection method

Abstract

With the development of Software-Defined Networking (SDN), its security problems have attached interests from academia. The saturation attack targeted at the SDN switch is one of the most destructive problems in SDN. The saturation attack can destroy SDN networks by depleting the computation and storage resources of SDN switches. Currently, graph neural networks have already been used for detecting saturation attacks in SDN. When constructing the graph based on K-Nearest Neighbors (KNN) algorithm, the number of edges in the graph is fixed. That may fail on accurately representing the relationship among different nodes. In addition, when using the Graph Convolutional Network (GCN) to detect saturation attack against SDN, only a partial graph structure and node features will be learned, causing the flow graph nodes information cannot be fully utilized. To overcome these issues, in this work, we propose USAGE, an uncertain flow graph and spatio-temporal graph neural network-based saturation attack detection method. More specifically, USAGE designs the CRAM algorithm and EGG model. The CRAM algorithm is proposed to generate an uncertain flow graph for each network traffic flow, which can represent the uncertain relationship among different nodes. EGG is a spatio-temporal graph convolutional network model, which is proposed to detect saturation attacks. The evaluation results demonstrate that USAGE can generate a better graph than KNN and achieve high detection performance. Meanwhile, USAGE outperforms other methods in terms of TPR, TNR, accuracy, precision, recall, F-score, confusion matrix, ROC curves, and PR curves.